Identity Security Posture Management
The latest Identity Security Posture Management coverage — news, analysis, and updates from the WindowsNews.AI desk.
Synacktiv Bypasses Windows Server 2025 Patch, Drops SYSTEM Shells via NTLM Relay
Synacktiv researchers have released a proof-of-concept that bypasses Microsoft's mitigation for CVE-2025-33073, allowing attackers to gain NT AUTHORITY\SYSTEM on patched Windows Server 2025 machines. The technique abuses NTLM relay and authentication reflection through the Print Spooler service, highlighting the persistence of legacy authentication weaknesses even in the latest Windows Server version.
Urgent CISA Alert: Unpatched Modbus TCP Flaws Expose Delta DVP12SE PLCs to Remote Attacks
CISA warns that all versions of Delta Electronics DVP12SE PLCs contain two critical Modbus TCP vulnerabilities enabling remote, unauthenticated attacks. Without a firmware patch available, organizations must immediately implement strict network segmentation, access controls, and traffic monitoring to protect industrial processes. The advisory underscores the ongoing risks of insecure protocols in critical infrastructure.
CISA Flags XZ Utils Flaw CVE-2025-31115 Endangering B&R Industrial Terminals, Urges Immediate Patching
CISA has republished an ABB PSIRT advisory warning that CVE-2025-31115, a high-severity vulnerability in XZ Utils, affects multiple B&R Industrial Automation terminal products. The flaw could enable arbitrary code execution or denial of service, and fixed Terminal OS releases are now available. Asset owners are urged to apply patches urgently to protect their operational technology networks.
CISA Warns: StoneFly Storage Concentrator Bugs Grant Root Access and Full Data Control
CISA issued a critical advisory for multiple StoneFly Storage Concentrator vulnerabilities that allow unauthenticated root access and data theft. The flaws affect all versions before 8.0 and can be chained to fully compromise storage devices used in industrial environments. Organizations are urged to patch immediately or implement strict compensating controls to prevent exploitation.
CISA Issues Advisory for FUXA SCADA/HMI Authentication Bypass (CVE-2026-13207) Exposing User Roles
CISA has issued an ICS advisory for CVE-2026-13207, a critical authentication bypass in Frangoteam FUXA SCADA/HMI versions ≤1.3.1 that allows unauthenticated access to user accounts and role assignments. The vulnerability exposes OT privilege structures to reconnaissance, with a CVSS v4 score of 8.6. Patches are available in version 1.3.2, and network mitigations are recommended for delayed upgrades.
Microsoft Extends Windows 10 Life with Paid Security Updates Until 2027 — And How to Harden Your PC
Microsoft will offer a paid Extended Security Updates program for Windows 10 consumers, extending critical patches until October 2027. This article examines the program’s costs, limitations, and enrollment process, and provides a detailed set of hardening steps for those who choose to stay on the aging OS after support ends.
Schneider Electric Patches Critical XXE Flaw in Data Center Expert – Update to 9.1.2 Now
Schneider Electric disclosed a high-severity authenticated XML External Entity (XXE) vulnerability (CVE-2026-8045) in its EcoStruxure IT Data Center Expert platform. The flaw, affecting versions 9.1.1 and earlier, could allow authenticated attackers to read sensitive files from the server. A patch is available in version 9.1.2, and users are urged to upgrade immediately.
CISA Flags 5 Critical File-Write Flaws in OFFIS DCMTK, Urging Immediate Medical Device Updates
The U.S. Cybersecurity and Infrastructure Security Agency has issued an urgent medical advisory about five file-write vulnerabilities in OFFIS DCMTK versions up to 3.7.0, a toolkit ubiquitous in DICOM image processing across healthcare. The flaws could allow remote code execution and data tampering, demanding immediate patching and network segmentation to protect medical devices and patient data.
Microsoft Defender for Business: How SMBs Get Enterprise-Grade Endpoint Security Without the Price Tag
Microsoft Defender for Business brings enterprise-grade endpoint security—including next-gen antivirus, EDR, and vulnerability management—to SMBs with up to 300 users. Available standalone for $3/user/month or bundled with Microsoft 365 Business Premium, it simplifies advanced protection while remaining affordable. The article examines its features, pricing, competitive landscape, and real-world deployment experience.
Schneider Electric Patches Credential-Stealing Vulnerability in EasyLogic T150, Saitel DP RTUs
Schneider Electric has disclosed CVE-2026-9650, a high-severity vulnerability in its EasyLogic T150 and Saitel DP RTUs that exposes stored credentials. The firmware flaw (CVSS 8.6) allows remote attackers to extract authentication data and compromise critical infrastructure systems. Patched firmware is available, and CISA has issued an alert urging immediate updates.
Microsoft Previews Context-Driven Conditional Access for Windows 365 Cloud PC Redirections
Microsoft has launched a public preview of context-based redirections for Windows 365, enabling administrators to set dynamic conditional access rules for clipboard, USB, drive, and printer redirections on Enterprise and Flex dedicated Cloud PCs. The feature uses Entra ID authentication context to evaluate sign-in conditions before allowing data flow, tightening security for hybrid work. IT teams can now enforce granular policies that adapt to user location, device compliance, and other risk signals.
Huntress Managed ISPM Now Generally Available, Hardening Microsoft 365 Identities for MSPs
Huntress has made Managed Identity Security Posture Management (ISPM) generally available for Microsoft 365, delivering automated hardening for Entra ID, Exchange Online, and other services. The managed service continuously scans for misconfigurations and applies best-practice security controls, helping MSPs protect their SMB clients from identity-based attacks without deep security expertise. It integrates with the Huntress security platform to combine proactive posture management with existing detection and response capabilities.
Microsoft Supercharges SMB Security with Defender and Purview Add-Ons for Business Premium
Microsoft has introduced premium Defender and Purview add-ons for Microsoft 365 Business Premium, giving SMBs access to advanced threat hunting, automated incident response, and compliance automation previously limited to enterprise E5 plans. The add-ons, rolled out in late 2025 and pushed aggressively through partners in 2026, close the security gap for small businesses facing escalating cyber threats and regulatory demands. Priced affordably and backed by a growing MSP ecosystem, they transform Business Premium into a comprehensive SMB security platform.