Microsoft News Articles

Zero Day Initiative — CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Simon Humbert and Guy Lederfein of the Trend Micro Research Team detail a recently patched code execution vulnerability in the Microsoft Windows Key Distribution Center (KDC) Proxy. This bug was originally discov

5 days ago

Critical Microsoft, Synacor zero-days face active exploitation, CISA says

The flaws in Microsoft Partner Center and Synacor Zimbra Collaboration Suite were added to the KEV catalog.

1 week ago

Critical Microsoft, Synacor zero-days face active exploitation, CISA says

The flaws in Microsoft Partner Center and Synacor Zimbra Collaboration Suite were added to the KEV catalog.

1 week ago

Critical Microsoft Partner Center vulnerability under attack, CISA warns

Unpatched flaw CVE-2024-49035 allows unauthenticated privilege escalation, posing supply chain risks

2 weeks ago

February brings 56 Patch Tuesday fixes from Microsoft

The 56 security vulnerabilities Microsoft addressed with its latest Patch Tuesday update includes two zero-day flaws.

2 weeks ago

CISA Warns of Microsoft Partner Center Access Control Vulnerability Exploited in Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory on February 25, 2025, confirming that threat actors are actively exploiting a critical privilege escalation vulnerability in Microsoft’s Partner Center platform (CVE-2024-49035).

2 weeks ago

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

CISA adds Microsoft Partner Center and Zimbra ZCS flaws to its KEV catalog, citing active exploitation. Federal agencies must patch by March 18 to mit

2 weeks ago

Microsoft Edge Vulnerability Report Addresses Security Flaw

Microsoft Edge vulnerability CVE-2023-29345 was found to be a security bypass flaw, which requires manual input in order to strike

2 weeks ago

Everything you need to know about the Microsoft Power Pages vulnerability

A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.

2 weeks ago

Microsoft fixes Power Pages zero-day bug exploited in attacks

Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks.

2 weeks ago

Microsoft fixed actively exploited flaw in Power Pages

Microsoft addressed a privilege escalation vulnerability in Power Pages, the flaw is actively exploited in attacks.

2 weeks ago

Windows Disk Cleanup Tool Exploit Allows SYSTEM Privilege Escalation

Microsoft has urgently addressed a high-severity privilege escalation vulnerability (CVE-2025-21420) in the Windows Disk Cleanup Utility (cleanmgr.exe).

2 weeks ago

Critical Microsoft Bing Vulnerability Enabled Remote Code Execution Attacks

A critical security flaw in Microsoft Bing tracked as CVE-2025-21355, allowed unauthorized attackers to execute arbitrary code remotely.

2 weeks ago

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Microsoft patches two critical flaws in Bing and Power Pages, including CVE-2025-21355, an actively exploited RCE vulnerability

2 weeks ago

Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges

The vulnerability was reported anonymously to Microsoft, and a security researcher subsequently published a proof-of-concept (PoC) exploit on GitHub.

2 weeks ago

Microsoft Patches Exploited Power Pages Vulnerability

Microsoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks.

3 weeks ago

Microsoft patches two zero-days for Valentine’s Day | Computer Weekly

Two security feature bypasses impacting Microsoft SmartScreen are on the February Patch Tuesday docket, among over 70 issues.

3 weeks ago

Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes two actively exploited zero-days

3 weeks ago

Fix CVE-2025-21418: Windows AFD Buffer Overflow Guide

Learn how to remediate CVE-2025-21418, a critical heap-based buffer overflow vulnerability in Windows AFD.SYS. Protect your systems today.

3 weeks ago

February's Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical

Microsoft's latest updates fix 63 vulnerabilities of varying severity, so prep your system, save your personal data, and patch that PC.

4 weeks ago

Microsoft’s February 2025 Patch Tuesday corrects 57 bugs, three cri...

Microsoft is correcting 57 vulnerabilities in its February Patch Tuesday, two of which are being actively exploited in the wild, and three of which are ‘critical’.

4 weeks ago

Windows Driver Zero-Day Vulnerability Let Hackers Remotely Gain System Access

Microsoft has confirmed the discovery of a significant zero-day vulnerability, tracked as CVE-2025-21418, in the Windows Ancillary Function Driver for WinSock.

4 weeks ago

Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

Microsoft patches 63 flaws, including two exploited Windows vulnerabilities (CVE-2025-21391, CVE-2025-21418). CISA requires fixes by March 4.

