Windows Server Security
The latest Windows Server Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Fixes Critical 9.8-Rated DHCP Bug—Apply the July 2026 Update Now
Microsoft released its July 2026 security updates on Tuesday, and among them is a fix for a critical remote-code-execution vulnerability in the Windows DHCP Server service. Rated 9.8 out of 10 on the...
July Windows Updates Shut Down XSS Vulnerability in AD FS That Could Aid Identity Spoofing
Microsoft’s July 14, 2026 cumulative security updates fix a cross-site scripting flaw in Active Directory Federation Services that could let an already-privileged attacker spoof web content...
Microsoft Patches AD FS Infinite Loop Vulnerability That Could Disable Enterprise Sign-Ons
On July 14, 2026, Microsoft’s monthly security updates included a patch for a vulnerability in Active Directory Federation Services (AD FS) that could let an unauthenticated attacker trigger an...
A Single Unpatched AD FS Server Can Crash Your Sign-Ins: Patch the July 14 DoS Flaw Now
Microsoft’s July 14, 2026 security updates fix a bug that lets an unauthenticated attacker crash an Active Directory Federation Services (AD FS) server over the network—and brings down...
Active Directory Denial-of-Service Flaw Emerges: How to Prepare Before Patches Arrive
On July 14, 2026, at 7:00 a.m. Pacific time, Microsoft published CVE-2026-57976, a security vulnerability it describes as "Windows Active Directory Domain Services Denial of Service Vulnerability."...
Microsoft Ships AD FS Fix, But Automatic Remediation Is Months Away — Here’s How to Secure Your Keys Now
Microsoft shipped a security fix on July 14, 2026, for a dangerous elevation-of-privilege flaw in Active Directory Federation Services (AD FS) that attackers are already exploiting. But any...
Microsoft’s July Update Closes Hyper-V Privilege Flaw: Immediate Actions for Server Admins
Microsoft addressed a confirmed elevation-of-privilege vulnerability in Windows Hyper-V as part of its July 14, 2026 Patch Tuesday release, urging administrators of all Hyper-V hosts to apply the fix...
Two Joomla Extensions Under Active Attack: CISA Orders Agencies to Patch File-Upload Flaws
The U.S. Cybersecurity and Infrastructure Security Agency added two file-upload vulnerabilities in widely used Joomla extensions to its Known Exploited Vulnerabilities Catalog on March 26, 2025,...
RedCastle V6.0 Earns EAL4 Certification, Bolstering Windows Server 2025 Security for Government Deployments
On June 24, 2026, SGA Solutions announced that its RedCastle V6.0 server security product had achieved Common Criteria Evaluation Assurance Level 4 (EAL4) for Windows Server 2025 R3. The...
Tanium secures FedRAMP authorization, launches autonomous Windows remediation in Japan
Tanium’s week of June 10, 2026, marked a decisive acceleration of its Autonomous IT vision, as the company simultaneously deepened its footprint in Asia, teased major conference reveals, and nabbed...
Patch CVE-2026-41089: Prioritize Internet-Facing Domain Controllers First
Microsoft’s May 2026 Patch Tuesday brought a stark reminder that network topology matters as much as patch speed. Among the 60+ vulnerabilities fixed this month, CVE-2026-41089 stands out—a...
ReliaQuest Exposes OP-512: Chinese Hackers Use Modular IIS Web Shells to Steal Credentials
A sophisticated three-part web shell framework, linked to Chinese threat actors and tracked as OP-512, is actively compromising Internet Information Services (IIS) servers, according to research...