Microsoft Security
The latest Microsoft Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Drops a Sparse Windows Admin Center Spoofing Advisory—Here’s What to Do Now
On July 16, 2026, Microsoft published CVE-2026-58643, a spoofing vulnerability in Windows Admin Center—but the advisory is strikingly thin on details. The official entry provides no affected...
622 Fixes in Microsoft’s July Patch Tuesday, But Two Critical Exploits Require Immediate Action
Microsoft released its largest-ever Patch Tuesday on July 14, 2026, with a staggering 622 security fixes—more than tripling the previous record. But IT teams should ignore the big number and zero...
CVE-2026-47305: Visual Studio Remote Code Execution Threat Demands Immediate Update
Microsoft’s July 14 security update for Visual Studio closes a remote code execution flaw that lets attackers run arbitrary code on a developer’s machine if they can convince the user to open a...
Critical Windows Admin Center Flaw Exposed Servers to Takeover — Update Now
Microsoft released an emergency security update for Windows Admin Center on July 14, 2026, fixing a vulnerability that could let attackers execute malicious code on servers through the management...
Windows Admin Center 2.7.4 Closes Critical RCE Hole: Here’s Your Urgent Patch Checklist
Microsoft has shipped Windows Admin Center build 2.7.4 to shut down CVE-2026-56196, a remote code execution vulnerability that lets an authenticated attacker compromise the management tool and...
Microsoft Patches MSXML Flaw That Could Let Attackers Seize Admin Control on Windows
Microsoft shipped a fix on July 14, 2026 for CVE-2026-50359, a high-severity vulnerability in Microsoft XML Core Services that allows a locally authenticated attacker to escalate privileges on...
Microsoft’s July Update Resolves Recycle Bin’s Alarming $R Filename Glitch
If you permanently deleted a file from the Recycle Bin last month and saw a prompt asking to confirm deletion of something like “$R7A3B2C.doc” instead of your actual document name, you weren’t...
July SharePoint Patches Close Critical Auth Bypass; August Will Bring More
On July 14, 2026, Microsoft pushed out security updates that fix CVE-2026-55040, a critical authentication-bypass vulnerability in on‑premises SharePoint Server. The flaw, rated CVSS 9.1, lets a...
Microsoft Patches Excel Remote Code Flaw CVE-2026-55137—Here’s What You Need to Do Now
On July 14, 2026, Microsoft shipped security updates that close a heap-based buffer overflow in Excel that lets attackers hijack computers through booby-trapped spreadsheets. The vulnerability,...
Microsoft Patches Office and SharePoint Flaw That Could Leak Confidential Data via Local Attack
Microsoft’s July 14, 2026 security release patches an information-disclosure vulnerability that affects Microsoft 365 Apps, every supported perpetual Office release, Office for Mac, and on-premises...
Microsoft Warns of Azure AD Infinite-Loop Flaw Triggered by Unauthenticated Attackers
Microsoft disclosed CVE-2026-50653 on July 14, 2026, an “Important” denial-of-service vulnerability in Azure Active Directory components that anyone can trigger remotely – no account, password,...
Power BI Report Server's XSS Fix Requires a Specific Build—Your Last Update May Not Be Enough
Microsoft has patched an important-rated cross-site scripting vulnerability in Power BI Report Server that could allow an authenticated attacker to inject malicious scripts into the portal. The fix...