Microsoft ecosystem exploited
Key Questions
What vulnerabilities were addressed in May 2026 Patch Tuesday?
Microsoft released fixes for 130 vulnerabilities, including 30 critical ones, covering Defender, Exchange and Windows components.
What is the YellowKey BitLocker bypass?
CVE-2026-45585 is a zero-day that allows attackers with physical access to bypass BitLocker encryption on Windows devices. A public PoC and Microsoft mitigation are available.
Which Microsoft Defender flaws are being actively exploited?
Two Defender CVEs (including CVE-2026-41091) have been added to CISA's KEV list after observed exploitation in enterprise environments.
What is the Exchange OWA zero-day CVE-2026-42897?
The flaw allows a single malicious email to hijack an entire Exchange session. It is under active exploitation with no patch yet available for some versions.
Why is urgent patching required for these Microsoft issues?
Several flaws are already being exploited in the wild and affect widely used enterprise services. CISA has set short deadlines for federal agencies.
What mitigation exists for the YellowKey vulnerability?
Microsoft published a mitigation that organizations can apply immediately while awaiting a full patch. Physical security controls are also recommended.
Are there other zero-days affecting the Microsoft ecosystem?
Yes, additional zero-days target BitLocker and privilege controls, with public proof-of-concept code released by researchers.
What is the risk level of the Exchange bug for federal agencies?
Federal agencies have only days to patch before the CISA deadline; one booby-trapped email can compromise an entire Exchange deployment.
May 2026 Patch Tuesday; Defender CVEs (CISA KEV); Exchange OWA CVE-2026-42897; new BitLocker 'YellowKey' zero-day bypass (PoC public). Urgent patching required.