"The more urgent of the two zero-days is a SharePoint Server spoofing flaw, tracked as CVE-2026-32201, carrying a CVSS score of 6.5. Microsoft described the issue as improper input validation that lets an unauthenticated attacker perform spoofing over a network, potentially reading sensitive information and altering disclosed data."
"The second zero-day, CVE-2026-33825, was present in Microsoft Defender and was publicly known before today's patch. The privilege escalation bug can hand an attacker full SYSTEM-level access. Security researcher Jack Bicer of Action1 told TechRepublic that once this foothold is established, 'it allows full control over endpoints, enabling data exfiltration, disabling security tools, and lateral movement across networks.'"
Microsoft's recent security update addressed 165 vulnerabilities, including two zero-days. This update is one of the largest in the company's history, raising concerns among security researchers. The first zero-day, a SharePoint Server spoofing flaw, allows unauthenticated attackers to read and alter sensitive information. The second zero-day, found in Microsoft Defender, enables privilege escalation to SYSTEM-level access. Eight critical vulnerabilities were identified, with seven related to remote code execution, highlighting the urgency of the fixes.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]