microsoft
New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed “MiniPlasma” that lets attackers gain SYSTEM privileges on fully patched Windows systems. The exploit was published by a researcher known as Chaotic Eclipse, or Nightmare Eclipse, who released both the source code and a compiled executable on GitHub after claiming […]
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and blocking a CVE from being issued. The researcher’s report describes a critical privilege escalation flaw that allowed cluster-admin access from the low-privileged “Backup Contributor” role. Microsoft disputes the claim, telling GeekFeed the behavior was expected and that “no product changes […]
Microsoft backpedals: Edge to stop loading passwords into memory
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was “by design.” This behavior was disclosed on May 4 by security researcher Tom Jøran Sønstebyseter Rønning, who demonstrated that all credentials stored in the Edge built-in password manager were […]
Microsoft to automatically roll back faulty Windows drivers
Microsoft is introducing a new capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update. Called Cloud-Initiated Driver Recovery, the new feature will remove the need for hardware partners or end users to manually fix driver issues once drivers have been distributed to devices. The recovery process is entirely […]
Microsoft warns of Exchange zero-day flaw exploited in attacks
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. Microsoft describes this security flaw (CVE-2026-42897) as a spoofing vulnerability affecting up-to-date Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription […]
Microsoft fixes BitLocker recovery issue only for Windows 11 users
Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. BitLocker is a Windows security feature that encrypts storage drives to protect against data theft. It also often activates recovery mode after hardware changes or TPM (Trusted Platform Module) updates, blocking […]
Microsoft fixes Windows Autopatch bug installing restricted drivers
Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. According to a service alert first spotted by Microsoft MVP Susan Bradley, the issue affected only a limited number of devices running client Windows platforms (i.e., Windows 11 […]
Microsoft says some users can’t install Office on Windows 365 devices
Microsoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. Windows 365 is a cloud-based service that runs on Azure Virtual Desktop and allows enterprise customers with Windows 365 Enterprise or Windows 365 Business subscriptions to stream Windows Cloud PCs to end users. According to a service alert seen […]
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
Today is Microsoft’s May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed. This Patch Tuesday addresses 17 “Critical” vulnerabilities, 14 of which are remote code execution, 2 are elevation of privilege, and 1 is an information disclosure flaw. The number of bugs in each vulnerability category is listed below: When […]
Microsoft releases Windows 10 KB5087544 extended security update
Microsoft has released the Windows 10 KB5087544 extended security update to fix the May 2026 Patch Tuesday vulnerabilities and resolve an issue with the new Remote Desktop warnings. If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and […]