Tag: microsoft
602 articles
Microsoft Resolves Windows Driver Update Glitch Tied to Caching Issue
Microsoft fixed a glitch that caused some Windows devices to install drivers despite having auto-update policies in place, tracing the issue to a caching service misconfiguration. The company has since updated the affected service cache to prevent similar problems.
Bug Hunter Exposes Microsoft VS Code Flaw in Protest of Disclosure Handling
A bug hunter's frustrating experience with Microsoft's disclosure process sparked a protest, as Ammar Askar publicly exposed a VS Code flaw that could allow attackers to steal OAuth tokens and access GitHub repositories. Askar's proof-of-concept exploit highlights the vulnerability, which was previously mishandled by Microsoft's security response team.
Microsoft Threatens Security Researcher Over Windows Exploits
A mysterious security researcher known as "Nightmare Eclipse" has unleashed a string of powerful Windows exploits, including one that can bypass BitLocker, leaving Microsoft scrambling to respond. The bold move has sparked a tense standoff between the researcher and the tech giant.
Microsoft Softens Stance After Public Feud with 0-Day Researcher
Microsoft has backpedaled in its public feud with a 0-day researcher, easing tensions with the security community after facing criticism for its aggressive stance. The tech giant now explicitly assures that vulnerability hunters are not in its legal crosshairs.
Microsoft Resolves MFA, MySignIn Outage After Infrastructure Failover
Microsoft quickly sprang into action to resolve a widespread outage that left some users unable to set up multi-factor authentication or access their accounts on My Sign-Ins. The issue, marked by 504 Gateway Timeout errors, was confirmed around 5:00 AM ET and swiftly addressed with an infrastructure failover.
Microsoft resolves Windows update installation issues with KB5089549 fix
Microsoft has fixed a frustrating issue with its May 2026 Windows 11 security update, KB5089549, which was failing to install on devices with low storage space on the EFI System Partition, causing a rollback error code 0x800f0922. The update can now proceed smoothly, even on devices with limited free space.
Microsoft Faces Backlash Over Zero-Day Disclosure Feud
A researcher known as Nightmare Eclipse has unleashed a series of six Windows zero-day vulnerabilities, with working exploit code for at least three, and has threatened to release another on July 14, sparking a public feud with Microsoft. The ominous warning, which has left Microsoft speaking out against uncoordinated disclosures, has security experts on high alert.
Microsoft Tests Limits of Windows Server Admins' Patience
Microsoft is pushing the patience of Windows Server administrators to the limit with a 15-character constraint that's leaving them frustrated. Is the tech giant testing the boundaries of their tolerance a bit too far?
Microsoft Opposes Public Zero-Day Disclosures, Cites Customer Risk
Microsoft is speaking out against public zero-day disclosures, warning that revealing vulnerabilities without prior notice can put customers at unnecessary risk. The tech giant is urging researchers to adopt Coordinated Vulnerability Disclosure, sharing findings with affected vendors before going public.
Microsoft Decries Uncoordinated Zero-Day Disclosures
Microsoft slammed researchers who publicly revealed six zero-day vulnerabilities without giving the company a heads-up, putting customers at unnecessary risk. The tech giant named and shamed the flaws, including privilege escalation vulnerabilities in Microsoft Defender and a security feature bypass vulnerability in Windows BitLocker.
Microsoft Releases KB5089573 Update With Performance, Reliability Upgrades
Boost your Windows 11 experience with the latest KB5089573 update, featuring significant performance and reliability upgrades, including faster app launches and smoother core shell experiences. This optional update also makes Windows Hello the default sign-in method, and is now rolling out as part of Microsoft's non-security preview schedule.
Microsoft Warns of AI-Driven Cryptojacking Campaign Targeting High-Performance GPUs
Beware of a sneaky new cryptojacking scam that's using AI chatbots to trick you into downloading malicious software - hackers are now hiding in plain sight, serving up poisoned links in chatbot responses that seem like harmless software recommendations. This cunning tactic is a game-changer for cyber threats, making it even harder to spot danger online.
