The next major Windows Server and Windows releases will have the deprecated authentication protocol disabled by default.
The post Microsoft Moves Closer to Disabling NTLM appeared first on SecurityWeek.
Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities
Two vulnerabilities patched this month by Microsoft were disclosed publicly before fixes were released.
The post Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities appeared first on SecurityWeek.
Microsoft Patches 57 Vulnerabilities, Three Zero-Days
Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges.
The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek.
Microsoft Silently Mitigated Exploited LNK Vulnerability
Windows now displays in the properties tab of LNK files critical information that could reveal malicious code.
The post Microsoft Silently Mitigated Exploited LNK Vulnerability appeared first on SecurityWeek.
Microsoft Highlights Security Risks Introduced by New Agentic AI Feature
Without proper security controls, AI agents could perform malicious actions, such as data exfiltration and malware installation.
The post Microsoft Highlights Security Risks Introduced by New Agentic AI Feature appeared first on SecurityWeek.
Microsoft Patches Actively Exploited Windows Kernel Zero-Day
Microsoft’s latest Patch Tuesday updates address more than 60 vulnerabilities in Windows and other products.
The post Microsoft Patches Actively Exploited Windows Kernel Zero-Day appeared first on SecurityWeek.
Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks
The Windows shortcut vulnerability has been seen in attacks conducted by Mustang Panda to drop the PlugX malware.
The post Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks appeared first on SecurityWeek.
Critical Windows Server WSUS Vulnerability Exploited in the Wild
CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available.
The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks
In files downloaded from the internet, HTML tags referencing external paths could be used to leak NTLM hashes during file previews.
The post Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks appeared first on SecurityWeek.
CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities
Leading to code execution, authentication bypass, and privilege escalation, the flaws were added to CISA’s KEV list.
The post CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities appeared first on SecurityWeek.
