Microsoft Dynamics Archives

Winsage

May 13, 2026

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

Microsoft's May 2026 security update addresses 137 vulnerabilities, with 31 classified as critical. None of these critical vulnerabilities are currently being exploited in active attacks. Sixteen of the critical vulnerabilities involve remote code execution (RCE) issues in Microsoft products, including Microsoft Office, Microsoft Word, and Azure. Specific vulnerabilities include: - CVE-2026-32161: A use-after-free vulnerability in the Windows Native WiFi Miniport Driver. - CVE-2026-40358: A use-after-free vulnerability in Microsoft Office. - CVE-2026-41089: A stack-based buffer overflow in Windows Netlogon. Additional important vulnerabilities flagged include: - CVE-2026-33835: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. - CVE-2026-33837: Windows TCP/IP Local Elevation of Privilege Vulnerability. - CVE-2026-35416: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Talos is releasing a new Snort ruleset to detect attempts to exploit these vulnerabilities, and users are advised to update their Cisco Security Firewalls and acquire the latest rule pack via Snort.org.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

February 11, 2025

Microsoft fixes 63 vulnerabilities, including 2 zero-days

Microsoft's latest Patch Tuesday update addresses 63 vulnerabilities, focusing on high-severity flaws. Two of these are zero-day vulnerabilities: CVE-2025-21391, a privilege escalation flaw in the Windows Storage system with a CVSS score of 7.1, allowing attackers to delete files; and CVE-2025-21418, a heap-based overflow vulnerability in the Windows Ancillary Function Driver for WinSock with a CVSS score of 7.8, enabling attackers to gain system privileges. Nine vulnerabilities are flagged as “more likely” to be exploited, including CVE-2025-21400, a remote-code execution flaw in Microsoft SharePoint Server, and two privilege escalation vulnerabilities in Windows CoreMessaging (CVE-2025-21184 and CVE-2025-21358). The sole critical-severity vulnerability is CVE-2025-21198, a remote-code execution flaw affecting the Linux agent in Microsoft High Performance Compute clusters, requiring network access for exploitation.

Winsage

August 13, 2024

Indian Govt Warns Businesses About Major Microsoft Security Issue: What It Says – News18

The Indian Computer Emergency Response Team (CERT-In) has raised concerns about a critical security vulnerability in Microsoft Dynamics 365, which could allow remote attackers to gain elevated privileges due to weak authentication protocols. Microsoft has been notified and issued a patch to address the vulnerability, particularly affecting the Dynamics 365 Field Service (on-premises) v7 series. Businesses using this version are urged to implement the necessary updates promptly.