credential guard

Title: CVE-2026-21223 — What Windows admins and power users need to know about the Microsoft Edge Elevation Service VBS bypass Summary A privilege-validation bug in the Microsoft Edge Elevation Service (Chromium-based Edge) has been assigned CVE-2026-21223. The service exposes a privileged COM...

If you’ve opened Task Manager and spotted lsass.exe running, it’s not a casual background program — it’s the Local Security Authority Subsystem Service, the core Windows component that enforces authentication and security policy, and yes, it’s supposed to be there — but attackers sometimes...

Microsoft has published an advisory describing CVE-2025-48813, a Virtual Secure Mode (VSM) spoofing vulnerability that arises when a VSM key is accepted past its expiration date—allowing an authorized local attacker to spoof identities or services inside the VSM isolation boundary. The issue is...

Windows' built‑in security toolbox is larger and more capable than it has ever been, but several of its most visible safeguards can — paradoxically — reduce real‑world security when design and deployment interact with human behavior and system performance. Four features in particular — User...

Microsoft’s advisory that an improper authentication vulnerability in Windows NTLM can let an authenticated actor elevate privileges over the network is the latest warning flag in a year already crowded with NTLM-related incidents and active exploitation chains. The vendor entry the user...

Microsoft will audit and then begin enforcing a block on NTLMv1–derived credentials in Windows 11, version 24H2 and Windows Server 2025: the change is gated by a new registry key (BlockNtlmv1SSO), exposes two new NTLM event IDs for Audit vs Enforce behavior, and will be rolled out in phases...

Hotpatch-ready fleets start with one infrastructure choice: enable Virtualization‑based Security (VBS) correctly and at scale — doing so is the single most important step to ensure your Windows devices are eligible for Microsoft’s hotpatch model and to materially reduce reboot-driven downtime...

Hotpatching’s promise — apply security fixes without forcing reboots — hinges on one non‑negotiable platform capability: Virtualization‑Based Security (VBS). For organizations preparing fleets for hotpatch delivery, enabling VBS at scale is the single most important operational task, and it’s...

Microsoft’s upgrade machinery is currently offering Windows 11 24H2 to machines that, on paper, fail the company’s minimum security requirements — including systems with TPM 2.0 disabled — and multiple independent reports suggest this is happening to both consumer and enterprise devices...

Microsoft’s latest move to blunt the impact of laptop failures and cyber incidents is pragmatic, bluntly honest, and engineered to sell a comfort-level businesses didn’t know they needed: a short-term, managed Cloud PC that employees can be switched onto when their physical machines fail, are...

Microsoft has released Windows 11 Insider Preview Build 27909 to the Canary Channel, focusing on enhancing system stability and addressing several critical issues reported by users. Key Fixes and Improvements Administrator Protection An issue preventing the Xbox app from launching when...

Here is a summary of what's new and fixed in Windows 11 Insider Preview Build 27909 (Canary Channel): Changelog Highlights General: Minor general improvements and fixes for a better experience. Administrator Protection: Fixed issue preventing the Xbox app (and sometimes others) from launching...

Semperis, a leader in identity security, has recently unveiled a critical vulnerability in Windows Server 2025's delegated Managed Service Accounts (dMSAs), termed the "Golden dMSA" attack. This flaw enables attackers to bypass authentication mechanisms and generate passwords for all dMSAs and...

Semperis has unveiled a critical design flaw in Windows Server 2025's delegated Managed Service Accounts (dMSAs), termed "Golden dMSA." This vulnerability allows attackers to generate service account passwords, facilitating undetected, persistent access across Active Directory environments. The...

Windows Virtualization-Based Security (VBS) is a core pillar of modern Windows security architecture, trusted by enterprises and government organizations alike to isolate and protect sensitive system processes from compromise. However, the recent disclosure of CVE-2025-47159—a critical elevation...

In a sweeping evolution for enterprise cloud security, Microsoft has revealed a major overhaul to the default security settings of its Windows 365 Cloud PCs. The company’s June 18, 2025, announcement outlines a new security baseline that disables peripheral redirection features while activating...

Microsoft’s audacious push toward secure-by-default cloud desktops reached a new zenith with the announcement of enhanced security defaults for Windows 365 Cloud PCs. Unveiled under the auspices of the Secure Future Initiative (SFI), these changes—slated for rollout in the second half of...

Microsoft's Secure Future Initiative (SFI) is set to implement significant security enhancements across Microsoft 365 services, including Office applications, Entra, SharePoint Online, and OneDrive. Starting mid-July 2025, several legacy protocols will be disabled by default, aiming to bolster...

Microsoft is implementing significant security enhancements across its Windows 365 and Microsoft 365 platforms, aiming to bolster defenses against data exfiltration and malware threats. Starting in the latter half of 2025, newly provisioned and reprovisioned Windows 365 Cloud PCs will have...

Microsoft has recently announced significant enhancements to the default security settings of Windows 365 Cloud PCs, aiming to bolster defenses against data exfiltration and malicious exploits. These updates introduce advanced security features and modify default configurations to create a more...