Microsoft Exchange hacked, Defender broken, BitLocker bypassed
Microsoft is facing significant security challenges, including an unpatched spoofing vulnerability in Exchange Server and multiple flaws in Defender. A new exploit, YellowKey, allows bypassing BitLocker protection, raising concerns about physical security. Despite some patches being released, critical vulnerabilities remain, necessitating immediate attention from organizations.
- ▪Microsoft's Exchange Server has a critical spoofing vulnerability that is actively being exploited.
- ▪A new exploit called YellowKey allows attackers to bypass BitLocker protection on devices without a PIN.
- ▪Microsoft has released updates for some vulnerabilities but the Exchange flaw remains unpatched.
Opening excerpt (first ~120 words) tap to expand
News Microsoft Exchange hacked, Defender broken, BitLocker bypassed Microsoft's May Patch Tuesday looked quiet. Since then, there's been an unpatched Exchange CVE, three Defender flaws, and a new BitLocker bypass. By Frank Ziemann Contributor, PCWorld May 22, 2026 8:08 am PDT Image: Frank Ziemann / Foundry Summary created by Smart Answers AIIn summary:PCWorld reports that Microsoft faces multiple critical security breaches, including an actively exploited Exchange Server spoofing vulnerability and a BitLocker bypass exploit called YellowKey.The vulnerabilities affect core Microsoft products like Defender, Edge, and Authenticator apps, with attackers gaining unauthorized system access and bypassing security protections.While Microsoft has patched some issues and reversed Edge’s plaintext…
Excerpt limited to ~120 words for fair-use compliance. The full article is at PCWorld.
Discussion
0 commentsMore from PCWorld
