attestation

Microsoft’s statement that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate as a product‑level attestation, but it is not a categorical guarantee that no other Microsoft product can or does include the same vulnerable Linux kernel code. Background...

A heap‑overflow in the HDF5 library (H5MM_strndup / metadata attribute decoder), tracked as CVE‑2025‑2310 and tied to HDF5 v1.14.6, has been publicly disclosed and is known to produce reproducible crashes — and Microsoft’s initial public mapping names Azure Linux as a Microsoft product that...

The Linux kernel patch tracked as CVE-2025-39886 fixes a subtle BPF (eBPF) allocation and locking interaction — specifically, telling memcg to take the allow_spinning=false path in bpf_timer_init so that memcg accounting does not trigger recursive notifications while a raw spinlock or other...

A kernel flaw in the Sound Open Firmware (SOF) IPC4 topology code — tracked as CVE-2025-21870 — can cause NULL-pointer dereferences and broken audio pipelines on affected Linux kernels, and Microsoft’s public attestation that “Azure Linux includes this open‑source library and is therefore...

Microsoft’s public advisory for CVE‑2025‑58187 names Azure Linux as a product that “includes this open‑source library and is therefore potentially affected,” but that statement is a product‑level attestation — not a categorical guarantee that no other Microsoft product can include the same...

Microsoft’s brief product attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate for Azure Linux, but it is not a guarantee that no other Microsoft product can include the vulnerable Linux kernel code — any Microsoft artifact that ships...

PyTorch 2.8.0 carries an integer‑overflow correctness bug in the torch.nan_to_num(....long code path that has been assigned CVE‑2025‑55554, and while Microsoft has publicly attested that Azure Linux includes the impacted open‑source library, that attestation is an inventory statement — not proof...

Microsoft’s Entra ID will let administrators create multiple, group‑scoped passkey profiles — a move that shifts passkey (FIDO2) controls from a single tenant‑wide setting to a flexible, profile-based model and introduces a broader acceptance of attestation formats when Enforce attestation is...

Microsoft’s new Image Customizer for Azure Linux promises to shrink what used to be a lengthy, VM-driven image build process into a predictable, chroot-based workflow that operators can run in minutes — while integrating integrity protections such as dm-verity and code-integrity controls...

Microsoft has quietly made one of the most practical security upgrades for Azure virtual infrastructure far easier to adopt: Trusted Launch can now be enabled in-place for many existing VMs and scale sets, reducing the migration friction that has kept foundational boot security from reaching...

Microsoft’s recent push to harden Azure Linux with a new “OS Guard” capability marks a notable shift in how cloud providers are thinking about host-level protections for container workloads, combining run‑time immutability, code integrity checks, and mandatory access control into an opinionated...

Modern PC shooters are raising the bar: several recent AAA titles now refuse to run on Windows 10 unless Secure Boot and TPM 2.0 are enabled, forcing many players to move from legacy BIOS/MBR setups to a UEFI/GPT configuration before they can even launch the game. Background / Overview The...

Microsoft’s cloud team has quietly re-architected the silicon under Azure to treat nearly every element of a server as a discrete security boundary — and it's shipping that architecture at scale across new servers this year and into 2025. What started as a collection of academic and hyperscaler...

Microsoft’s latest push to “harden Azure from silicon to systems” stitches together a clear thesis: security must be built into every layer of the cloud stack — starting in silicon and extending through firmware, host controllers, attestation, and immutable supply-chain evidence. The company’s...

Microsoft’s presentation at Hot Chips 2025 pulled back the curtain on a quiet but pivotal shift in how Azure defends the cloud: security is moving from centralized, cluster-level appliances into the silicon and server chassis themselves, with the Azure Integrated HSM and companion custom silicon...

The VAN 9003 crash that left many Valorant players staring at the message “This build of Vanguard is out of compliance with current system settings” proved to be less a single bug and more a collision of modern Windows security posture, anti‑cheat kernel drivers, and inconsistent platform...

Microsoft Edge’s Canary channel has begun surfacing experimental controls that explicitly treat passkeys as first‑class syncable credentials in the browser, adding new flags labeled Passkey roaming and Passkey roaming management and settings, and exposing a combined “Passwords and passkeys” sync...

HID is betting big on enterprise passkeys: the company has launched a refreshed line of FIDO‑certified Crescendo authenticators alongside a new Enterprise Passkey Management (EPM) service aimed at making large‑scale, phishing‑resistant sign‑ins easier to deploy and run. The August 5 announcement...