Edr
The latest Edr coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Warns of Actively Targeted Excel Use-After-Free Flaw CVE-2025-54896
Microsoft has issued a critical security advisory for CVE-2025-54896, a use-after-free vulnerability in Microsoft Office Excel that could allow attackers to execute arbitrary code on Windows...
Microsoft Urges Immediate Patching for Windows Kernel Privilege-Escalation Flaw CVE-2025-54110
Microsoft has released a security update to patch a high-severity vulnerability in the Windows kernel, tracked as CVE-2025-54110, that allows a local attacker to escalate privileges to SYSTEM level....
Windows SMBv3 Vulnerability CVE-2025-54101 Could Let Attackers Remotely Execute Code
A newly disclosed vulnerability in the Windows SMBv3 client could allow attackers to take full control of unpatched systems with nothing more than a network connection. Microsoft’s advisory,...
Hyper-V PowerShell Direct Flaw Lets Attackers Impersonate Admins, Microsoft Urges Patching
Microsoft has disclosed a new elevation-of-privilege vulnerability (CVE-2025-49734) in Windows Hyper-V’s PowerShell Direct feature that lets a locally authenticated attacker with low privileges...
Only 17% of Organizations Have Technical Controls for AI Data, Survey Finds, as Third-Party Risks Spiral
A staggering 83% of organizations lack the technical controls needed to stop employees from feeding sensitive data into public AI tools, according to a new survey from Kiteworks. The 2025 report,...
Chrome's 'Managed' Warning Explained: From Security Suites to Malware, Here's How to Investigate
Few messages in Google Chrome prompt as much alarm as the stark banner declaring "Your browser is managed by your organization." For enterprise users, it's a routine sight; for home users on their...
Windows 11 Enterprise Migration Done Right: Chevron Nigeria’s 12-Week Blueprint
In just 12 weeks, Chevron Nigeria moved more than 3,000 users from Windows 10 to Windows 11, cutting deployment time by 40% compared to earlier rollouts and earning a near-universal 98% user...
Patch Now: Delta COMMGR Critical Vulnerabilities Allow Remote Code Execution via .isp Files
Delta Electronics has issued an urgent security advisory and released COMMGR version 2.10.0 to fix two high-severity vulnerabilities that could let attackers execute arbitrary code on industrial...
Mitsubishi Says No Fix Coming for MELSEC iQ-F Cleartext Credential Flaw (CVE-2025-7731)
A serious vulnerability in Mitsubishi Electric's MELSEC iQ-F series programmable logic controllers leaves credentials exposed in plaintext network traffic, and the vendor has declared it will not...
Microsoft Defender Achieves Top Lab Scores, Smart App Control Makes Paid Antivirus Optional
Microsoft Defender has quietly evolved into a security platform that outperforms many paid antivirus suites in independent lab tests—and now it packs an execution control feature called Smart App...
IIS Under Fire: 2025 Patch Avalanche, ViewState RCE, and Windows Server 2025 Pitfalls
Microsoft’s Internet Information Services (IIS) has once again taken center stage in the cybersecurity spotlight. Throughout 2025, a relentless wave of security patches, newly disclosed attack...
New Open-Source AppLockerGen Tool Promises Easier XML Policy Editing — But Beware the Pitfalls
Windows administrators and security engineers struggling with the arcane XML syntax of AppLocker policies have a new ally: AppLockerGen, an open-source Streamlit-based graphical editor that promises...