Safeguard
Tag

microsoft

Safeguard articles tagged "microsoft" — guides, analysis, and best practices for software supply chain and application security.

16 articles

Vulnerabilities

Patch Tuesday June 2026: ~200 Flaws, 6 Zero-Days, and a Wormable Kernel RCE

Microsoft's June 2026 Patch Tuesday is among the largest on record — roughly 200 fixes, six zero-days including one exploited in the wild, and a top-severity Windows Kernel RCE. Here's what actually matters.

Jun 11, 20266 min read
Vulnerability Management

Microsoft May 2026 Patch Tuesday: No Zero-Days, but Two CVSS 9.8 Wormable RCEs

Microsoft's May 2026 Patch Tuesday shipped without a single exploited zero-day for the first time since June 2024, but it still carried two unauthenticated CVSS 9.8 remote code execution bugs in core Windows services that every domain should treat as emergency patches.

May 13, 202613 min read
Threat Intelligence

Storm-0558 Microsoft Cloud Identity Aftermath

Storm-0558 forged Microsoft cloud tokens with a stolen MSA key and read government email. Three years later the architectural lessons are still unevenly applied.

Mar 11, 20267 min read
Vulnerability Analysis

CVE-2024-21413 Outlook Moniker Link Analysis

CVE-2024-21413 is a critical Outlook Moniker Link RCE that bypasses Protected View via a crafted file URL. Root cause, exploitation, and detection.

Mar 2, 20268 min read
Incident Analysis

Microsoft Midnight Blizzard Source Code Theft 2024

Midnight Blizzard moved from email exfiltration to Microsoft source code repositories. The pivot from stolen OAuth tokens to code access is the supply chain lesson.

Feb 25, 20268 min read
Open Source Security

NuGet Package Signing Status in 2026

NuGet package signing has quietly become one of the stricter supply chain stories in mainstream ecosystems. Here is what .NET teams actually need to know.

Feb 17, 20267 min read
Vulnerability Response

CVE-2025-53770 in SharePoint (ToolShell): Patch Posture & SBOM Response

On-prem SharePoint deserialization flaw scored CVSS 9.8 and entered CISA KEV the day after public exploitation. Defender playbook below.

Jul 21, 20256 min read
AI Security

EchoLeak (CVE-2025-32711): The First Zero-Click Production LLM Exfiltration

A single crafted email could exfiltrate data from Microsoft 365 Copilot without a user click. We walk the attack chain, the patch, and the lessons for agent operators.

Jun 19, 20256 min read
Vulnerability Analysis

Microsoft Power Pages CVE-2025-24989: Privilege Escalation in Low-Code Platforms

Microsoft patched an actively exploited privilege escalation vulnerability in Power Pages, its low-code web platform. The flaw allowed unauthorized users to gain elevated access within affected sites.

Feb 19, 20256 min read
Incident Analysis

Microsoft Midnight Blizzard: Detailed Timeline

A reconstructed public timeline of Microsoft's Midnight Blizzard intrusion, from the initial password spray in November 2023 through the source code and federal agency disclosures.

Jun 25, 20247 min read
Incident Analysis

Midnight Blizzard and the Microsoft Email Breach

Russia's SVR-linked Midnight Blizzard sat inside Microsoft's corporate email for weeks. Here is what the January 2024 disclosure revealed about identity supply chains.

Jan 25, 20245 min read
Incident Analysis

Microsoft Breached by Midnight Blizzard: Russian Hackers Read Executive Emails

In January 2024, Microsoft disclosed that the Russian state-sponsored group Midnight Blizzard had been reading emails of senior executives and security team members since November 2023, using a password spray attack against a legacy test account.

Jan 19, 20247 min read
microsoft — Safeguard Blog