Microsoft Defender
Microsoft Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
A security researcher has released a new Microsoft Defender zero-day exploit named “RoguePlanet” just hours after Microsoft fixed two previously disclosed flaws during June 2026 Patch Tuesday. The researcher, known as Nightmare Eclipse, says the new vulnerability affects fully patched Windows 10 and Windows 11 devices, allowing attackers to spawn a command prompt with SYSTEM privileges via […]
Microsoft Defender can now automatically isolate hacked endpoints
Microsoft is testing a new Defender for Endpoint capability that will automatically isolate compromised endpoints to thwart attackers’ attempts to move laterally across the network. This is now available in preview mode and works as part of automatic attack disruption, a feature designed to contain attacks, limit their impact, and provide security teams with more remediation time. […]
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. The first one, tracked as CVE-2026-41091, is a privilege escalation security flaw affecting Microsoft Malware Protection Engine 1.1.26030.3008 and earlier, which provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. This flaw stems […]
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. According to cybersecurity expert Florian Roth, the issue first appeared after Microsoft added the detections to a Defender signature update on April 30th. Today, administrators worldwide began reporting that DigiCert root certificate entries were flagged as malware and, on […]
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has given U.S. government agencies two weeks to secure their Windows systems against a Microsoft Defender privilege escalation vulnerability that has been exploited in zero-day attacks. Tracked as CVE-2026-33825, this high-severity security flaw allows low-privileged local threat actors to gain SYSTEM permissions on unpatched devices by exploiting an insufficient granularity of access control weakness. Microsoft patched […]
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. This exploit is for a local privilege escalation (LPE) flaw that grants SYSTEM privileges in Windows 10, Windows 11, and Windows Server on […]
Microsoft Defender portal outage disrupts threat hunting alerts
Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities, including threat hunting alerts. According to an admin center service alert (DZ1191468) seen by GeekFeed, this outage may affect customers attempting to access or use features in the Defender portal. The issues are caused by what […]
Microsoft removing Defender Application Guard from Office
Microsoft plans to remove Defender Application Guard from Office by December 2027, starting with the February 2026 release of Office version 2602. The Microsoft Defender Application Guard for Office (MDAG) is designed for Windows 10 and Windows 11 Enterprise editions, protecting users’ devices by isolating untrusted Word, PowerPoint, and Excel files in a separate, Hyper-V-enabled container. […]
Microsoft Defender mistakenly flags SQL Server as end-of-life
Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. According to a service alert seen by GeekFeed, this bug has been impacting Microsoft Defender XDR customers with SQL Server 2017 and 2019 since at least Wednesday morning. While Defender flagged […]
Microsoft Defender bug triggers erroneous BIOS update alerts
Microsoft is working to resolve a bug that causes Defender for Endpoint to incorrectly tag some devices’ BIOS (Basic Input/Output System) firmware as outdated, prompting users to update it. In a service alert seen by GeekFeed, Redmond said that this known issue affects Dell devices and is caused by a Defender for Endpoint logic bug. “Microsoft have identified […]