Geek-Guy.com

Tag: Microsoft

AI, Exploits, Global Security News

Microsoft responds to security challenges facing code, AI agents, and models

Microsoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates include a multi-agent vulnerability discovery system, new controls for managing and securing AI agents, data protection capabilities, and tools designed to identify potentially vulnerable or compromised AI models before deployment. MDASH targets exploitable…

Read more →

AI, Global Security News, Network Security

Microsoft Entra pushes passkeys, tightens identity security

Microsoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organizations implement a zero trust security strategy, over the last 30 days. Features reaching general availability Identity and authentication updates Phishing-resistant MFA is now available on Linux desktops through the Microsoft identity broker. The…

Read more →

AI, Exploits, Global Security News, Risk Management

Microsoft Defender Vulnerability Management gets a smarter exposure score

Microsoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where risk is concentrated and which remediation actions are likely to have the greatest impact. The model is available in public preview. “The updated model addresses these customer pain points by combining vulnerability risk, exploitability signals,…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Windows 11 Smart App Control explained

In the ever-evolving cybersecurity landscape, Microsoft has introduced various new features in Windows 11 designed to protect users from modern workplace threats. Among such features, Smart App Control (SAC) changes how Windows devices handle, and occasionally block, unwanted or potentially malicious applications. But what exactly is Smart App Control? How does it work, who benefits…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty

Microsoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cybersecurity disclosures should mean in 2026.  A cybersecurity researcher going by the name Nightmare Eclipse, who has disclosed several cybersecurity holes before patches were available, posted that he had tried to contact Microsoft officials…

Read more →

AI, Exploits, Global Security News, Risk Management

Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.

A researcher dropped 6 Windows zero-days with no warning. Three are now exploited in the wild. Microsoft is angry. The researcher says Microsoft ignored them first. Over the past month, a researcher going by Chaotic Eclipse, also known as Nightmare-Eclipse, publicly released details of six unpatched vulnerabilities in Windows components including Defender and BitLocker. No…

Read more →

AI, Europe, Global Security News, malware, Network Security

Resecurity Supports Microsoft DCU in Disrupting Fox Tempest ’s Cybercriminal Code-Signing Ecosystem

Microsoft and Resecurity disrupted Fox Tempest, a malware-signing service that used fake Microsoft certificates to make malware look legitimate. Resecurity supported Microsoft’s Digital Crimes Unit (DCU) in its disruption of Fox Tempest, a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) capability used by cybercriminals to make malicious files appear legitimate. On May 19, 2026,…

Read more →

AI, Global Security News

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day

Read more →

AI, Global Security News, Risk Management

Microsoft’s Copilot trust test: Zero findings, more models, wider oversight

Microsoft 365 Copilot and Copilot Chat (Copilot) have been recertified under ISO/IEC 42001:2023 by an independent auditor for the second consecutive year. Copilot first received ISO 42001 certification in March 2025. This year’s recertification recorded zero non-conformities and zero improvement observations, resulting in a second audit in a row. The certification evaluates the AI management…

Read more →

AI, Global Security News

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. “This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations,” Microsoft Defender Experts and the Microsoft

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.

A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microsoft released security updates to patch a high-severity SharePoint vulnerability, tracked as CVE-2026-45659 (CVSS score of 8.8), that could allow remote code execution. The flaw does not require complex conditions for exploitation, making it a…

Read more →

AI, Endpoint, Global Security News, malware, Network Security, Risk Management

Microsoft previews automatic device isolation in Defender for Endpoint

Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks. The company announced the capability earlier this month in a column about new features in Defender. There’s no word on when automatic device isolation will…

Read more →

AI, Endpoint, Global Security News, malware, Network Security, Risk Management

Microsoft previews automatic device isolation in Defender for Endpoint

Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks. The company announced the capability earlier this month in a column about new features in Defender. There’s no word on when automatic device isolation will…

Read more →

Exploits, Global Security News

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity. “Deserialization of untrusted data in Microsoft…

