Tag

Microsoft Defender

All articles tagged with #microsoft defender

security6 days ago•2 min saved

Two Actively Exploited Defender Flaws Prompt Auto-Patch Rollout

Microsoft warns that Defender is under active exploitation due to a privilege-escalation flaw (CVE-2026-41091) and a separate denial-of-service flaw (CVE-2026-45498). Updates are delivered automatically via Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7, and systems with Defender disabled are not affected. CISA has added both flaws to its Known Exploited Vulnerabilities catalog, with a June 3, 2026 patch deadline for Federal Civilian Executive Branch agencies. The article also references older Microsoft CVEs that have been added to KEV in recent weeks.

via The Hacker News|

#cve-2026-41091 #cve-2026-45498 #denial-of-service

security23 days ago•4 min saved

Microsoft Defender flags DigiCert root certificates as malware, triggering trust disruptions

Microsoft Defender's late-April signature update falsely flagged DigiCert root certificates as malware, causing removals from the Windows trust store and disruptions to secure connections; Microsoft issued emergency Defender definitions (1.449.430.0 and 1.449.431.0) to fix the issue and auto-restore certificates. While timing touches a DigiCert breach incident, Defender targeted root certificates, not EV signing certs, underscoring the risk of false positives in automated threat detection and the need for layered security.

via LinkedIn|

#certificates #digicert #false-positives

cyber-security24 days ago•58 min saved

Microsoft Defender Misclassifies DigiCert Root Certificates as Malware

Microsoft Defender’s late-April 2026 signature update wrongly flagged two DigiCert root certificates as malware (Trojan:Win32/Cerdigent.A!dha), quarantining their entries in Windows’ AuthRoot/Certificates store and risking SSL/TLS validation and code-signing for enterprise software. A corrective definition update (.430) began restoring the certificates, with automatic remediation rolling out and admins advised to verify restoration via certutil and Advanced Hunting logs. This incident underscores the risks of false positives in automated security responses targeting core Windows components.

via CyberSecurityNews|

#cyber-security #digicert #false-positive

technology24 days ago•5 min saved

Defender mislabels DigiCert roots as malware, prompting trust-store removals

Microsoft Defender’s signature update incorrectly flagged legitimate DigiCert root certificates in the Windows AuthRoot store as Trojan:Win32/Cerdigent.A!dha, leading to removals; Microsoft fixed the false positives in Security Intelligence updates 1.449.430.0 and 1.449.431.0, with automatic updates rolling out and manual checks available. The DigiCert breach is being discussed as a possible link, though the Defender flags target root certificates rather than the revoked EV code-signing certificates linked to DigiCert’s incident.

via BleepingComputer|

#digicert-breach #false-positives #microsoft-defender

security1 month ago•3 min saved

CISA Mandates Patch for BlueHammer Windows Flaw in Two Weeks

CISA has ordered U.S. federal agencies to patch CVE-2026-33825, a Microsoft Defender privilege-escalation flaw nicknamed BlueHammer that was exploited as a zero-day before Microsoft released a fix on April 14. Agencies have two weeks (until May 7) to secure Windows systems, with CISA warning of ongoing exploitation and advising mitigations or product discontinuation if fixes aren’t available. The report also notes related flaws (RedSun, UnDefend) disclosed by Chaotic Eclipse and evidence of active intrusion including hands-on-keyboard activity and suspicious FortiGate VPN activity tied to Russia. CISA added the flaw to the Known Exploited Vulnerabilities catalog and highlighted broader risks from similar Windows zero-days.

via BleepingComputer|

#bluehammer #cisa #cve-2026-33825

computing1 month ago•75 min saved

Disgruntled researcher leaks Defender zero-days, leaving Windows users exposed

A disgruntled security researcher leaked three Microsoft Defender zero-days—BlueHammer, RedSun and UnDefend—exposing over a billion Windows users; BlueHammer has been patched in the April 2026 updates, while RedSun and UnDefend remain unpatched but are already being exploited in the wild. Users should install the April 2026 security updates now and monitor for future patches, with additional antivirus protection to bolster defenses.

via Tom's Guide|

#bluehammer #computing #microsoft-defender

technology1 month ago•1 min saved

Threat Actors Exploit Three Defender Zero-Days; Two Remain Unpatched

Huntress warns that three Microsoft Defender zero-days—BlueHammer, RedSun, and UnDefend—are being actively exploited to gain elevated access and disrupt definition updates. BlueHammer has a fix (CVE-2026-33825) included in Patch Tuesday, while RedSun and UnDefend remain unpatched. Exploitation has been observed since April 10–16, 2026 with hands-on-keyboard activity; affected networks have been isolated to prevent further post-exploitation.