4 weeks ago

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

4 weeks ago

February 2025 Patch Tuesday: Updates and Analysis | CrowdStrike

Microsoft has released security updates for 67 vulnerabilities, including 4 zero-days and 3 critical, in its February 2025 Patch Tuesday rollout.

4 weeks ago

Patch Tuesday: A “wormable” LDAP bug and two EOP zero days fixed

Lighter than last month, mercifully, but still some urgent fixes.

4 weeks ago

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) - Help Net Security

On February 2025 Patch Tuesday, Microsoft has fixed 56 vulnerabilities, including two exploited zero-days: CVE-2025-21418 and CVE-2025-21391.

4 weeks ago

Homeland Security Alert—Ongoing Critical Microsoft Outlook Attack

The Department of Homeland Security has warned that Microsoft Outlook is subject to an ongoing hack attack.

Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks - CISA Warns

CISA has issued an urgent warning to federal agencies regarding active exploitation of a critical Microsoft Outlook vulnerability.

Critical RCE bug in Microsoft Outlook now exploited in attacks

CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability.

Microsoft script updates bootable media for BlackLotus bootkit fixes

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new

New Microsoft script updates Windows media with bootkit malware fixes

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new

CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks

The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible.

CISA Adds New Known Exploited Vulnerabilities To Catalog

CISA updates the Known Exploited Vulnerabilities Catalog with CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410.

Microsoft fixes CVSS 9.9 vulnerability in Azure AI Face service

The flaw enabled authentication bypass by spoofing, with a proof-of-concept exploit available.

CISA Adds Apache, Microsoft Vulnerabilities to Its Database that Are Actively Exploited in the Wild

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding Apache, Microsoft, and Paessler vulnerabilities.

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

CISA adds four exploited vulnerabilities to its KEV catalog, urging fixes by Feb 25, 2025, to counter active threats

February 2024 Patch Tuesday: Updates and Analysis

Microsoft has released security updates for 73 vulnerabilities, including two zero-days, for its February 2024 Patch Tuesday rollout.

Critical New Microsoft Account Takeover Bypassed Authentication

Microsoft has confirmed that Microsoft Accounts have been left with missing authentication mechanisms that could lead to a hacker takeover. Here’s what you need to know.

Critical Windows OLE Zero-Click Vulnerability Let Attacker to Execute Arbitrary Code

A critical security flaw, identified as CVE-2025-21298, has been disclosed in Microsoft’s Windows Object Linking and Embedding (OLE) technology. 

Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access

Microsoft has disclosed a critical vulnerability, CVE-2025-21415, impacting the Azure AI Face Service, which is classified as an Elevation of Privilege issue,

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft fixes CVE-2025-21415 (CVSS 9.9) and CVE-2025-21396 flaws, addressing privilege escalation risks in Azure AI Face Service and Microsoft Accou

PoC Exploit Released for Active Directory Domain Services Privilege Escalation Vulnerability

A proof-of-concept (PoC) exploit code has been released for CVE-2025-21293, a critical Active Directory Domain Services Elevation of Privilege vulnerability.

PoC Exploit Released for Actively Exploited Windows CLFS Buffer Overflow

A proof-of-concept (PoC) exploit for the actively exploited Windows Common Log File System (CLFS) vulnerability tracked as CVE-2024-49138, has been released.

Windows CLFS Buffer Overflow Vulnerability CVE-2024-49138 - PoC Released

 A recently disclosed Windows kernel-level vulnerability, identified as CVE-2024-49138, has raised significant security concerns in the cybersecurity community.

Technical Analysis: CVE-2024-38021

In this blog Morphisec researchers provide technical analysis of CVE-2024-38021, a vulnerability impacting Microsoft Outlook.

Microsoft Windows BitLocker Vulnerability Exposes Passwords—Act Now

Security experts have warned Windows BitLocker vulnerability could expose sensitive data in RAM, including passwords—what you need to do.

Payment card NFC relay attacks spread across Russia

In other news: Hacker Pompompourin to be resentenced; a Chinese APT pulls off another supply chain attack; new cookie sandwich technique.

Zero-Click Outlook RCE Vulnerability (CVE-2025-21298), PoC Released

Microsoft issued a critical patch to address CVE-2025-21298, a zero-click Remote Code Execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE).

PoC Exploit Released For Critical Microsoft Outlook (CVE-2025-21298) Zero-Click RCE Vulnerability

A new proof-of-concept (PoC) has been released for Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE), identified as CVE-2025-21298.