Security Detection Report
The latest Security Detection Report coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Teams Admin Center to Get Unified Security Detection Report for Impersonation and Malicious Links
Microsoft is set to introduce a Security Detection Report in the Teams admin center in August 2026, offering a unified view of impersonation, malicious URLs, and file-based threats detected in Teams messages. The report centralizes data from Microsoft Defender for Office 365, enabling admins to quickly investigate and remediate security incidents without switching between portals. It marks a significant step in securing enterprise collaboration platforms against modern attacks.
Microsoft Details Secure Boot Certificate Block That Could Erode Windows Security
Microsoft's KB5105943 explains why some Windows 10, 11, and Server devices are blocked from receiving updated Secure Boot certificates. The block maintains bootability but gradually erodes security by leaving systems with outdated trust anchors. Remediation requires OEM firmware updates or, in some cases, hardware replacement.
Microsoft Extends Hotpatch Support for Windows Server 2022 Azure Edition to 2027, Cutting Reboots
Microsoft has extended hotpatch support for Windows Server 2022 Datacenter: Azure Edition through October 2027, allowing Azure VMs to receive monthly security updates without rebooting. This reduces downtime and simplifies patch management for enterprise workloads. The extension ensures continued security compliance with minimal disruption.
CISA Urges Immediate Patching as SimpleHelp OIDC Auth Bypass Exploited in Attacks
CISA added CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw allows attackers to gain administrative access to remote support servers, posing a severe supply-chain risk. Organizations must patch immediately and audit OIDC configurations.
Microsoft Plans to Make Sysmon a Native Windows 11 Security Tool by 2026
Microsoft is reportedly integrating the Sysmon system-monitoring tool directly into Windows 11 as an optional built‑in feature, expected in a 2026 update. This move promises to bring advanced forensic logging to every user, simplifying deployment and boosting endpoint visibility without the need for separate installation and configuration. The integration would bridge the gap between security teams and IT operations while maintaining compatibility with existing Sysmon configurations and community‑driven rulesets.
Microsoft Adds Another Year to Windows 10 Consumer Security Patches, Pushing Deadline to 2027
Microsoft has extended its consumer Windows 10 Extended Security Updates program by an extra year, now lasting until October 2027. The move gives millions of users with incompatible hardware a longer safety net, potentially slowing Windows 11 adoption. Paid annual subscriptions will keep security patches flowing after Windows 10's retirement in October 2025.
Windows 11 Runs on DDR1 RAM and AGP Graphics: The Hack That Defies Microsoft’s Hardware Floor
An enthusiast managed to install Windows 11 on a 2004 ASRock motherboard with DDR1 memory and an AGP graphics card after modifying GPU drivers and bypassing CPU/TPM checks. The hack rekindles the debate over Microsoft's strict hardware requirements, pitting the need for security against the lifespan of older but still functional PCs.
Riot Vanguard No Longer Auto-Starts With Windows — Kernel Anti-Cheat Goes On-Demand
Riot Games has started rolling out Vanguard On-Demand, a major update to its kernel-level anti-cheat system that stops the driver from loading at boot and instead activates only when a protected game launches. The feature requires Secure Boot and TPM 2.0, effectively pushing users toward Windows 11, and is live first for League of Legends with Valorant to follow later. The change improves boot times, reduces system resource usage, and addresses long-standing privacy concerns while maintaining robust cheat detection.
South Africa's SITA Issues 5-Year Tender for SD-WAN and Wireless Networks, Putting Windows Security and POPIA in Focus
South Africa's SITA has issued a five-year transversal networking tender covering LAN, wireless, WAN, and SD-WAN, raising critical implications for Windows network administration, POPIA data masking compliance, and security risks. The contract demands zero-trust integration with Windows Server and Active Directory, rigorous data protection measures, and governance frameworks that will challenge legacy government IT systems.
WSL 2.7.10 Ships with Critical TOCTOU Fix for SYSTEM Token Impersonation in VHD Restore
Microsoft released WSL 2.7.10 on June 26, 2026, fixing a TOCTOU vulnerability that allowed SYSTEM token impersonation via path re-resolution during VHD restore. The update hardens the restore process to prevent race condition attacks, and users are urged to apply it immediately.
Microsoft Purges 119 Edge Extensions in StegoAd Takedown: The Steganography Malware Campaign Exposed
Microsoft removed 119 malicious Edge extensions on June 16, 2026, as part of the StegoAd campaign takedown. The extensions used steganography to hide malware in images, evading detection and compromising over 2.5 million devices. The incident highlights the growing risk of browser supply chain attacks and prompted Microsoft to implement stricter extension security policies.
Reboot-Free Security Continues: Microsoft Extends Hotpatching for Windows Server 2022 Azure Edition
Microsoft has unexpectedly prolonged hotpatching support for Windows Server 2022 Datacenter: Azure Edition, delaying the end-of-life that many administrators had anticipated. The move ensures that Azure VMs can continue receiving monthly security updates without reboots, reducing operational overhead and downtime.
Riot Vanguard On-Demand Mode Ends Always-On Kernel Anti-Cheat, Requires TPM 2.0 and Secure Boot
Riot Games is rolling out Vanguard On-Demand, a new mode for its kernel-level anti-cheat that only loads the driver when you launch supported games like Valorant, ending the controversial always-on approach. The feature requires a Windows 11 PC with TPM 2.0 and Secure Boot enabled, leveraging hardware-backed security to maintain anti-tamper integrity. This shift addresses long-standing privacy and performance concerns while aligning with Microsoft's push for a hardened Windows ecosystem.