via The Hacker News|

#exploits #huntress #microsoft-defender

cyber-security-news1 month ago•53 min saved

RedSun: Defender zero-day grants SYSTEM access on Windows

A newly disclosed zero-day in Microsoft Defender, dubbed RedSun, lets an unprivileged user escalate to SYSTEM on patched Windows 10/11 and Windows Server 2019+ by abusing Defender’s cloud file handling. The attack rewrites a malicious file back to a system path via cldapi.dll and oplocks, overwriting a system binary in System32 (e.g., TieringEngineService.exe) and gaining full code execution as SYSTEM. CVE-2026-33825 carries a CVSS of 7.8; there is currently no patch. Security teams should monitor Defender file-write activity to System32, look for cldapi.dll-issued redirects, and apply endpoint detection until Microsoft issues a fix.

via CyberSecurityNews|

#cve-2026-33825 #cyber-security-news #microsoft-defender

technology9 months ago•1 min saved

Microsoft Warns of Essential Defender Update for Windows 10/11 ISO Installations

Microsoft has released a new Defender update (version 1.431.796.0) for Windows 10, Windows 11, and Windows Server images to ensure installation media contains the latest security definitions, closing security gaps and improving performance, especially against threats like stealer malware.

via Neowin|

#iso-installation #microsoft-defender #security-update

technology1 year ago•5 min saved

Why You Should Ditch Third-Party Antivirus Software

The U.S. Department of Commerce has banned Kaspersky software, preventing it from providing updates to U.S. customers. Despite the prevalence of third-party antivirus software, built-in protections like Microsoft Defender are now highly effective, making additional paid antivirus programs largely unnecessary. Older Americans are more likely to pay for these services out of habit, but modern default protections are sufficient for most users.

via ZDNet|

#antivirus #cybersecurity #kaspersky

technology2 years ago•3 min saved

"Enabling Windows' Built-In Ransomware Protection"

Ransomware is a serious threat, but Windows users can activate built-in protection through Microsoft Defender by enabling Controlled folder access and ensuring they are logged into OneDrive for automatic backups. While this may cause some inconvenience, such as blocking access to certain folders, it provides an additional layer of defense against ransomware attacks. Users can also consider upgrading their antivirus software for more comprehensive protection.

via PCWorld|

#antivirus-software #data-protection #microsoft-defender

cybersecurity2 years ago•2 min saved

"Windows SmartScreen Vulnerability Exploited to Deliver Phemedrone Malware and Information Stealer"

A new information-stealing malware called Phemedrone is exploiting a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts and harvest data from web browsers, cryptocurrency wallets, and various software applications. The flaw, fixed during November 2023 Patch Tuesday, allows attackers to trick victims into opening malicious URL files, leading to the execution of a PowerShell loader and the theft of sensitive information. Trend Micro reports that Phemedrone targets a wide range of applications and data, and has published indicators of compromise for this campaign.

via BleepingComputer|

#cybersecurity #malware #microsoft-defender

technology2 years ago•4 min saved

Windows 11 23H2 Update: Performance Loss, Trusty Defender, and Copilot Delay

Users have reported experiencing performance losses and issues with games after upgrading to Windows 11 23H2. Reddit and Microsoft forum threads highlight CPU performance degradation, random stuttering, frame drops, and texture loading issues. Resetting the Windows Security app and enabling CPU virtualization in BIOS, along with enabling Memory Integrity under Core Isolation settings, seems to resolve the performance problems for some users. Further investigation is needed to determine the root cause of these issues.

via Neowin|

#cpu-benchmarks #gaming #microsoft-defender

technology2 years ago•2 min saved

"Microsoft's Defender Bounty Program: Earn up to $20,000 for Finding Bugs"

Microsoft has launched a bug bounty program called Microsoft Defender Bounty Program, offering rewards ranging from $500 to $20,000 for identifying vulnerabilities in the Microsoft Defender security platform. The program is currently limited to Microsoft Defender for Endpoint APIs but is expected to expand to include other Defender products in the future. The highest reward is for critical severity remote code execution vulnerabilities. Microsoft paid $58.9 million in rewards to security researchers worldwide across 22 bug bounty programs.

via BleepingComputer|

#bug-bounty-program #microsoft #microsoft-defender

technology2 years ago•2 min saved

Microsoft Defender: Enhanced Auto-Isolation and Autonomous Protection

Microsoft Defender for Endpoint has introduced an automatic attack disruption feature that isolates compromised user accounts to prevent lateral movement in hands-on-keyboard attacks. This capability temporarily contains suspicious identities, preventing attackers from using them to escalate privileges, move laterally, perform credential theft, data exfiltration, or encrypt remotely. When an initial stage of a human-operated attack is detected, the feature blocks the attack on the affected device and inoculates other devices within the organization by blocking incoming malicious traffic. Since its introduction, over 6,500 devices have been protected from ransomware campaigns. Defender for Endpoint can also isolate hacked and unmanaged Windows devices, preventing lateral movement within networks.

via BleepingComputer|

#attack-disruption #compromised-accounts #endpoint-security