Eleven Vulnerable UEFI Shims Enable Secure Boot Bypass
Eleven forgotten Microsoft-signed UEFI shims can bypass Secure Boot on almost any machine
Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.
Search across headline titles and summaries.
Background for this topic.
Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.
Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.
Weekly headline count for the current query.
Eleven forgotten Microsoft-signed UEFI shims can bypass Secure Boot on almost any machine
Microsoft released fixes for a record 570 CVEs in its July Patch Tuesday update, as experts warn AI is dramatically accelerating vulnerability discovery and increasing patch volumes
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments
A new multi-purpose backdoor allows cyber threat actors to conduct both quiet espionage activity and destructive wiping operations
Microsoft has said the volume of Windows security updates is set to grow as it uses AI to find new bugs
More than 60 organizations, including M&S, Microsoft UK and Vodafone, have signed the UK government's Cyber Resilience Pledge, a new initiative aimed at boosting cyber security and resilience across British businesses
Microsoft has brought forward its timelines for transitioning to post-quantum cryptography (PQC)
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders
Microsoft has patched 200 vulnerabilities including three zero-days
Microsoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools
FSB-linked Gamaredon concealed a fileless worm in NTFS data streams to spy on Ukraine targets
Microsoft warned the disclosure of several unpatched vulnerabilities without notice has put “customers at unnecessary risk”
The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI
Microsoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat group
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition
Microsoft has patched 120 vulnerabilities in this month’s security update round