microsoft

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

A newly disclosed, unpatched vulnerability in the Windows Search URI handler allows attackers to steal users' NTLMv2 hashes by inducing them to click specially crafted links that connect to malicious SMB servers. This issue, similar to a previously patched flaw in the Windows Snipping Tool, poses risks of relay attacks and deeper network access, but Microsoft has declined to issue a fix, recommending mitigations like blocking outbound SMB traffic and disabling NTLM where possible.

https://thehackernews.com/2026/06/unpatched-windows-search-uri.html

Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users

A critical vulnerability called FlagLeft was discovered in six major Microsoft 365 Android apps, where a debug flag left enabled in production allowed any app on the device to silently obtain valid Microsoft account tokens without user consent. This flaw exposed billions of users to account takeover risks, enabling attackers to access emails, files, and calendar data under the victim's identity; Microsoft has since patched the issue and urged users to update affected apps immediately.

https://cybersecuritynews.com/microsoft-365-android-apps-account-takeover-vulnerability/

Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy

Microsoft has clarified that it does not intend to take legal action against security researchers conducting good-faith vulnerability research, following backlash from the community over its response to a researcher known as Nightmare Eclipse who publicly disclosed multiple unpatched Windows zero-day exploits. The company emphasized that legal escalation would target only those engaged in malicious activities causing harm, reaffirmed its commitment to coordinated vulnerability disclosure, and pledged improved communication and transparency with researchers.

https://cybersecuritynews.com/microsoft-clarifies-nightmare-eclipse-controversy/

Microsoft Copilot Cowork Exfiltrates Files

Microsoft Copilot Cowork in Microsoft 365 is vulnerable to file exfiltration attacks via indirect prompt injection, exploiting the fact that sending emails and Teams messages to the active user occurs without manual approval. Attackers can use poisoned skills to cause Copilot Cowork to send messages containing pre-authenticated download links to sensitive files, which are exfiltrated when the user opens the messages, posing a significant security risk that can be mitigated by restricting permissions and file downloads in SharePoint.

https://www.promptarmor.com/resources/microsoft-copilot-cowork-exfiltrates-files

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft disclosed two actively exploited vulnerabilities in Defender, CVE-2026-41091 and CVE-2026-45498, which have been patched in the latest versions of Defender. The vulnerabilities, which overlap with previously disclosed zero-days, enable privilege escalation and denial-of-service attacks. Microsoft also addressed a heap-based buffer overflow vulnerability (CVE-2026-45584) in the same update.

https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft has released a mitigation for the YellowKey vulnerability (CVE-2026-45585), a BitLocker security feature bypass that allows attackers with physical access to circumvent device encryption on affected Windows 11 and Windows Server versions. The exploit uses specially crafted files to spawn an unrestricted shell during recovery mode, granting full access to encrypted data, and Microsoft recommends updating WinRE images and switching from TPM-only to TPM+PIN protection to prevent exploitation.

https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html

Windows Zero-Day Barrage Continues After Patch Tuesday

Security researcher “Nightmare Eclipse” has disclosed six Windows zero-day vulnerabilities over the past six weeks, including new flaws named YellowKey, GreenPlasma, and MiniPlasma, following Microsoft's May 2026 Patch Tuesday. These vulnerabilities enable severe attacks such as bypassing BitLocker encryption, privilege escalation, and disabling Microsoft Defender, with some already actively exploited, highlighting significant ongoing security challenges for Windows users despite patches.

https://www.darkreading.com/cyberattacks-data-breaches/windows-zero-day-barrage-continues-after-patch-tuesday

Microsoft Exchange Zero-Day Under Attack, No Patch Available

Microsoft disclosed a zero-day vulnerability (CVE-2026-42897) in Exchange Outlook Web Access (OWA) that is actively being exploited and stems from a cross-site scripting (XSS) flaw allowing attackers to compromise mailboxes and execute spoofing attacks. While no patch is yet available, Microsoft recommends enabling the Exchange Emergency Mitigation Service or applying an updated mitigation tool to reduce risk until a security update is released.

