Microsoft gives the FBI the ability to decrypt BitLocker in response to court orders: about twenty times per year.
Itβs possible for users to store those keys on a device they own, but Microsoft also recommends BitLocker users store their keys on its servers for convenience. While that means someone can access their data if they forget their password, or if repeated failed attempts to login lock the device, it also makes them vulnerable to law enforcement subpoenas and warrants.
Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled. [...]
Microsoft has fixed a known issue that was causing the password sign-in option to disappear from the lock screen options after installing Windows 11 updates released since August 2025. [...]
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due toΒ security vulnerabilities that expose organizations to cyberattacks. [...]
Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a recentΒ update. [...]
Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues. [...]
Microsoft has linked recent reports of Windows 11 boot failures after installing the January 2026 updates to previously failed attempts to install the December 2025 security update, which left systems in an "improper state." [...]
Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files.
Microsoft pushed the emergency patch for the zeroβday, tracked as CVE-2026-21509, and classified it as a βMicrosoft Office Security Feature Bypass Vulnerabilityβ with a CVSS score of 7.8 out of 10.
The flaw allows attackers to bypass Object Linking and Embedding (OLE) mitigations that are designed to block unsafe COM/OLE controls inside Office documents. This means a malicious attachment could infect a PC despite built-in protections.
In a real-life scenario, an attacker creates a fake Word, Excel, or PowerPoint file containing hidden βminiβprogramsβ or special objects. They can run code and do other things on the affected computer. Normally, Office has safety checks that would block those mini-programs because theyβre risky.
However, the vulnerability allows the attacker to tweak the fileβs structure and hidden information in a way that tricks Office into thinking the dangerous miniβprogram inside the document is harmless. As a result, Office skips the usual security checks and allows the hidden code to run.
As code to test the bypass is publicly available, increasing the risk of exploitation, users are under urgent advice to apply the patch.
Updating Microsoft 365 and Office
How to protect your system
What you need to do depends on which version of Office youβre using.
The affected products include Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps (both 32βbit and 64βbit).
Office 2021 and later are protected via a serverβside change once Office is restarted. To apply it, close all Office apps and restart them.
Office 2016 and 2019 require a manual update. Run Windows Update with the option to update other Microsoft products turned on.
If youβre running build 16.0.10417.20095 or higher, no action is required. You can check your build number by opening any Office app, going to your account page, and selecting About for whichever application you have open. Make sure the build number at the top reads 16.0.10417.20095 or higher.
What always helps:
Donβt open unsolicited attachments without verifying them with a trusted sender.
Treat all unexpected documents, especially those asking to βenable contentβ or βenable editing,β as suspicious.
Keep macros disabled by default and only allow signed macros from trusted publishers.
Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files.
Microsoft pushed the emergency patch for the zeroβday, tracked as CVE-2026-21509, and classified it as a βMicrosoft Office Security Feature Bypass Vulnerabilityβ with a CVSS score of 7.8 out of 10.
The flaw allows attackers to bypass Object Linking and Embedding (OLE) mitigations that are designed to block unsafe COM/OLE controls inside Office documents. This means a malicious attachment could infect a PC despite built-in protections.
In a real-life scenario, an attacker creates a fake Word, Excel, or PowerPoint file containing hidden βminiβprogramsβ or special objects. They can run code and do other things on the affected computer. Normally, Office has safety checks that would block those mini-programs because theyβre risky.
However, the vulnerability allows the attacker to tweak the fileβs structure and hidden information in a way that tricks Office into thinking the dangerous miniβprogram inside the document is harmless. As a result, Office skips the usual security checks and allows the hidden code to run.
As code to test the bypass is publicly available, increasing the risk of exploitation, users are under urgent advice to apply the patch.
Updating Microsoft 365 and Office
How to protect your system
What you need to do depends on which version of Office youβre using.
The affected products include Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps (both 32βbit and 64βbit).
Office 2021 and later are protected via a serverβside change once Office is restarted. To apply it, close all Office apps and restart them.
Office 2016 and 2019 require a manual update. Run Windows Update with the option to update other Microsoft products turned on.
If youβre running build 16.0.10417.20095 or higher, no action is required. You can check your build number by opening any Office app, going to your account page, and selecting About for whichever application you have open. Make sure the build number at the top reads 16.0.10417.20095 or higher.
What always helps:
Donβt open unsolicited attachments without verifying them with a trusted sender.
Treat all unexpected documents, especially those asking to βenable contentβ or βenable editing,β as suspicious.
Keep macros disabled by default and only allow signed macros from trusted publishers.
Microsoft plans to introduce a call reporting feature in Teams by mid-March, allowing users to flag suspicious or unwantedΒ calls as potential scams or phishing attempts. [...]
Microsoft is investigating reports that some Windows 11 devices are failing to boot with "UNMOUNTABLE_BOOT_VOLUME"Β errors after installing the January 2026 Patch Tuesday security updates. [...]
Microsoft has released emergency, out-of-band updates on Saturday for Windows 10, Windows 11, and Windows Server to fix an issue that prevented Microsoft Outlook classic from opening when using PSTs stored in cloud storage. [...]
Two malicious extensions inΒ Microsoft's Visual Studio Code (VSCode) Marketplace that were collectively installedΒ 1.5 million times, exfiltrate developer data toΒ China-based servers. [...]
Microsoft will soon add new fraud protection features to Teams calls, warning users about external callers who attempt to impersonate trusted organizations in social engineering attacks. [...]
Login
