microsoft
Safeguard articles tagged "microsoft" — guides, analysis, and best practices for software supply chain and application security.
16 articles
Patch Tuesday June 2026: ~200 Flaws, 6 Zero-Days, and a Wormable Kernel RCE
Microsoft's June 2026 Patch Tuesday is among the largest on record — roughly 200 fixes, six zero-days including one exploited in the wild, and a top-severity Windows Kernel RCE. Here's what actually matters.
Microsoft May 2026 Patch Tuesday: No Zero-Days, but Two CVSS 9.8 Wormable RCEs
Microsoft's May 2026 Patch Tuesday shipped without a single exploited zero-day for the first time since June 2024, but it still carried two unauthenticated CVSS 9.8 remote code execution bugs in core Windows services that every domain should treat as emergency patches.
Storm-0558 Microsoft Cloud Identity Aftermath
Storm-0558 forged Microsoft cloud tokens with a stolen MSA key and read government email. Three years later the architectural lessons are still unevenly applied.
CVE-2024-21413 Outlook Moniker Link Analysis
CVE-2024-21413 is a critical Outlook Moniker Link RCE that bypasses Protected View via a crafted file URL. Root cause, exploitation, and detection.
Microsoft Midnight Blizzard Source Code Theft 2024
Midnight Blizzard moved from email exfiltration to Microsoft source code repositories. The pivot from stolen OAuth tokens to code access is the supply chain lesson.
NuGet Package Signing Status in 2026
NuGet package signing has quietly become one of the stricter supply chain stories in mainstream ecosystems. Here is what .NET teams actually need to know.
CVE-2025-53770 in SharePoint (ToolShell): Patch Posture & SBOM Response
On-prem SharePoint deserialization flaw scored CVSS 9.8 and entered CISA KEV the day after public exploitation. Defender playbook below.
EchoLeak (CVE-2025-32711): The First Zero-Click Production LLM Exfiltration
A single crafted email could exfiltrate data from Microsoft 365 Copilot without a user click. We walk the attack chain, the patch, and the lessons for agent operators.
Microsoft Power Pages CVE-2025-24989: Privilege Escalation in Low-Code Platforms
Microsoft patched an actively exploited privilege escalation vulnerability in Power Pages, its low-code web platform. The flaw allowed unauthorized users to gain elevated access within affected sites.
Microsoft Midnight Blizzard: Detailed Timeline
A reconstructed public timeline of Microsoft's Midnight Blizzard intrusion, from the initial password spray in November 2023 through the source code and federal agency disclosures.
Midnight Blizzard and the Microsoft Email Breach
Russia's SVR-linked Midnight Blizzard sat inside Microsoft's corporate email for weeks. Here is what the January 2024 disclosure revealed about identity supply chains.
Microsoft Breached by Midnight Blizzard: Russian Hackers Read Executive Emails
In January 2024, Microsoft disclosed that the Russian state-sponsored group Midnight Blizzard had been reading emails of senior executives and security team members since November 2023, using a password spray attack against a legacy test account.