Microsoft News Articles
Recent news articles refferecing the vendors vulnerabilities.
Zero Day Initiative â CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Simon Humbert and Guy Lederfein of the Trend Micro Research Team detail a recently patched code execution vulnerability in the Microsoft Windows Key Distribution Center (KDC) Proxy. This bug was originally discov
5 days ago
Critical Microsoft, Synacor zero-days face active exploitation, CISA says
The flaws in Microsoft Partner Center and Synacor Zimbra Collaboration Suite were added to the KEV catalog.
1 week ago
Critical Microsoft, Synacor zero-days face active exploitation, CISA says
The flaws in Microsoft Partner Center and Synacor Zimbra Collaboration Suite were added to the KEV catalog.
1 week ago

Critical Microsoft Partner Center vulnerability under attack, CISA warns
Unpatched flaw CVE-2024-49035 allows unauthenticated privilege escalation, posing supply chain risks
2 weeks ago
February brings 56 Patch Tuesday fixes from Microsoft
The 56 security vulnerabilities Microsoft addressed with its latest Patch Tuesday update includes two zero-day flaws.
2 weeks ago

CISA Warns of Microsoft Partner Center Access Control Vulnerability Exploited in Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory on February 25, 2025, confirming that threat actors are actively exploiting a critical privilege escalation vulnerability in Microsoftâs Partner Center platform (CVE-2024-49035).
2 weeks ago
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
CISA adds Microsoft Partner Center and Zimbra ZCS flaws to its KEV catalog, citing active exploitation. Federal agencies must patch by March 18 to mit
2 weeks ago

Microsoft Edge Vulnerability Report Addresses Security Flaw
Microsoft Edge vulnerability CVE-2023-29345 was found to be a security bypass flaw, which requires manual input in order to strike
2 weeks ago

Everything you need to know about the Microsoft Power Pages vulnerability
A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
2 weeks ago
Microsoft fixes Power Pages zero-day bug exploited in attacks
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks.
2 weeks ago
Microsoft fixed actively exploited flaw in Power Pages
Microsoft addressed a privilege escalation vulnerability in Power Pages, the flaw is actively exploited in attacks.
2 weeks ago

Windows Disk Cleanup Tool Exploit Allows SYSTEM Privilege Escalation
Microsoft has urgently addressed a high-severity privilege escalation vulnerability (CVE-2025-21420) in the Windows Disk Cleanup Utility (cleanmgr.exe).
2 weeks ago

Critical Microsoft Bing Vulnerability Enabled Remote Code Execution Attacks
A critical security flaw in Microsoft Bing tracked as CVE-2025-21355, allowed unauthorized attackers to execute arbitrary code remotely.
2 weeks ago

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
Microsoft patches two critical flaws in Bing and Power Pages, including CVE-2025-21355, an actively exploited RCE vulnerability
2 weeks ago

Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges
The vulnerability was reported anonymously to Microsoft, and a security researcher subsequently published a proof-of-concept (PoC) exploit on GitHub.
2 weeks ago
Microsoft Patches Exploited Power Pages Vulnerability
Microsoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks.
3 weeks ago
Microsoft patches two zero-days for Valentineâs Day | Computer Weekly
Two security feature bypasses impacting Microsoft SmartScreen are on the February Patch Tuesday docket, among over 70 issues.
3 weeks ago
Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged - Help Net Security
Hereâs an overview of some of last weekâs most interesting news, articles, interviews and videos: Microsoft fixes two actively exploited zero-days
3 weeks ago

Fix CVE-2025-21418: Windows AFD Buffer Overflow Guide
Learn how to remediate CVE-2025-21418, a critical heap-based buffer overflow vulnerability in Windows AFD.SYS. Protect your systems today.
3 weeks ago
February's Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical
Microsoft's latest updates fix 63 vulnerabilities of varying severity, so prep your system, save your personal data, and patch that PC.
4 weeks ago
Microsoftâs February 2025 Patch Tuesday corrects 57 bugs, three cri...
Microsoft is correcting 57 vulnerabilities in its February Patch Tuesday, two of which are being actively exploited in the wild, and three of which are âcriticalâ.
4 weeks ago

Windows Driver Zero-Day Vulnerability Let Hackers Remotely Gain System Access
Microsoft has confirmed the discovery of a significant zero-day vulnerability, tracked as CVE-2025-21418, in the Windows Ancillary Function Driver for WinSock.
4 weeks ago
Microsoftâs Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation
Microsoft patches 63 flaws, including two exploited Windows vulnerabilities (CVE-2025-21391, CVE-2025-21418). CISA requires fixes by March 4.
4 weeks ago
Microsoft Patch Tuesday, February 2025 Edition
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.
4 weeks ago
February 2025 Patch Tuesday: Updates and Analysis | CrowdStrike
Microsoft has released security updates for 67 vulnerabilities, including 4 zero-days and 3 critical, in its February 2025 Patch Tuesday rollout.
4 weeks ago

