#microsoft
43 stories taggedmicrosoft · page 3 of 3.

Microsoft Cages the Agent: MXC, MDASH, and the Push to Govern Autonomous AI at Runtime
Microsoft is shipping a dedicated containment environment for agentic AI workloads, alongside open-source governance frameworks and expanded vulnerability-scanning capabilities — all aimed at reining in what autonomous coding agents can actually do.

Microsoft Threatened a Bug Hunter With Legal Action. Now It's Walking That Back.
A researcher dropped unpatched zero-days with working exploits. Microsoft's first response was to reach for the lawyers. That went poorly.

A Dev Flag Left Microsoft Account Tokens Exposed Across Billions of Android Installs
A single misconfigured development setting bypassed token-protection controls in Microsoft's Android apps. The blast radius was massive.

Microsoft and Researcher Nightmare Eclipse Trade Public Accusations Over Disclosure Gone Wrong
A researcher who published unpatched vulnerability details says Microsoft deleted his accounts and ruined his life. Microsoft says his drops put proof-of-concept code in criminals' hands. Neither is entirely wrong.

Gentlemen Ransomware Spreads Before It Encrypts — That's the Whole Point
Microsoft's analysis of the Go-based Gentlemen encryptor shows why lateral movement, not file-locking, is now the primary design goal of serious ransomware operations.

Microsoft's New Device Isolation in Defender: A Double-Edged Sword?
Microsoft introduces automatic device isolation in Defender for Endpoint, but potential risks loom.

Microsoft Catches Chatbots Pointing Users at Cryptojacking Sites
A campaign tracked by Microsoft Defender Experts is poisoning AI assistant answers so that download recommendations lead to miner-laden installers.

SharePoint's latest RCE bug hands attackers the keys with no extra paperwork
CVE-2026-45659 is a deserialization flaw that doesn't ask for much — and that's exactly why Microsoft is shipping fixes across every supported SharePoint Server build.

Microsoft Open-Sources Rampart and Clarity to Embed AI Agent Safety Into Dev Pipelines
Two new tools shift AI red-teaming left, targeting prompt injection and privilege escalation before code ships.

Microsoft Wires Agentic AI Into Edge for Business — With an Audit Leash Attached
A limited preview of Edge for Business introduces Copilot-driven task automation alongside Microsoft Purview controls that log, filter, and block sensitive data before it leaves the tenant.

When the Hardware Isn't There: Coaxing Vulnerable Drivers Into Range
BYOVD research keeps colliding with a stubborn problem — many kernel drivers refuse to talk unless their device is plugged in. New work shows how to make them talk anyway.

April Patch Tuesday Lands With 167 Microsoft Fixes, SharePoint Zero-Day Under Attack
BlueHammer Defender bug goes public, Adobe Reader flaw exploited since November, and Chrome ships its fourth zero-day of the year.

Microsoft Skips a Zero-Day for the First Time in Two Years. Nobody Wants to Talk About Why.
118 fixes shipped, none under active exploit, and a quiet Anthropic project keeps surfacing in vendor briefings. Microsoft, Apple and Oracle declined to discuss it on the record.