https://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has introduced MDASH, a multi-model AI-driven system designed to autonomously discover, validate, and prove exploitable vulnerabilities in complex codebases like Windows. Tested in a private preview, MDASH identified 16 flaws fixed in the latest Patch Tuesday, including critical remote code execution vulnerabilities in Windows networking and authentication components. This system represents a production-grade advancement in AI vulnerability discovery by orchestrating over 100 specialized AI agents to enhance security at enterprise scale.

https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft released patches addressing 138 security vulnerabilities across its product portfolio, including critical remote code execution flaws in Windows DNS and Netlogon components. These fixes, part of the May 2026 Patch Tuesday, also involve privilege escalation, information disclosure, and spoofing issues, with several vulnerabilities identified through Microsoft's new AI-driven discovery system, highlighting the growing role of AI in vulnerability detection.

https://thehackernews.com/2026/05/microsoft-patches-138-vulnerabilities.html

Mystery Microsoft Bug Leaker Keeps the Zero-Days Coming

An anonymous researcher known as Nightmare-Eclipse has released two new Microsoft Windows zero-day vulnerabilities—YellowKey, a BitLocker bypass allowing unrestricted access to encrypted machines via USB, and GreenPlasma, a privilege escalation flaw granting SYSTEM access. Security experts warn these exploits pose serious risks, especially for stolen devices and post-compromise attacks, with no known mitigation currently available for GreenPlasma; this continues an ongoing series of damaging disclosures by the researcher following a claimed breach of trust with Microsoft.

https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758

Microsoft Teams Vulnerability Allows Hackers to Perform Spoofing Attacks

A newly disclosed vulnerability (CVE-2026-32185) in Microsoft Teams for Android allows local attackers to perform spoofing attacks by exploiting improper file and directory access controls, potentially deceiving users into trusting malicious content. Although exploitation requires user interaction and is limited to local environments, the flaw poses a high impact on data confidentiality; Microsoft has released a patch urging users to update immediately to mitigate risks.

https://cybersecuritynews.com/microsoft-teams-vulnerability-spoofing/

New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks in 5 Minutes

A new tool called BitUnlocker exploits a vulnerability in Windows 11's BitLocker encryption, allowing attackers with physical access to decrypt protected volumes in under five minutes by using a downgrade attack on the boot manager. The attack leverages an unrevoked legacy signing certificate, enabling a pre-patch vulnerable boot manager to pass Secure Boot validation, but Microsoft mitigations like enabling TPM+PIN authentication and deploying update KB5025885 can protect systems against this exploit.

https://cybersecuritynews.com/bitunlocker-downgrade-attack-on-windows-11/

Critical Microsoft 365 Copilot Vulnerabilities Expose Sensitive Information

Microsoft disclosed and fully mitigated three critical information disclosure vulnerabilities in Microsoft 365 Copilot and Copilot Chat in Microsoft Edge, all classified with high confidentiality risks and affecting enterprise data access. These cloud-side flaws, discovered by Microsoft and an independent researcher, required no action from users or administrators as fixes were applied server-side, but organizations are advised to enforce least-privilege access to limit potential exposure of sensitive corporate information.

https://cybersecuritynews.com/microsoft-365-copilot-vulnerabilities-data/

Microsoft Edge Stores Passwords in Process Memory, Posing Risk

Security researcher Tom Jøran Sønstebyseter Rønning revealed that Microsoft Edge stores all saved passwords in cleartext in process memory, even when sites are not actively visited, allowing anyone with administrative privileges to extract these passwords and potentially escalate attacks within corporate environments. Microsoft considers this behavior “by design,” citing trade-offs between performance, usability, and security, but experts warn it poses significant risks, especially in shared or virtualized settings, and recommend organizations limit reliance on browsers for password storage and enforce strict access controls.

https://www.darkreading.com/cyber-risk/microsoft-edge-passwords-enterprise-risk

Scroll to Top