CVE-2026-45585
Public release of a proof-of-concept for a Windows security feature bypass (YellowKey) prior to patch availability significantly elevates attack risk and requires immediate mitigation measures across all Windows servers.
Comparing 20 May 2026 with the previous day 19 May 2026.
Public release of a proof-of-concept for a Windows security feature bypass (YellowKey) prior to patch availability significantly elevates attack risk and requires immediate mitigation measures across all Windows servers.
An RCE vulnerability in Microsoft Defender threatens the integrity of the company's endpoint protection infrastructure and could allow attackers to bypass defensive mechanisms.
YellowKey BitLocker bypass enables local encryption circumvention on Windows systems and requires immediate application of Microsoft mitigations across the company's infrastructure.
The vulnerability enables local privilege escalation through improper symlink resolution in Microsoft Defender, requiring an already-authorized attacker on the system.
Webworm leverages Microsoft Graph API and Discord for command-and-control, representing a novel attack vector against Microsoft 365-enabled organizations with implications for European government and industrial targets.
BSI advisory warning of multiple Microsoft Defender and Malware Protection Engine vulnerabilities without specific CVE numbers or exploitation evidence , typical of aggregated security alert or patch announcement.
A DoS vulnerability in Microsoft Defender is primarily an availability issue for endpoint protection infrastructure requiring prompt patching, but lacks active campaign activity or geopolitical implications for the DACH region.
BSI advisory on multiple MySQL vulnerabilities without specific CVE details; if MySQL is used as a database backend for SAP Business One or Abacus ERP, patches should be prioritized.
BSI advisory covers multiple Windows/Server vulnerabilities without specific CVE numbers , typically a Patch Tuesday aggregate or summary of multiple critical Microsoft security updates as part of routine release cycle.
YellowKey represents a novel BitLocker bypass technique requiring active mitigation deployment, signaling potential exploitation risk by state-sponsored actors targeting encrypted infrastructure.
Microsoft has released mitigations for a Windows zero-day (YellowKey) with no confirmed active exploitation in the wild yet, but it poses an immediate threat to Windows Server environments.
GreenPlasma and Nightmare Eclipse are actively exploitable Windows privilege escalation vulnerabilities with publicly available PoC exploits that work on fully patched systems and enable lateral movement and credential harvesting.
No changes in this category.
No changes in this category.
Active exploitation of an unpatched Microsoft Exchange zero-day without available patch indicates coordinated nation-state or APT campaign and requires immediate mitigation measures for affected production environments.
A security vulnerability in Microsoft Authenticator allows attackers to hijack user accounts and steal sensitive data,directly relevant for organisations relying on Entra ID and MFA-based authentication like Joel Traber AG.
Fox Tempest operation exposes state-sponsored malware-signing infrastructure used to bypass security controls and deploy ransomware,critical threat to Windows-based manufacturing environments.
Storm-2949 demonstrates how attackers leverage compromised identities for lateral movement across cloud-wide systems,a critical risk for organizations dependent on Microsoft 365 and Entra ID, especially in the DACH region facing elevated APT pressure.
BSI warning on multiple Edge vulnerabilities without specific CVE numbers or patch details; update status and exploitation reality remain unclear.
The attack bypasses MFA not through technical vulnerabilities, but via social engineering of fake device-login prompts that trick users into OAuth consent, exfiltrating tokens , a paradigm shift from technical to social attack patterns.
Attackers abuse Self-Service Password Reset as an entry point into Azure environments to compromise admin accounts and exfiltrate sensitive data,a tactic particularly effective against organizations with weak multi-factor authentication controls.