Microsoft News Articles

BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released

A critical vulnerability in Microsoft’s BitLocker full disk encryption, demonstrating that it can be bypassed in under five minutes using a software-only attack dubbed "Bitpixie" (CVE-2023-21563).

2 weeks ago

Outlook RCE Vulnerability Allows Attackers to Execute Arbitrary Code

Microsoft addressed a significant security flaw in its Outlook email client during the May 2025 Patch Tuesday, releasing fixes for 72 vulnerabilities.

2 weeks ago

Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access.

Microsoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock.

2 weeks ago

Play Ransomware Deployed in the Wild Exploiting Windows 0-Day Vulnerability

Patched Windows zero-day vulnerability (CVE-2025-29824) in the CLFS driver was exploited in attacks linked to the Play ransomware operation.

3 weeks ago

Play Ransomware Group Used Windows Zero-Day

Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.

3 weeks ago

Play ransomware exploited Windows logging flaw in zero-day attacks

The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.

3 weeks ago

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

Play ransomware exploited CVE-2025-29824 zero-day in a U.S. breach before Microsoft patched it

3 weeks ago

Microsoft: April updates cause Windows Server auth issues

Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers.

3 weeks ago

Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day

At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.

3 weeks ago

Windows "inetpub" security fix can be abused to block future updates

A recent Windows security update that creates an 'inetpub' folder has introduced a new weakness allowing attackers to prevent the installation of future updates.

Windows 11's crucial new 'inetpub' folder is laughably easy to hack

The inetpub folder in Windows is meant to be a security measure, but attackers can block it and cause all sorts of issues due to another vulnerability.

Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation

A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, enable attackers to execute arbitrary code.

Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation

A significant security flaw has been identified in the Windows Update Stack, exposing millions of Windows systems to the risk of unauthorized code execution and privilege escalation. 

Alarms sound over attacks via Microsoft NTLM vulnerability

Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.

Alarms sound over attacks via Microsoft NTLM vulnerability

Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.

Windows vulnerability with NTLM hash abuse exploited for phishing

A vulnerability in Windows that exposes NTLM hashes via .library-ms files is currently being actively exploited by hackers

CISA Warns of Active Exploitation of Windows NTLM Vulnerability

CISA alerted organizations to active exploitation of a newly disclosed Microsoft Windows vulnerability tracked as CVE-2025-24054.

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

Windows flaw CVE-2025-24054 actively exploited since March 19 to leak NTLM hashes via phishing attacks.

Fresh Windows NTLM Vulnerability Exploited in Attacks

A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.

Windows NTLM hash leak flaw exploited in phishing attacks on governments

A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies.

NTLM Hash Exploit Targets Poland and Romania Days After Patch

An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) - Help Net Security

CVE-2025-24054 has been exploited by threat actors in campaigns targeting government and private institutions in Poland and Romania.

Multiple Groups Exploit NTLM Flaw in Microsoft Windows

The attacks have been going on since shortly after Microsoft patched the vulnerability in March.

This Windows Vulnerability Lets Hackers Into Your PC in Just 300 Milliseconds

Hackers can get into your system almost faster than you can blink.

Windows NTLM Vulnerability Actively Exploit in the Wild to Hack Systems

A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide.

Hackers Exploiting Windows NTLM Spoofing Vulnerability in Wild to Compromise Systems

Cybercriminals have been actively exploiting a critical vulnerability in Windows systems, identified as CVE-2025-24054. This vulnerability leverages NTLM hash disclosure through spoofing techniques.

Windows 11 Escalation Vulnerability Let Attackers Gain Admin Access Within 300 Milliseconds

A critical vulnerability in Windows 11 allowed attackers to escalate from a low-privileged user to full system administrator rights in just 300 milliseconds. 

Microsoft Asks Windows 11 Users Not to Delete Mysterious “inetpub” Folder

A seemingly empty folder appearing on Windows systems after recent security updates has raised concerns among users, but Microsoft confirms it's an intentional security measure that should remain untouched. 

Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete

Don't delete this alarming new Windows folder — here's why.

Don't delete inetpub folder. It's a Windows security fix

Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured – it's perfectly benign. In fact, it's recommended...

No, it’s not OK to delete that new inetpub folder

A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204

Microsoft Warns Millions Of Windows Users To Never Delete This Folder

You may have noticed a new folder in your root folder after applying the latest cumulative update.

Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete

Don't delete this alarming new Windows folder — here's why.

Patch Tuesday: Ransomware crew using CVE-2025-29824 zero day

Patch Tuesday comes with ransomware exploit for CVE-2025-29824 and a fat Windows 10 delay. Technology companies have been targeted said Redmond.

Microsoft: Windows 'inetpub' folder created by security fix, don’t delete

Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty

Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited Windows CLFS zero-day

Microsoft: Zero-day bug used in ransomware attacks on US real estate firms

Microsoft published a blog post on Tuesday about the bug alongside its larger Patch Tuesday release, detailing how hackers exploited the vulnerability and used a strain of malware called PipeMagic before deploying ransomware on victims.

Microsoft’s April 2025 bumper Patch Tuesday corrects 124 bugs | Com...

Microsoft is correcting 124 vulnerabilities in its March Patch Tuesday, one of which is being actively exploited in the wild, and 11 of which are ‘critical’.

Windows Active Directory Vulnerability Enables Unauthorized Privilege Escalation

Microsoft has urgently patched a high-risk security vulnerability (CVE-2025-29810) in Windows Active Directory Domain Services (AD DS).

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware

Windows zero-day CVE-2025-29824 exploited via PipeMagic malware escalated SYSTEM privileges, leading to targeted ransomware attacks.

Patch Tuesday, April 2025 Edition

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware…

Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability

Microsoft patched 126 vulnerabilities including actively exploited CVE-2025-29824, leaving Windows 10 users exposed.

Windows CLFS zero-day exploited in ransomware attacks

A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.

Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog

Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to ...

Microsoft fixes 124 flaws, including one under active exploitation

An elevation of privilege vulnerability in the Windows Common Log File System was added to CISA's KEV list.

Microsoft patches zero-day actively exploited in string of ransomware attacks

Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) - Help Net Security

For April 2025 Patch Tuesday, Microsoft delivers fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) under active attack.

Microsoft: Windows CLFS zero-day exploited by ransomware gang

Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems.

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

Water Gamayun exploited CVE-2025-26633 to deploy SilentPrism, DarkWisp, and stealers with persistence.