privilege

Winsage
July 16, 2026
Microsoft has released its July 2026 Patch Tuesday updates, addressing 570 new security vulnerabilities, bringing the total for the month to over 620. The cumulative count of vulnerabilities patched this year has reached 1,380, exceeding the total of 1,250 for the entire year of 2020. Over 400 vulnerabilities are related to various versions of Windows, and the Windows 10 Extended Security Update program has been extended until October 12, 2027. Notable vulnerabilities include CVE-2026-56155 in Active Directory Federation Services, which allows attackers to gain administrator rights, and several critical Remote Code Execution vulnerabilities, including CVE-2026-57092 in Hyper-V and CVE-2026-56190 in Remote Desktop Protocol. Microsoft has also patched 97 vulnerabilities in Office products, with 17 classified as critical RCE vulnerabilities, and four vulnerabilities in Exchange Server, including CVE-2026-55008. The latest Microsoft Edge update addresses 27 vulnerabilities related to Chromium, and a vulnerability in Minecraft Bedrock servers has been patched.
AppWizard
July 16, 2026
Denshattack! is a cel-shaded trick-based 3D platformer developed by the indie studio Undercoders in Barcelona, Spain. The game features a protagonist named Emi Araki, a 19-year-old ramen delivery driver in Beppu, Japan, who dreams of riding the VACTRAIN, an underground train. The narrative involves Emi leaving her hometown to confront the mega-corporation Miraidō, which governs the state and operates the VACTRAIN. Players engage in gameplay inspired by classic titles, performing stunts and achieving high scores across 60 levels in eight regions. The game includes boss battles, a scoring system, and a vibrant visual style complemented by a notable soundtrack featuring guest composers. Despite some navigation challenges and minor imperfections, Denshattack! has been well-received for its engaging gameplay and artistic presentation.
Winsage
July 14, 2026
Microsoft's July Patch Tuesday update addresses 570 vulnerabilities, including three critical zero-days. The vulnerabilities include 254 elevation-of-privilege flaws, 17 security feature bypasses, 145 remote-code-execution issues, 102 information disclosures, 16 spoofing vulnerabilities, and 35 denial-of-service vulnerabilities. Among these, 59 bugs are classified as "critical." The three zero-days patched are CVE-2026-56155 (elevation of privilege in Active Directory Federation Services), CVE-2026-56164 (elevation of privilege in Microsoft SharePoint Server), and CVE-2026-50661 (security bypass in Windows BitLocker). The update is recommended to be installed as soon as possible, and users can check for updates through the Windows Update settings.
Winsage
July 14, 2026
Microsoft's July 2026 security update addresses 622 vulnerabilities, with 57 classified as "critical." Two critical vulnerabilities, CVE-2026-56155 (Active Directory Federation Services) and CVE-2026-56164 (Microsoft SharePoint Server), have been exploited in the wild. The critical vulnerabilities include 48 remote code execution (RCE) vulnerabilities, seven elevation of privilege (EoP) vulnerabilities, one spoofing vulnerability, and one security feature bypass vulnerability. RCE vulnerabilities affect various Microsoft services, including Windows Media, Microsoft Office, and SQL Server, with eleven rated as "more likely" to be exploited. Additional important vulnerabilities include CVE-2026-49170, CVE-2026-49795, and CVE-2026-50325. Talos is releasing a new Snort ruleset to detect these vulnerabilities, and Cisco Security Firewall customers are advised to update their ruleset.
Winsage
July 14, 2026
Microsoft released its July 2026 Patch Tuesday cumulative updates for Windows 11, addressing numerous security vulnerabilities and enhancing Secure Boot functionalities. The updates include: - KB5101650 for Windows 11 25H2 and 24H2, updating systems to builds 26200.8875 and 26100.8875. - KB5101649 for Windows 11 26H1, updating devices to build 28000.2525. The release addresses a total of 622 Microsoft Common Vulnerabilities and Exposures (CVEs), including: - 416 vulnerabilities in Windows. - Fixes for Microsoft Office, Edge, Exchange Server, SharePoint Server, SQL Server, Defender, and Azure services. Key vulnerabilities fixed include: - CVE-2026-50661: A BitLocker Security Feature Bypass vulnerability. - CVE-2026-56155: An AD FS Elevation of Privilege vulnerability that has been exploited. - CVE-2026-56164: A SharePoint Server Elevation of Privilege vulnerability. The updates also introduce new Secure Boot certificates, rectify issues from previous patches affecting third-party applications, and incorporate curl 8.21.0 for security improvements. Users are advised to back up data before installation, which requires a system reboot.
Winsage
June 30, 2026
Chaotic Eclipse, also known as Nightmare-Eclipse, bypassed Windows 11's BitLocker security using a USB stick and claimed Microsoft left a backdoor in the system. Following this, Microsoft patched three zero-day exploits named YellowKey, GreenPlasma, and MiniPlasma. Nightmare-Eclipse then revealed another zero-day vulnerability called RoguePlanet, which affects Microsoft Defender on Windows 10 and 11, potentially allowing attackers full control over compromised systems. Microsoft is tracking this vulnerability as CVE-2026-50656 and is working on a security update. Nightmare-Eclipse provided a proof-of-concept exploit and described it as a race condition with variable success rates. Microsoft has promoted Windows Defender as adequate for most users but acknowledged that third-party tools can offer additional protection. The company initially threatened legal action against Nightmare-Eclipse but later decided not to pursue lawsuits against researchers sharing their findings.
Search