Microsoft News Articles

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49138(link is external) Microsoft Windows Common Log File System (CLFS)...

26 minutes ago

Update Windows Now — Microsoft Confirms System Takeover Danger

Microsoft has issued a warning that Windows hackers could gain system privileges using this authentication relay attack — an update is available; apply now.

5 days ago

Week in review: Microsoft fixes exploited zero-day, Mirai botnets target unpatched Wazuh servers - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes zero-day exploited for cyber espionage

6 days ago

First Known Zero-Click AI Exploit: Microsoft 365 Copilot's 'EchoLeak' Flaw

Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.

1 week ago

‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot

Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot.

1 week ago

CVE-2025-33053: RCE in WebDAV

Microsoft has fixed the CVE-2025-33053 vulnerability in Web Distributed Authoring and Versioning (WebDAV), which allowed attackers to remotely execute arbitrary code on a victim's computer.

1 week ago

Hackers exploited Windows WebDav zero-day to drop malware

An APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen.

1 week ago

Microsoft Patches Two New RCE Vulnerabilities: CVE-2025-47171 and CVE-2025-47176 

Morphisec Threat Labs discovers and details two severe Microsoft Outlook vulnerabilities: CVE-2025-47171 and CVE-2025-47176.

1 week ago

Microsoft fixes Windows Server auth issues caused by April updates

Microsoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates.

1 week ago

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) - Help Net Security

For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053).

1 week ago

Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

Microsoft patches 67 vulnerabilities, including a WEBDAV zero-day actively exploited by Stealth Falcon. Critical for enterprise security.

1 week ago

Patch Tuesday, June 2025 Edition

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive…

1 week ago

June Patch Tuesday brings a lighter load for defenders | Computer W...

Barely 70 vulnerabilities make the cut for Microsoft's monthly security update, but an RCE flaw in WEBDAV and an EoP issue in Windows SMB Client still warrant close attention.

1 week ago

Windows WEBDAV 0-Day RCE Vulnerability Actively Exploited in the Wild - All Versions Affected

Microsoft has confirmed that a critical zero-day vulnerability in its Web Distributed Authoring and Versioning (WebDAV) implementation is being actively exploited by attackers in the wild, prompting an urgent security update as part of June 2025's Patch Tuesday.

1 week ago

Microsoft tackles WebDAV zero-day in June 2025 patch update

Microsoft’s June 2025 patch fixes 67 flaws, including the first WebDAV zero-day in seven years and critical remote code execution issues across Windows and Office.

1 week ago

Microsoft Windows WebDAV 0-Day RCE Vulnerability Actively Exploited in The Wild

A critical zero-day vulnerability in Microsoft Windows, designated CVE-2025-33053, has been actively exploited by the APT group Stealth Falcon.

2 weeks ago

Microsoft shares script to restore inetpub folder you shouldn’t delete

Microsoft has released a PowerShell script to help restore an empty 'inetpub' folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability.

2 weeks ago

Microsoft Unveils European Security Effort to Disrupt Cybercrime Networks

The flaw, patched during Microsoft’s March 2025 Patch Tuesday, was actively exploited as a zero-day in the wild

2 weeks ago

CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30400(link is external) Microsoft Windows DWM Core Library...

3 weeks ago

Windows Privilege Escalation Flaw Allows Attackers to Gain Admin Access in Under 300 Milliseconds

Security researchers have uncovered a critical vulnerability in Windows 11 that allowed attackers to escalate privileges.

Windows Is Under Attack, Microsoft Confirms — Act Now, CISA Warns

Microsoft has confirmed multiple new Windows zero-day attacks. Here's what you need to know and do, right now.

BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released

A critical vulnerability in Microsoft’s BitLocker full disk encryption, demonstrating that it can be bypassed in under five minutes using a software-only attack dubbed "Bitpixie" (CVE-2023-21563).

Outlook RCE Vulnerability Allows Attackers to Execute Arbitrary Code

Microsoft addressed a significant security flaw in its Outlook email client during the May 2025 Patch Tuesday, releasing fixes for 72 vulnerabilities.

Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild

Microsoft has disclosed two critical security vulnerabilities in the Windows CLFS Driver that are currently being exploited in the wild.

Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access.

Microsoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock.

New Microsoft Scripting Engine Vulnerability Exposes Systems to Remote Code Attacks

Critical zero-day vulnerability in Microsoft’s Scripting Engine (CVE-2025-30397) has been confirmed to enable remote code execution.

Microsoft Scripting Engine 0-Day Vulnerability Enables Remote Code Execution Over Network

Microsoft has disclosed a critical memory corruption vulnerability in its Scripting Engine (CVE-2025-30397), which allows unauthorized attackers to execute code remotely over a network.

Windows Common Log File System 0-Day Vulnerability Actively Exploited in the Wild

Microsoft has confirmed that threat actors are actively exploiting two critical vulnerabilities in the Windows Common Log File System (CLFS) driver to gain SYSTEM-level privileges on compromised systems.

Mitigate High-Risk Vulnerabilities Using TruRisk | Qualys

Mitigate high-risk vulnerabilities with TruRisk Mitigate. Implement configuration fixes and alternative solutions to protect your systems without patching.

Play Ransomware Deployed in the Wild Exploiting Windows 0-Day Vulnerability

Patched Windows zero-day vulnerability (CVE-2025-29824) in the CLFS driver was exploited in attacks linked to the Play ransomware operation.

Play Ransomware Group Used Windows Zero-Day

Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.

Play ransomware exploited Windows logging flaw in zero-day attacks

The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

Play ransomware exploited CVE-2025-29824 zero-day in a U.S. breach before Microsoft patched it

Microsoft: April updates cause Windows Server auth issues

Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers.

Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day

At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.

Windows "inetpub" security fix can be abused to block future updates

A recent Windows security update that creates an 'inetpub' folder has introduced a new weakness allowing attackers to prevent the installation of future updates.

Windows 11's crucial new 'inetpub' folder is laughably easy to hack

The inetpub folder in Windows is meant to be a security measure, but attackers can block it and cause all sorts of issues due to another vulnerability.

Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation

A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, enable attackers to execute arbitrary code.

Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation

A significant security flaw has been identified in the Windows Update Stack, exposing millions of Windows systems to the risk of unauthorized code execution and privilege escalation. 

Alarms sound over attacks via Microsoft NTLM vulnerability

Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.

Alarms sound over attacks via Microsoft NTLM vulnerability

Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.

Windows vulnerability with NTLM hash abuse exploited for phishing

A vulnerability in Windows that exposes NTLM hashes via .library-ms files is currently being actively exploited by hackers

CISA Warns of Active Exploitation of Windows NTLM Vulnerability

CISA alerted organizations to active exploitation of a newly disclosed Microsoft Windows vulnerability tracked as CVE-2025-24054.

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

Windows flaw CVE-2025-24054 actively exploited since March 19 to leak NTLM hashes via phishing attacks.

Fresh Windows NTLM Vulnerability Exploited in Attacks

A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.

Windows NTLM hash leak flaw exploited in phishing attacks on governments

A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies.

NTLM Hash Exploit Targets Poland and Romania Days After Patch

An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) - Help Net Security

CVE-2025-24054 has been exploited by threat actors in campaigns targeting government and private institutions in Poland and Romania.

Multiple Groups Exploit NTLM Flaw in Microsoft Windows

The attacks have been going on since shortly after Microsoft patched the vulnerability in March.