Latest News

Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. "The infection chain follows a tightly orchestrated execution path: an obfuscated VBS launcher executed via wscript.exe invokes a

**Are there additional steps I need to take to be protected from this vulnerability?** Admins should take the following steps to be protected from CVE-2026-0386: 1. Audit existing WDS usage and identify hands-free deployments. 2. Opt in for protection by configuring the registry settings described in: Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance. This will provide immediate protection. This security protection will be enabled by default in a future security update release and no additional administrator action will be required. **How is Microsoft addressing this vulnerability?** To address this vulnerability, by default the hands-free deployment feature will not be supported beginning with a security update in a future release in mid-2026. **Why is the WDS Unattended Installation feature being deprecated?** The legacy WDS workflow transmits unattend.xml over unauthenticated RPC, exposing sensitive credentials during PXE boot. This creates a securi...

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets.

Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

Exposure of sensitive information to an unauthorized actor in Windows Win32K - ICOMP allows an authorized attacker to disclose information locally.