Read more →

Exploits, Global Security News

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from Shareoint deserializing untrusted data, and may be exploited by an authenticated attacker to execute…

Read more →

AI, Global Security News

Microsoft Access VBA, (Mon, May 25th)

Microsoft Access files (Microsoft Office’s Database) can contain VBA code. But they are not ole or OOXML files. You can’t analyze them with oledump.py: Neither do they contain an embedded OLE file: Microsoft does not publish official documentation for the Microsoft Access file format, like it does for CFB (ole) and OOXML. That inspired me…

Read more →

AI, Data Security, Europe, Global Security News, Network Security

Microsoft Multiparty Private Offerings Available in 30 European Countries

Microsoft has continued to make investments in Microsoft Marketplace. And starting May 27, 2026, multiparty offers in Marketplace will be available across 30 European countries. Through this expansion, partners will be able to collaborate more easily on deals, simplify transactions, and scale across borders. Starting July 15, Microsoft will expand its offerings to Australia, Japan,…

Read more →

AI, Exploits, Global Security News, privacy

Google leaks details for Chromium bug that can turn browsers into bots

Chromium — the open-source browser that underpins Google Chrome, Microsoft Edge, and Opera, among others — contains an unpatched vulnerability that attackers can exploit to execute JavaScript code persistently across browser restarts. As a result, the flaw can be used to hijack users’ browsers for distributed denial-of-service attacks, run crypto miners, and more. The vulnerability…

Read more →

AI, Global Security News, Government & Policy, Risk Management

Microsoft, EY to spend $1 billion on helping customers buy agentic AI

Microsoft and EY will spend $1 billion on helping their customers adopt AI over the next five years. The billion will support assisting clients with pioneering AI projects and capability building, said EY’s global Microsoft alliance leader, Paul Clark. Clients will be able to access those resources based on their specific needs, he said. “We’re…

Read more →

AI, Global Security News

Microsoft 365 users targeted by new phishing threat that bypasses MFA

Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and bypass MFA without stealing user credentials. “Kali365 lowers the barrier of entry, providing less-technical attackers access…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware

Microsoft patches two zero-day flaws in Defender

Microsoft released emergency fixes for two zero-day vulnerabilities in the malware protection components of Microsoft Defender. The flaws allow local attackers to gain system-level privileges or cause the anti-malware service to stop working correctly. Both conditions are valuable in a malware attack, first to prevent detection if the system relies only on Microsoft endpoint protection…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Microsoft DirectX NULL…

Read more →

AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Risk Management

SharePoint On-Prem End of Life: 2026 Migration Guide

With Microsoft ending support for SharePoint Server 2016 and 2019 on July 14, 2026, organizations still running on-premises SharePoint face a shrinking window to modernize aging collaboration environments before security updates, bug fixes, and vendor support disappear. SharePoint 2019 On-Prem lives on, but without Microsoft support For over a decade, local SharePoint deployments have served…

Read more →

AI, Exploits, Global Security News, malware

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)

Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (LPE), and is caused by the Microsoft Malware Protection Engine improperly resolving links before accessing files. “An attacker who successfully exploited this vulnerability…

Read more →

AI, Exploits, Global Security News

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. “Improper link resolution before file access (‘link following’)…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix

Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof of concept available. The company issued an advisory Tuesday saying…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix

Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof of concept available. The company issued an advisory Tuesday saying…

Read more →

AI, Data Breaches, Exploits, Global Security News, Risk Management

Meet Rampart and Clarity, Microsoft’s new red team combo AI agents

On Wednesday, Microsoft released two new red teaming tools—Rampart and Clarity—,meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches. Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems…

Read more →

AI, Apps, Endpoint, Global Security News, malware, Network Security, Risk Management

Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs

Microsoft says it disrupted a malware-signing service that abused Azure Artifact Signing to create fraudulent certificates used in ransomware and malware attacks.  The Fox Tempest operation allegedly helped cybercriminals distribute malware disguised as trusted software to evade Windows defenses and fool users.   “Fox Tempest doesn’t directly target victims but instead provides supporting services that enable…

