windows
Safeguard articles tagged "windows" — guides, analysis, and best practices for software supply chain and application security.
20 articles
PHP-CGI Argument Injection RCE on Windows (CVE-2024-4577) Explained
CVE-2024-4577 revived a decade-old PHP-CGI flaw through a Windows Unicode 'best-fit' quirk, yielding unauthenticated RCE. Here's the mechanism and the patched versions.
Follina (CVE-2022-30190) Explained: Code Execution From a Word Document With Macros Off
CVE-2022-30190, Follina, abused the Windows MSDT protocol handler so a Word document could run PowerShell — no macros, no enable-content click. Here is the ms-msdt mechanism.
PrintNightmare (CVE-2021-34527) Explained: When the Windows Print Spooler Ran Code as SYSTEM
CVE-2021-34527, PrintNightmare, let an authenticated attacker load a malicious printer driver through the Windows Print Spooler and execute code as SYSTEM — locally or across a domain.
Patch Tuesday June 2026: ~200 Flaws, 6 Zero-Days, and a Wormable Kernel RCE
Microsoft's June 2026 Patch Tuesday is among the largest on record — roughly 200 fixes, six zero-days including one exploited in the wild, and a top-severity Windows Kernel RCE. Here's what actually matters.
CVE-2026-41089: The Unauthenticated Netlogon RCE That Owns Your Domain Controller
CVE-2026-41089 is a CVSS 9.8 unauthenticated remote code execution flaw in Windows Netlogon: an integer overflow in MS-NRPC handshake parsing leads to a stack overflow on domain controllers, with no credentials or user interaction required.
Microsoft May 2026 Patch Tuesday: No Zero-Days, but Two CVSS 9.8 Wormable RCEs
Microsoft's May 2026 Patch Tuesday shipped without a single exploited zero-day for the first time since June 2024, but it still carried two unauthenticated CVSS 9.8 remote code execution bugs in core Windows services that every domain should treat as emergency patches.
CVE-2025-24071 Windows Explorer NTLM Hash Leak
A .library-ms file extracted from a zip archive can leak NTLM hashes without the user opening anything. Breakdown of CVE-2025-24071 and the defensive response.
Safeguard Desktop App 1.0 Release
The Safeguard desktop application is 1.0 on macOS, Windows, and Linux. It brings the full workflow engine, Local Runner, and offline posture reviews to developers.
CVE-2024-4577 PHP CGI Argument Injection Explained
CVE-2024-4577 is a CVSS 9.8 argument injection in PHP-CGI on Windows that bypasses CVE-2012-1823's fix. Root cause, exploitation, and remediation.
Follina and the MSDT Lesson: What CVE-2022-30190 Taught About Trusted Handlers
Follina exploited a Microsoft Support Diagnostic Tool URI handler that nobody thought about. The technical mechanics, the rapid exploitation, and the lasting defense lessons.
Windows LDAP LSASS CVE-2024-49113 (LDAPNightmare)
CVE-2024-49113 crashes LSASS over LDAP referrals and pairs with CVE-2024-49112 for RCE. Exploit chain, detection, and domain controller hardening.
Windows MSHTML Spoofing CVE-2024-43573 Explained
CVE-2024-43573 is a zero-day MSHTML spoofing flaw patched by Microsoft in October 2024. Here is the chain, detection, and why MSHTML keeps biting.