Microsoft Defender Automatically Isolates Hacked Endpoints
Microsoft Defender for Endpoint just got a major boost with its new automatic isolation feature, which swiftly isolates compromised devices to prevent attackers from wreaking havoc on your organization. This cutting-edge capability is part of Microsoft's automatic attack disruption feature, designed to contain threats and give security teams more time to respond.
Microsoft Fixes SharePoint Flaw That Exposes Servers to Remote Code Execution
Microsoft just patched a high-severity flaw in SharePoint that could let hackers execute malicious code remotely - and it's crucial you update your servers ASAP to stay safe. The vulnerability, tracked as CVE-2026-45659, has a CVSS score of 8.8, making it a prime target for attackers.
Microsoft Warns of Domain Controller Lookup Failures on Windows Server 2016
If you've installed the KB5087537 update on your Windows Server 2016 system, be aware that domain controller lookup may fail if your server hostname is exactly 15 characters long. This issue affects only those with 15-character hostnames, so check yours to see if you're impacted.
Microsoft Bolsters AI Safety with RAMPART and Clarity Tools
Microsoft is taking a major leap forward in AI safety with the launch of RAMPART, an open-source tool that automates red-teaming for agentic AI applications, helping to prevent real-world attacks like prompt injection. By integrating RAMPART into its CI/CD pipelines, Microsoft is turning AI safety from a philosophy into a practical engineering discipline.
GitHub Discloses Breach from Poisoned VS Code Extension
GitHub swiftly detected and contained a security breach that originated from a tainted Visual Studio Code extension, taking immediate action to remove the malicious version and isolate the affected endpoint. The breach appears to be limited to GitHub's internal repositories, with the company rotating critical secrets and conducting a thorough investigation.
Microsoft Unveils AI-Powered Red Teaming Tools to Bolster Software Security
Microsoft is shifting the conversation around AI safety from philosophical debates to hands-on action, empowering developers to build more secure software with innovative tools. With the launch of Rampart, a cutting-edge red-teaming tool, the company is putting AI-powered security into practice, helping developers proactively identify and fix vulnerabilities.
GitHub Breach Exposes 3,800 Internal Repositories
GitHub has confirmed a significant breach, revealing that hackers made off with approximately 3,800 internal repositories after a developer fell victim to a poisoned VS Code script. Fortunately, the company assures that customer data appears to be safe, and the incident seems to be contained within GitHub's internal systems.
Microsoft Bolsters AI Security with Open-Source RAMPART and Clarity Tools
Microsoft's new open-source tools, RAMPART and Clarity, empower product managers and engineers to stress-test AI security assumptions early on, saving months of potential rework and costly mistakes. With RAMPART, developers can write and run safety tests to identify vulnerabilities in AI agents, covering both adversarial and benign threats.
Microsoft Disrupts Malware-Signing Service Used in Ransomware Attacks
Microsoft swooped in to shut down a notorious malware-signing service, seizing the website signspace.cloud and taking down hundreds of virtual machines used to fuel ransomware attacks. This bold move, dubbed OpFauxSign, crippled a key operation run by the threat actor Fox Tempest, which had been using Microsoft's own system against them since May 2025.
Microsoft Mitigates YellowKey BitLocker Bypass Exploit with New Guidance
Microsoft has stepped in to squash a newly revealed BitLocker bypass exploit, dubbed YellowKey, by releasing crucial guidance to protect users from potential attacks. This security move comes after a researcher demonstrated how the exploit could spawn a shell with unrestricted access to sensitive data.
Microsoft Discloses Mitigations for YellowKey Windows Zero-Day Vulnerability
Microsoft has issued urgent guidance to mitigate a newly publicized Windows zero-day vulnerability, dubbed YellowKey, which could allow attackers to bypass security features. The tech giant is working on a fix, but in the meantime, it's urging users to follow its interim guidance to stay protected.
Microsoft Disrupts Cybercrime Service Selling Code-Signing Certificates to Ransomware Gangs
Microsoft has disrupted a notorious cybercrime operation, dubbed Fox Tempest, that sold code-signing certificates to ransomware gangs, allowing them to disguise malware as legitimate Windows software. The operation, which created over 580 fake Microsoft accounts, has been linked to two individuals, John Doe 1 and John Doe 2, who allegedly traded in real, Microsoft-issued code-signing credentials.