Find notable cyber news and cases, enriched with sources, timelines, and signals.

Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office

Trend
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft’s vulnerability volume stayed broadly stable, but critical flaws doubled year over year across Windows, Azure, Dynamics 365, and Office, increasing the likelihood of high-impact compromise even without a spike in total disclosures. The trend matters because the riskiest issues are now concentrated in privilege escalation and information disclosure flaws, which can enable stealthier access and lateral movement. For defenders, the signal is to prioritize exposure that expands attacker reach rather than relying on headline vulnerability counts alone.

Related Happenings

Microsoft CVD response for Windows Defender and BitLocker

Advisory/Mitigation
H score47 First: 28.05.2026 16:53 Last: 28.05.2026 16:53 Sources 1

About this happening: **Microsoft** is urging **Coordinated Vulnerability Disclosure (CVD)** and says it is developing **security updates** for **Windows components including Defender and BitLocker** a...

Microsoft May 2026 Patch Tuesday release

Security Patch Release
H score44 First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...

Latest development: 01.06.2026 15:30

Belgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.

CISA KEV order for BlueHammer patching

Public Sector Action
H score37 First: 23.04.2026 14:05 Last: 23.04.2026 14:05 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding **BlueHammer** to the **K...

Microsoft April 2026 Patch Tuesday security update (165 CVEs)

Security Patch Release
H score62 First: 15.04.2026 00:22 Last: 15.04.2026 00:22 Sources 1

About this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...

Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)

Vulnerability
H score55 First: 14.04.2026 20:41 Last: 14.04.2026 20:41 Sources 1

About this happening: Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...

Timeline

  1. 19.05.2026 17:00 2 articles · 1mo ago

    BeyondTrust publishes Microsoft vulnerability trend findings

    Initial Disclosure

    BeyondTrust highlighted Microsoft’s 2025 vulnerability landscape, stating that Microsoft disclosed 1,273 vulnerabilities and that critical issues doubled year over year from 78 to 157. The assessment said risk was concentrated in Elevation of Privilege and Information Disclosure flaws, with sharper critical increases in Microsoft Azure and Dynamics 365, Microsoft Windows Server, and Microsoft Office, and cited CVE-2025-55241 as a critical Entra ID flaw patched in July 2025 that could let an attacker forge tokens accepted across any tenant.

    Show sources