Microsoft CVD response for Windows Defender and BitLocker
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Microsoft is urging Coordinated Vulnerability Disclosure (CVD) and says it is developing security updates for Windows components including Defender and BitLocker after multiple zero-days were publicly disclosed. The response is aimed at reducing unnecessary risk for customers while Microsoft assesses impact and hardens affected systems. The company warned that releasing proof-of-concept details for unpatched vulnerabilities can create real-world consequences. The advisory posture is tied to active mitigation work and vendor coordination around the disclosed flaws.
Related Happenings
Microsoft Quantum Safe Program PQC transition
Advisory/Mitigation
H score25
First: 01.07.2026 00:20
Last: 01.07.2026 00:20
Sources 1
About this happening:
**Microsoft** is **accelerating** its **Quantum Safe Program** to move **critical products and services** to **post-quantum cryptography (PQC)** by **2029**, tightening the organi...
Microsoft Quantum Safe Program PQC transition
Advisory/MitigationAbout this happening: **Microsoft** is **accelerating** its **Quantum Safe Program** to move **critical products and services** to **post-quantum cryptography (PQC)** by **2029**, tightening the organi...
Microsoft hit by cyberattack
Incident
H score68
First: 09.06.2026 18:42
Last: 09.06.2026 18:42
Sources 1
About this happening:
A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Microsoft hit by cyberattack
IncidentAbout this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Microsoft SharePoint remote code execution (CVE-2026-45659)
Vulnerability
H score17
First: 26.05.2026 14:49
Last: 26.05.2026 14:49
Sources 1
About this happening:
**Microsoft SharePoint** **CVE-2026-45659** is a **remote code execution** vulnerability that lets an **authenticated attacker** with **Site Member** permissions run code over the...
Microsoft SharePoint remote code execution (CVE-2026-45659)
VulnerabilityAbout this happening: **Microsoft SharePoint** **CVE-2026-45659** is a **remote code execution** vulnerability that lets an **authenticated attacker** with **Site Member** permissions run code over the...
Microsoft security patch release for CVE-2026-45659
Security Patch Release
H score23
First: 26.05.2026 14:49
Last: 26.05.2026 14:49
Sources 1
About this happening:
Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...
Microsoft security patch release for CVE-2026-45659
Security Patch ReleaseAbout this happening: Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...
Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)
Vulnerability
H score39
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
How related:
Following disclosure, BlueHammer, RedSun, and UnDefend have all come under active exploitation in the wild.
About this happening:
Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...
Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)
VulnerabilityHow related: Following disclosure, BlueHammer, RedSun, and UnDefend have all come under active exploitation in the wild.
About this happening: Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...
Timeline
-
28.05.2026 16:53 2 articles · 1mo ago
Microsoft urges Coordinated Vulnerability Disclosure after Windows zero-day disclosures
Mitigation Patch UpdateMicrosoft urged researchers to use Coordinated Vulnerability Disclosure after multiple zero-day vulnerabilities affecting Windows components including Defender and BitLocker were publicly disclosed without prior vendor coordination. The company said the disclosures put customers at unnecessary risk and that its security teams are working around the clock to understand the impact, protect customers, and develop security updates; BlueHammer (CVE-2026-33825), RedSun (CVE-2026-41091), and UnDefend (CVE-2026-45498) are now under active exploitation in the wild.
Show sources
- Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal — thehackernews.com — 28.05.2026 16:53
- Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal — thehackernews.com — 28.05.2026 16:53