Read more →

AI, Global Security News, Risk Management

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI…

Read more →

AI, Cybersecurity, Exploits, Global Security News

Microsoft issues YellowKey mitigation, no patch yet

Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. The flaw, tracked as CVE-2026-45585 (CVSS…

Read more →

AI, Global Security News, malware, Network Security

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the…

Read more →

Exploits, Global Security News

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company has provided step-by-step mitigation advice to protect affected Windows devices from exploitation. CVE-2026-45585 and the…

Read more →

Global Security News

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. “Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred…

Read more →

AI, Apps, Europe, Global Security News, malware

Microsoft disrupts malware code-signing service used by ransomware gangs

Microsoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make malicious programs harder to detect on Windows. The threat actors behind the service used stolen identities and impersonated legitimate organizations to obtain more than 1,000 code-signing certificates. Microsoft seized the group’s website, signspace[.]cloud, revoked the…

Read more →

AI, china, Global Security News, Government & Policy, malware, Network Security

Microsoft dismantled malware-signing network Fox Tempest

Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with short-lived certificates to make malicious software appear legitimate. The service abused Microsoft Artifact Signing and supported…

Read more →

AI, Apps, china, Exploits, Global Security News, Government & Policy, malware

Microsoft disrupts cybercrime service that abused software verification systems en masse

Microsoft seized infrastructure and disrupted a cybercrime service that created and sold more than 1,000 code-signing certificates that other cybercriminals used to make malware-riddled software appear trusted and legitimate for follow-on cyberattacks, including ransomware, the company said Tuesday. The financially-motivated threat group, which Microsoft tracks as Fox Tempest, provided the malware-signing-as-a-service to multiple ransomware groups,…

Read more →

AI, Global Security News

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain

A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found. ClickFix gives way to a new delivery method Consistent with earlier SHub versions, Reaper uses a multi-stage execution chain.…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that threat actors are…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it’s a ‘mitigate right now’ emergency,” warned Rob Enderle of the Enderle Group.…

Read more →

AI, APAC, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management

For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft this week released 139 updates affecting Windows, Office, .NET, and SQL Server (though there were no updates for Microsoft Exchange Server). Despite the absence of zero-days, the May Patch Tuesday update still requires Patch Now recommendations for Windows and Office.  The combination of three unauthenticated network RCEs (Netlogon, DNS Client, and SSO Plugin for…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange…

Read more →

AI, Exploits, Global Security News

CVE-2026-42897: Exchange Server OWA Spoofing Flaw Exploited via Crafted Email

Microsoft has disclosed a vulnerability impacting on-premise versions of Exchange Server that is already seeing active exploitation in the wild. Tracked as CVE-2026-42897, the issue carries a CVSS score of 8.1 and affects Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition, while Exchange Online is not impacted. Microsoft describes it as a…

Read more →

Exploits, Global Security News, Network Security

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of Microsoft Exchange Server: Subscription Edition RTM, 2019, and 2016. Exchange Online is not…

Read more →

AI, Exploits, Global Security News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting…

Read more →

AI, Global Security News

Microsoft turns Copilot Studio into an AI agent control center

The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent status in the authoring experience, giving admins insight into each agent’s security and protection posture. Customers can identify issues such as authentication gaps or policy impacts and investigate them at the source.…

Read more →

Cybersecurity, Global Security News

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse

Read more →

AI, Global Security News

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it’s being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different…

Read more →

AI, Global Security News

Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs

Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the…

Read more →

AI, Global Security News

Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs

Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the…

Read more →

AI, Exploits, Global Security News, Network Security

Microsoft’s agentic security system found four critical Windows RCE flaws

Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. MDASH architecture diagram (Source: Microsoft) Two of the four flaws — CVE-2026-40361 and CVE-2026-40364 — were deemed by…

Read more →