windows security

Microsoft listed CVE-2026-34331 on May 12, 2026 as a Win32k elevation-of-privilege vulnerability in Windows, meaning a successful attacker would need some local foothold first but could potentially use the flaw to gain higher privileges on an affected system. That is not the kind of bug that...

Microsoft disclosed CVE-2026-34330 on May 12, 2026, as an Important-rated Windows Win32k elevation-of-privilege flaw in the GRFX component that can let a locally authenticated attacker gain SYSTEM privileges after exploiting an integer overflow or wraparound weakness. The advisory is not...

Microsoft disclosed CVE-2026-33839 on May 12, 2026, as an Important-rated Windows Win32k elevation-of-privilege vulnerability in the GRFX component, caused by a race condition that lets a low-privileged, locally authenticated attacker potentially gain SYSTEM privileges after installing the...

Microsoft disclosed CVE-2026-33834 on May 12, 2026 as a Windows Event Logging Service elevation-of-privilege vulnerability, meaning a successful attacker would not break in remotely from scratch but could potentially turn existing local access into more powerful Windows permissions. The...

Microsoft Azure CTO Mark Russinovich said in a Microsoft developer video posted in early May 2026 that Win32, the Windows programming interface born in the Windows 95 era, remains a first-class foundation inside Windows 11 because decades of applications and tooling still depend on it. That is...

Microsoft’s latest public reminder that Win32 remains central to Windows 11 landed in early May 2026, when Microsoft Dev Docs highlighted remarks from Azure CTO and Sysinternals creator Mark Russinovich about the decades-old API’s unexpected staying power. The uncomfortable truth is not that...

Google Chrome on Windows before version 148.0.7778.96 contains CVE-2026-7911, a high-severity use-after-free flaw in Chromium’s Aura UI layer that could let a remote attacker who already compromised the renderer attempt a sandbox escape through a crafted HTML page. That phrasing is dry, but the...

Google and the Chromium project disclosed CVE-2026-7914 on May 6, 2026, describing a high-severity Windows-only Chrome accessibility bug fixed in Chrome 148.0.7778.96 that could let an attacker escape the browser sandbox after first compromising a renderer process. That short description is...

Google and Microsoft documented CVE-2026-7966 on May 6–7, 2026, as a Chromium SiteIsolation input-validation flaw fixed in Chrome 148.0.7778.96 and Microsoft Edge 148.0.7778.xxx, allowing a renderer-compromising attacker to bypass site isolation with a crafted HTML page. The important part is...

Google published CVE-2026-7990 on May 6, 2026 for a Windows-only Chrome Updater flaw fixed in Chrome 148.0.7778.96, and NVD’s initial configuration models it as Google Chrome before that version running on Microsoft Windows. That is probably not a missing CPE so much as an awkward but defensible...

CVE-2026-8000 is a ChromeDriver input-validation flaw disclosed on May 6, 2026, affecting Google Chrome on Windows before version 148.0.7778.96 and allowing remote code execution if a user reaches a crafted HTML page. The awkward part is not merely the bug; it is the mismatch between Chromium’s...

Microsoft is preparing Windows PCs for a Secure Boot certificate rollover beginning in late June 2026, when original 2011-era certificates start expiring and unsupported Windows 10 systems outside Extended Security Updates will not receive the replacement certificates. This is not a theatrical...

ZDNET’s latest Windows Defender guidance argues that five optional protections in Windows Security—Controlled folder access, Memory integrity, Potentially unwanted app blocking, Smart App Control, and Tamper protection—deserve a second look because several are still disabled or conditional by...

Microsoft will begin escalating Windows Security warnings on May 13, 2026 for Windows 10 and May 16, 2026 for Windows 11 when PCs still lack updated Secure Boot certificates needed before the original 2011 trust certificates start expiring in June. This is not another cosmetic Windows Update...

Set Up and Customize Windows Security Account Protection Alerts in Windows 10/11 Difficulty: Beginner | Time Required: 10 minutes Windows Security does more than scan for viruses. It also keeps an eye on your account protection, which includes things like your Microsoft account sign-in status...

Microsoft made Agent 365 generally available for commercial customers on May 1, 2026, positioning it as a Microsoft 365 control plane for discovering, governing, and securing AI agents across Microsoft, SaaS, endpoint, and multicloud environments. That framing sounds tidy, but the announcement...

Microsoft’s Security Update Guide now lists CVE-2026-25645, a medium-severity flaw in Python Requests before 2.33.0 where extract_zipped_paths() can reuse predictable temporary files, allowing a local attacker to substitute malicious content under specific environmental conditions. The...

CVE-2026-7360 is a high-severity Chromium compositing flaw fixed in Google Chrome 147.0.7727.137/138 on April 28, 2026, affecting desktop Chrome before 147.0.7727.138 and allowing an attacker who already compromised the renderer process to bypass site isolation using a crafted HTML page. The...

Microsoft’s April 2026 Windows 11 quality updates are doing exactly what modern Patch Tuesdays so often do: tightening security in one area while creating friction in another. KB5083769 for Windows 11 25H2 and 24H2 introduces new Remote Desktop safeguards meant to blunt spoofing attacks tied to...

CVE-2026-34591 is a reminder that the most dangerous software supply chain bugs are not always found in operating systems, browsers, or cloud control planes. This newly disclosed Poetry wheel path traversal vulnerability affects a widely used Python dependency and packaging tool, allowing a...