Microsoft News Articles
Recent news articles refferecing the vendors vulnerabilities.
Infosecurity MagazineCVE-2026-42897Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition
16 hours ago
Microsoft warns of Exchange zero-day flaw exploited in attacks
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users.
19 hours ago
The Hacker NewsCVE-2026-42897On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
CVE-2026-42897 is exploited in on-prem Exchange; crafted emails enable spoofing, forcing urgent mitigation.
22 hours ago
NewsbreakCVE-2026-42897On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email - NewsBreak
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in th
22 hours ago
It Security NewsCVE-2026-41096Windows DNS Client Vulnerability Enables Remote Code Execution Attacks - IT Security News
A newly disclosed vulnerability in the Microsoft Windows DNS Client could let attackers silently execute malicious code across enterprise networks, exposing a massive attack surface. Officially designated as CVE-2026-41096, this critical security flaw carries a severe CVSS score of 9.8…Read more →
2 days ago
Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
Microsoft patches a critical Outlook vulnerability tracked as CVE-2026-40361 that can be exploited for remote code execution.
3 days ago
It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight
It's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.
3 days ago
CyberscoopCVE-2026-42898Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical
The high volume of vulnerabilities reflects a growing trend researchers have been anticipating as artificial intelligence models are deployed to find previously uncovered defects in code.
3 days ago
CybersecuritynewsCritical Microsoft 365 Copilot Vulnerabilities Expose sensitive Information
Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge, all released on May 7, 2026, requiring no action from end users or administrators.
1 week ago
Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig
2 weeks ago
SwapupdateCVE-2026-32202Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Ravie LakshmananApr 28, 2026Vulnerability / Threat Intelligence
2 weeks ago
Computer WorldCVE-2026-32202Windows shell spoofing vulnerability puts sensitive data at risk
A flaw remaining after the February patch of a zero day is already being exploited, and slow patch cycles in both government and enterprises are giving attackers the upper hand.
2 weeks ago
ItnewsCVE-2026-32202Incomplete fix for Fancy Bear exploit opens zero-click hole in Windows
Microsoft's partial patching in February 2026 of a zero-day vulnerability abused by Russian state-sponsored threat group Fancy Bear created a new flaw that is now being exploited without user interaction,...
2 weeks ago
/pcq/media/member_avatars/pcquest (1).png){kind=small}
PcquestCVE-2026-32202Microsoft warns Windows Shell flaw is being exploited to expose credentials
Microsoft’s Windows Shell flaw CVE-2026-32202 is under attack. See how one shortcut file can expose NTLM credentials and raise enterprise risk before it stings.
2 weeks ago
NotebookcheckCVE-2026-32202Windows zero-day CVE-2026-32202 confirmed as exploited
CISA has ordered federal agencies to patch CVE-2026-32202, a zero-click Windows Shell flaw left open by an incomplete February fix now confirmed as exploited.
2 weeks ago
CISA orders feds to patch Windows flaw exploited as zero-day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks.
2 weeks ago
Help Net SecurityCVE-2026-32202CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202) - Help Net Security
Attackers are exploiting CVE-2026-32202, a Windows vulnerability that causes victims' systems to authenticate the attacker's server.
2 weeks ago
The Hacker NewsCVE-2026-32202Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.
3 weeks ago
SwapupdateCVE-2026-40372Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Ravie LakshmananApr 22, 2026Vulnerability / Cryptography
3 weeks ago
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks.
3 weeks ago
It Security NewsCVE-2026-33825U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog - IT Security News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS score of 7.8), to…Rea...
3 weeks ago
It Security NewsCVE-2026-33825CISA Adds One Known Exploited Vulnerability to Catalog - IT Security News
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-33825 Microsoft Defender Insufficient Granularity of Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber…R...
3 weeks ago
Esecurity PlanetCVE-2026-40372CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability | eSecurity Planet
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access.
3 weeks ago