Microsoft Entra passkeys on Windows add phishing-resistant sign-in in public preview
Security Tool/Service
Summary
Hide ▲
Show ▼
Microsoft Entra is adding passkey support on Windows devices, bringing phishing-resistant passwordless authentication via Windows Hello. The rollout reaches public preview for worldwide tenants from mid-March through late April 2026, with GCC/GCC High/DoD environments following in mid-April through mid-May. The change extends passwordless sign-in to unmanaged Windows devices, reducing reliance on passwords and limiting phishing and malware-based credential theft.
Related Happenings
Microsoft extends Windows 10 ESU consumer coverage through October 2027
Security Tool/Service
H score11
First: 25.06.2026 21:29
Last: 25.06.2026 21:29
Sources 1
About this happening:
**Microsoft** quietly extended the **Windows 10 Extended Security Updates (ESU)** program for **personal devices** by **one additional year**, keeping critical security update cov...
Microsoft extends Windows 10 ESU consumer coverage through October 2027
Security Tool/ServiceAbout this happening: **Microsoft** quietly extended the **Windows 10 Extended Security Updates (ESU)** program for **personal devices** by **one additional year**, keeping critical security update cov...
Windows cldflt.sys privilege escalation (CVE-2020-17103)
Vulnerability
H score28
First: 18.05.2026 01:30
Last: 18.05.2026 01:30
Sources 1
About this happening:
A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...
Windows cldflt.sys privilege escalation (CVE-2020-17103)
VulnerabilityAbout this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...
Microsoft Edge stops loading saved passwords into cleartext memory at startup
Security Tool/Service
H score10
First: 15.05.2026 17:49
Last: 15.05.2026 17:49
Sources 1
About this happening:
**Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...
Microsoft Edge stops loading saved passwords into cleartext memory at startup
Security Tool/ServiceAbout this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...
Windows 11 BitLocker bypass YellowKey security flaw
Vulnerability
H score7
First: 14.05.2026 10:27
Last: 14.05.2026 10:27
Sources 1
About this happening:
**YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that affects the **Windows Recovery Environment (WinRE)** path and can expose **BitL...
Windows 11 BitLocker bypass YellowKey security flaw
VulnerabilityAbout this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that affects the **Windows Recovery Environment (WinRE)** path and can expose **BitL...
Latest development: 20.05.2026 10:31
Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.
Microsoft May 2026 Patch Tuesday release
Security Patch Release
H score44
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Latest development: 01.06.2026 15:30
Belgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.
Timeline
-
10.03.2026 17:27 3 articles · 4mo ago
Microsoft announces Entra passkeys for Windows public preview
Initial DisclosureMicrosoft announced passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless sign-in via Windows Hello. The opt-in update will enter public preview for worldwide tenants from mid-March through late April 2026, with GCC, GCC High, and DoD environments following from mid-April through mid-May 2026. The feature extends passwordless authentication to unmanaged Windows devices and uses device-bound passkeys stored in the Windows Hello container with face, fingerprint, or PIN sign-in methods.
Show sources
- Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys — www.bleepingcomputer.com — 10.03.2026 17:27
- Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys — www.bleepingcomputer.com — 10.03.2026 17:27
- Microsoft to roll out Entra passkeys on Windows in late April — www.bleepingcomputer.com — 24.04.2026 21:13