Patch Tuesday: A âwormableâ LDAP bug and two EOP zero days fixed
Lighter than last month, mercifully, but still some urgent fixes.
4 weeks ago
Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) - Help Net Security
On February 2025 Patch Tuesday, Microsoft has fixed 56 vulnerabilities, including two exploited zero-days: CVE-2025-21418 and CVE-2025-21391.
4 weeks ago

Homeland Security AlertâOngoing Critical Microsoft Outlook Attack
The Department of Homeland Security has warned that Microsoft Outlook is subject to an ongoing hack attack.

Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks - CISA Warns
CISA has issued an urgent warning to federal agencies regarding active exploitation of a critical Microsoft Outlook vulnerability.
Critical RCE bug in Microsoft Outlook now exploited in attacks
CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability.
Microsoft script updates bootable media for BlackLotus bootkit fixes
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new
New Microsoft script updates Windows media with bootkit malware fixes
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new
CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible.
CISA Adds New Known Exploited Vulnerabilities To Catalog
CISA updates the Known Exploited Vulnerabilities Catalog with CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410.
Microsoft fixes CVSS 9.9 vulnerability in Azure AI Face service
The flaw enabled authentication bypass by spoofing, with a proof-of-concept exploit available.

CISA Adds Apache, Microsoft Vulnerabilities to Its Database that Are Actively Exploited in the Wild
CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding Apache, Microsoft, and Paessler vulnerabilities.

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
CISA adds four exploited vulnerabilities to its KEV catalog, urging fixes by Feb 25, 2025, to counter active threats
February 2024 Patch Tuesday: Updates and Analysis
Microsoft has released security updates for 73 vulnerabilities, including two zero-days, for its February 2024 Patch Tuesday rollout.

Critical New Microsoft Account Takeover Bypassed Authentication
Microsoft has confirmed that Microsoft Accounts have been left with missing authentication mechanisms that could lead to a hacker takeover. Hereâs what you need to know.

Critical Windows OLE Zero-Click Vulnerability Let Attacker to Execute Arbitrary Code
A critical security flaw, identified as CVE-2025-21298, has been disclosed in Microsoftâs Windows Object Linking and Embedding (OLE) technology.Â

Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access
Microsoft has disclosed a critical vulnerability, CVE-2025-21415, impacting the Azure AI Face Service, which is classified as an Elevation of Privilege issue,
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
Microsoft fixes CVE-2025-21415 (CVSS 9.9) and CVE-2025-21396 flaws, addressing privilege escalation risks in Azure AI Face Service and Microsoft Accou

PoC Exploit Released for Active Directory Domain Services Privilege Escalation Vulnerability
A proof-of-concept (PoC) exploit code has been released for CVE-2025-21293, a critical Active Directory Domain Services Elevation of Privilege vulnerability.

PoC Exploit Released for Actively Exploited Windows CLFS Buffer Overflow
A proof-of-concept (PoC) exploit for the actively exploited Windows Common Log File System (CLFS) vulnerability tracked as CVE-2024-49138, has been released.

Windows CLFS Buffer Overflow Vulnerability CVE-2024-49138 - PoC Released
 A recently disclosed Windows kernel-level vulnerability, identified as CVE-2024-49138, has raised significant security concerns in the cybersecurity community.
Technical Analysis: CVE-2024-38021
In this blog Morphisec researchers provide technical analysis of CVE-2024-38021, a vulnerability impacting Microsoft Outlook.

Microsoft Windows BitLocker Vulnerability Exposes PasswordsâAct Now
Security experts have warned Windows BitLocker vulnerability could expose sensitive data in RAM, including passwordsâwhat you need to do.

Payment card NFC relay attacks spread across Russia
In other news: Hacker Pompompourin to be resentenced; a Chinese APT pulls off another supply chain attack; new cookie sandwich technique.


Zero-Click Outlook RCE Vulnerability (CVE-2025-21298), PoC Released
Microsoft issued a critical patch to address CVE-2025-21298, a zero-click Remote Code Execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE).

PoC Exploit Released For Critical Microsoft Outlook (CVE-2025-21298) Zero-Click RCE Vulnerability
A new proof-of-concept (PoC) has been released for Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE), identified as CVE-2025-21298.