Microsoft Defender
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. According to cybersecurity expert Florian Roth, the issue first appeared after Microsoft added the detections to a Defender signature update on April 30th. Today, administrators worldwide began reporting that DigiCert root certificate entries were flagged as malware and, on […]
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has given U.S. government agencies two weeks to secure their Windows systems against a Microsoft Defender privilege escalation vulnerability that has been exploited in zero-day attacks. Tracked as CVE-2026-33825, this high-severity security flaw allows low-privileged local threat actors to gain SYSTEM permissions on unpatched devices by exploiting an insufficient granularity of access control weakness. Microsoft patched […]
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. This exploit is for a local privilege escalation (LPE) flaw that grants SYSTEM privileges in Windows 10, Windows 11, and Windows Server on […]
Microsoft Defender portal outage disrupts threat hunting alerts
Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities, including threat hunting alerts. According to an admin center service alert (DZ1191468) seen by GeekFeed, this outage may affect customers attempting to access or use features in the Defender portal. The issues are caused by what […]
Microsoft removing Defender Application Guard from Office
Microsoft plans to remove Defender Application Guard from Office by December 2027, starting with the February 2026 release of Office version 2602. The Microsoft Defender Application Guard for Office (MDAG) is designed for Windows 10 and Windows 11 Enterprise editions, protecting users’ devices by isolating untrusted Word, PowerPoint, and Excel files in a separate, Hyper-V-enabled container. […]
Microsoft Defender mistakenly flags SQL Server as end-of-life
Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. According to a service alert seen by GeekFeed, this bug has been impacting Microsoft Defender XDR customers with SQL Server 2017 and 2019 since at least Wednesday morning. While Defender flagged […]
Microsoft Defender bug triggers erroneous BIOS update alerts
Microsoft is working to resolve a bug that causes Defender for Endpoint to incorrectly tag some devices’ BIOS (Basic Input/Output System) firmware as outdated, prompting users to update it. In a service alert seen by GeekFeed, Redmond said that this known issue affects Dell devices and is caused by a Defender for Endpoint logic bug. “Microsoft have identified […]
Microsoft adds malicious link warnings to Teams private chats
Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. Microsoft will introduce these new warnings for messages containing URLs that have been flagged as spam, phishing, or malware, for all Microsoft Defender for Office 365 (MDO) and Microsoft Teams enterprise customers. The new link […]
Microsoft Defender for Office 365 now blocks email bombing attacks
Microsoft says its Defender for Office 365 cloud-based email security suite will now automatically detect and block email bombing attacks. Defender for Office 365 (formerly known as Office 365 Advanced Threat Protection or Office 365 ATP) protects organizations operating in high-risk industries and dealing with sophisticated threat actors from malicious threats from email messages, links, […]
New ‘Defendnot’ tool tricks Windows into disabling Microsoft Defender
A new tool called ‘Defendnot’ can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed. The trick utilizes an undocumented Windows Security Center (WSC) API that antivirus software uses to tell Windows it is installed and is now managing the real-time protection for the device. When […]