Microsoft News Articles
Recent news articles refferecing the vendors vulnerabilities.
It Security NewsCVE-2026-33829Windows Search URI Handler Flaw Leaks NTLMv2 Hashes to Attacker-Controlled Servers - IT Security News
A newly disclosed flaw in the Windows search URI handler can silently leak NTLMv2 hashes to attacker-controlled servers with nothing more than a single link click. This behavior is the same bug class as CVE-2026-33829 in the Snipping Tool, but Microsoft has…Read more →
2 days ago
The Hacker NewsCVE-2026-33829Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Unpatched Windows search: URI flaw leaks NTLMv2 hashes via SMB requests; disclosed April 2026, enabling relay attacks.
2 days ago
It Security NewsCVE-2026-33829Windows Search URI Handler Vulnerability Exposes NTLMv2 Hashes to Remote Attackers - IT Security News
Windows systems are once again exposed to NTLM credential leakage through a newly observed abuse of the search, URI handler, a vulnerability class closely mirroring the previously patched CVE-2026-33829 in the Snipping Tool. Windows Search URI Handler Vulnerability Security researchers from…Read mor...
2 days ago
NotebookcheckCVE-2026-41089Windows Netlogon CVE-2026-41089 exploited: Priority patch needed
CVE-2026-41089, a critical Windows Netlogon flaw rated CVSS 9.8, is now actively exploited. Unpatched domain controllers face full SYSTEM-level compromise with no credentials needed.
2 days ago
CybersecuritynewsCVE-2026-33829Windows Search URI Handler Flaw Leaks NTLMv2 Hashes to Attacker-Controlled Servers
A newly disclosed flaw in the Windows search URI handler can silently leak NTLMv2 hashes to attacker-controlled servers with nothing more than a single link click.
2 days ago
OnmsftCVE-2026-41089Critical Windows Netlogon Bug CVE-2026-41089 Now Exploited in the Wild
Belgium’s cybersecurity agency warns attackers are actively exploiting the critical Windows Netlogon vulnerability CVE-2026-41089.
3 days ago
Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs
Hackers are exploiting a critical-severity Windows Netlogon vulnerability (CVE-2026-41089) for remote code execution.
3 days ago
It Security NewsCVE-2026-41089Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089) - IT Security News
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned on Friday. About CVE-2026-41089 CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon,…Read mor...
4 days ago
Help Net SecurityCVE-2026-41089Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089) - Help Net Security
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild.
4 days ago
Critical Windows Netlogon RCE flaw now exploited in attacks
The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks.
4 days ago
Week in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flaw - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI
5 days ago
Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
Six 0-days, three under active exploitation, more to come on July 14?
1 week ago
It Security NewsCVE-2026-40369Windows Kernel Vulnerability Lets Attackers Modify Kernel Memory Counters - IT Security News
A critical Windows kernel vulnerability, CVE-2026-40369, allows any unprivileged process, including a browser renderer sandbox, to increment arbitrary kernel memory and reliably escalate to SYSTEM on Windows 11 24H2–25H2. The bug sits in ntoskrnl.exe inside ExpGetProcessInformation, reachable via a ...
1 week ago
Help Net SecurityCVE-2026-45659High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) - Help Net Security
A high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint may be exploited in low-complexity attacks.
1 week ago
Microsoft Issues Out-of-Band SharePoint Patch
SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well.
1 week ago
SwapupdateCVE-2026-45659Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Ravie LakshmananMay 26, 2026Vulnerability / Enterprise Security
1 week ago
It Security NewsCVE-2026-45659Microsoft SharePoint Server Vulnerability Enables Remote Code Execution Attacks - IT Security News
Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow authenticated attackers to execute arbitrary code remotely across multiple versions of the platform. Tracked as CVE-2026-45659 and released on May 21, 2026, the flaw poses a significant…Read more →
1 week ago
It Security NewsCVE-2026-45659Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions - IT Security News
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score…Read more →
1 week ago
The Hacker NewsCVE-2026-45659Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft released fixes for SharePoint remote code execution vulnerability CVE-2026-45659 with a CVSS score of 8.8.
1 week ago
It Security NewsCVE-2026-45659High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) - IT Security News
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-...
1 week ago
Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can Bypass BitLocker
Microsoft has released a temporary mitigation for YellowKey, a Windows zero-day that can reportedly bypass BitLocker protections.
2 weeks ago
Neowin NetCVE-2026-45585Microsoft apparently blames researcher for publicly exposing a Windows 11 Recovery flaw
Microsoft appears to blame a security researcher for publicly revealing a legitimate Windows 11 Recovery vulnerability affecting BitLocker protection.
2 weeks ago
NotebookcheckCVE-2026-41091Microsoft patches Defender zero-days exploited in live attacks
Microsoft issued out-of-band patches for two actively exploited Defender zero-days, RedSun and UnDefend, after Huntress confirmed real-world use in attacks.
2 weeks ago
PcworldCVE-2026-42897Microsoft patches several zero-day vulnerabilities with emergency updates
Microsoft's May Patch Tuesday looked quiet. Since then, there's been an unpatched Exchange CVE, three Defender flaws, and a new BitLocker bypass.
2 weeks ago
TechtimesMicrosoft Defender Zero-Days Patched: RedSun, UnDefend Exploits Already Used in Live Intrusions
Microsoft pushed out-of-band patches on May 21, 2026, for two actively exploited Windows Defender zero-days — one that lets a low-privileged attacker seize full SYSTEM-level control of any Windows
2 weeks ago