Safeguard
Tag

windows

Safeguard articles tagged "windows" — guides, analysis, and best practices for software supply chain and application security.

20 articles

Vulnerability Analysis

PHP-CGI Argument Injection RCE on Windows (CVE-2024-4577) Explained

CVE-2024-4577 revived a decade-old PHP-CGI flaw through a Windows Unicode 'best-fit' quirk, yielding unauthenticated RCE. Here's the mechanism and the patched versions.

Jul 8, 20265 min read
Vulnerability Analysis

Follina (CVE-2022-30190) Explained: Code Execution From a Word Document With Macros Off

CVE-2022-30190, Follina, abused the Windows MSDT protocol handler so a Word document could run PowerShell — no macros, no enable-content click. Here is the ms-msdt mechanism.

Jul 4, 20265 min read
Vulnerability Analysis

PrintNightmare (CVE-2021-34527) Explained: When the Windows Print Spooler Ran Code as SYSTEM

CVE-2021-34527, PrintNightmare, let an authenticated attacker load a malicious printer driver through the Windows Print Spooler and execute code as SYSTEM — locally or across a domain.

Jul 3, 20265 min read
Vulnerabilities

Patch Tuesday June 2026: ~200 Flaws, 6 Zero-Days, and a Wormable Kernel RCE

Microsoft's June 2026 Patch Tuesday is among the largest on record — roughly 200 fixes, six zero-days including one exploited in the wild, and a top-severity Windows Kernel RCE. Here's what actually matters.

Jun 11, 20266 min read
Vulnerability Analysis

CVE-2026-41089: The Unauthenticated Netlogon RCE That Owns Your Domain Controller

CVE-2026-41089 is a CVSS 9.8 unauthenticated remote code execution flaw in Windows Netlogon: an integer overflow in MS-NRPC handshake parsing leads to a stack overflow on domain controllers, with no credentials or user interaction required.

May 14, 202612 min read
Vulnerability Management

Microsoft May 2026 Patch Tuesday: No Zero-Days, but Two CVSS 9.8 Wormable RCEs

Microsoft's May 2026 Patch Tuesday shipped without a single exploited zero-day for the first time since June 2024, but it still carried two unauthenticated CVSS 9.8 remote code execution bugs in core Windows services that every domain should treat as emergency patches.

May 13, 202613 min read
Vulnerability Analysis

CVE-2025-24071 Windows Explorer NTLM Hash Leak

A .library-ms file extracted from a zip archive can leak NTLM hashes without the user opening anything. Breakdown of CVE-2025-24071 and the defensive response.

Mar 12, 20268 min read
Product

Safeguard Desktop App 1.0 Release

The Safeguard desktop application is 1.0 on macOS, Windows, and Linux. It brings the full workflow engine, Local Runner, and offline posture reviews to developers.

Mar 6, 20267 min read
Vulnerability Analysis

CVE-2024-4577 PHP CGI Argument Injection Explained

CVE-2024-4577 is a CVSS 9.8 argument injection in PHP-CGI on Windows that bypasses CVE-2012-1823's fix. Root cause, exploitation, and remediation.

Feb 23, 20268 min read
Vulnerability Analysis

Follina and the MSDT Lesson: What CVE-2022-30190 Taught About Trusted Handlers

Follina exploited a Microsoft Support Diagnostic Tool URI handler that nobody thought about. The technical mechanics, the rapid exploitation, and the lasting defense lessons.

Feb 14, 20265 min read
Vulnerability Analysis

Windows LDAP LSASS CVE-2024-49113 (LDAPNightmare)

CVE-2024-49113 crashes LSASS over LDAP referrals and pairs with CVE-2024-49112 for RCE. Exploit chain, detection, and domain controller hardening.

Jan 25, 20267 min read
Vulnerability Analysis

Windows MSHTML Spoofing CVE-2024-43573 Explained

CVE-2024-43573 is a zero-day MSHTML spoofing flaw patched by Microsoft in October 2024. Here is the chain, detection, and why MSHTML keeps biting.

Jan 9, 20267 min read
windows — Safeguard Blog