1. Executive summary GreatXML is a public proof-of-concept, released on 10 June 2026 by the researcher Nightmare Eclipse / Chaotic Eclipse / MSNightmare, claiming a BitLocker bypass. The technique abuses the Windows Recovery Environment (WinRE), the state left behind by Microsoft Defender’s Offline Scan feature, and the legitimate processing of unattended setup answer files (unattend.xml).…
RoguePlanet: a new Microsoft Defender zero-day disclosed in the wake of Patch Tuesday Threat Intelligence · Vulnerability June 10, 2026 · Marc-Frédéric Gomez · 6 min read Just hours after the June 2026 fixes shipped, the researcher Nightmare Eclipse published a new exploit targeting Microsoft Defender. It works against Windows systems that are already up…
Patch Tuesday Analysis · May 2026 May 2026 Patch Tuesday: No Zero-Days for the First Time in 23 Months, but Three Unauthenticated 9.8 RCEs in the Queue Microsoft fixes 118 to 138 CVEs depending on methodology, including 16 critical, with no actively exploited or publicly disclosed vulnerability. First Patch Tuesday without a zero-day since June…
CTI Analysis · Unpatched Windows Vulnerability MiniPlasma: Chaotic Eclipse Reopens cldflt.sys and Revives the Question of Microsoft Patch Durability A fifth uncoordinated public disclosure in six weeks, a PoC targeting the Windows Cloud Files Mini Filter Driver, and an extraordinary claim: the CVE-2020-17103 patch would not be present on fully patched Windows 11 and Windows…
CTI Analysis · Critical Vulnerability BitLocker Is No Longer a Promise: What the YellowKey Case Reveals Two Windows zero-days disclosed without coordination, a researcher openly challenging Microsoft, and a phantom component in the Windows Recovery Environment whose true nature, bug or backdoor, no one can yet determine. Published May 14, 2026 Reading time 15 minutes…
Remote code execution via the Reading Pane, without user interaction Executive summary On May 12, 2026, as part of the monthly Patch Tuesday cycle, Microsoft released a fix for CVE-2026-40361, a critical use-after-free vulnerability (CWE-416) officially classified by the vendor as a “Microsoft Office Word Remote Code Execution Vulnerability” (1) (2). Researcher Haifei Li, founder…
On March 13, 2026, Microsoft released out-of-band update KB5084597 to remediate three remote code execution (RCE) vulnerabilities in the RRAS (Routing and Remote Access Service) MMC snap-in: CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. Attack surface and exploitation vector The vulnerability resides in the RRAS MMC snap-in used for remote server management. The attack vector is client-side: the…
Sources: Krebs on Security · BleepingComputer · Cisco TalosReference: Microsoft Security Update Guide, March 2026Target audience: Windows administrators, SOC teams, CERT/CSIRT, patch management leads Overview On March 10, 2026, Microsoft released its monthly Patch Tuesday security updates, addressing 79 vulnerabilities across Windows, Office, SQL Server, Azure, and several third-party components. Three vulnerabilities are classified as…
Executive Summary In January 2026, Microsoft’s Patch Tuesday addressed 114 vulnerabilities, including 8 Critical flaws primarily in Windows and Office. The release fixed multiple remote code execution (RCE) and elevation of privilege (EoP) bugs. Microsoft confirmed one actively exploited zero-day (CVE-2026-20805) and two publicly disclosed issues patched this month (CVE-2023-31096 and CVE-2026-21265). One publicly known…
