Articles from 2026
Browse all Windows news articles published in 2026
CVE-2026-26113: Microsoft Office RCE Vulnerability with Local Attack Vector Explained
Microsoft's security advisory for CVE-2026-26113 describes a "Microsoft Office Remote Code Execution Vulnerability" with a CVSS vector that lists the Attack Vector (AV) as Local (L), creating...
CVE-2026-26112: Microsoft's Excel Vulnerability Classification Sparks Security Confusion
Microsoft's March 2026 security advisory for CVE-2026-26112 labels the flaw as a \"Microsoft Excel Remote Code Execution Vulnerability,\" but the accompanying CVSS vector tells a different story. The...
Microsoft Patches Critical RRAS Remote Code Execution Vulnerability CVE-2026-26111 in March 2026 Update
Microsoft's March 10, 2026 security update addresses a high-severity remote code execution vulnerability in the Windows Routing and Remote Access Service (RRAS) tracked as CVE-2026-26111. This...
Microsoft Patches SharePoint Spoofing XSS Vulnerability CVE-2026-26105 in March 2026 Security Update
Microsoft released a critical security update on March 10, 2026, addressing CVE-2026-26105, a high-severity spoofing vulnerability affecting on-premises Microsoft SharePoint Server installations....
CVE-2026-25190: Microsoft Patches Critical GDI Vulnerability in March 2026 Security Update
Microsoft's March 2026 security update includes a newly cataloged Windows Graphics Device Interface vulnerability tracked as CVE-2026-25190, a high-severity code-execution flaw that requires...
Microsoft Confirms Critical DWM Privilege Escalation Vulnerability CVE-2026-25189
Microsoft has officially documented CVE-2026-25189, a confirmed use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library that enables local privilege escalation. The...
CVE-2026-25188: Microsoft Patches Critical Telephony Service Heap Overflow Vulnerability
Microsoft's March 2026 Patch Tuesday update addresses a high-severity heap-based buffer overflow vulnerability in the Windows Telephony Service, cataloged as CVE-2026-25188. This security flaw could...
Excel CVE-2026-26144 XSS Vulnerability Enables Copilot Data Exfiltration in Zero-Click Attack
Microsoft's March 2026 Patch Tuesday addressed a critical Excel vulnerability that creates a dangerous new attack vector for AI-powered data theft. CVE-2026-26144, a cross-site scripting flaw in...
CVE-2026-25187: Critical Winlogon Privilege Escalation Vulnerability Exposes Windows Systems
Microsoft has assigned CVE-2026-25187 to a newly discovered local privilege escalation vulnerability in Winlogon, the Windows component responsible for handling secure desktop sessions and user...
Microsoft Patches ATBroker Information Disclosure Vulnerability CVE-2026-25186 in Windows Accessibility Infrastructure
Microsoft has addressed a newly cataloged information disclosure vulnerability in the Windows Accessibility Infrastructure, tracked as CVE-2026-25186, affecting the ATBroker.exe helper process. This...
CVE-2026-25185: Windows Shell Link Spoofing Vulnerability Exposes Sensitive Data
Microsoft has disclosed a critical Windows Shell Link processing vulnerability designated CVE-2026-25185 that enables network-level spoofing and information disclosure. The security flaw in how...
Patch for GDI+ flaw CVE-2026-25181 ships in Windows security update.
Microsoft has released a security update addressing CVE-2026-25181, an information disclosure vulnerability in the Windows Graphics Component (GDI+). The vulnerability, discovered through Microsoft's...