Tom Degreef

Notepad++ just patched 2 critical CVEs allowing arbitrary code execution. Getting to 100% patch compliance fast is easier said than done. But with App Control for Business, it doesn't matter if a device isn't patched yet. ACFB only allows approved code to run — so even if an attacker tries to exploit the vulnerability, the code they try to launch simply won't execute. Patch it you should. Drop everything to do so? Not anymore. #wdac #acfb Full post: https://t.co/R4KinhK72L

🚨 New 7-Zip Flaws Let Attackers Execute Arbitrary Code and Compromise Systems Source: https://t.co/WqnpW3mfn2 A critical heap buffer overflow vulnerability has been disclosed in 7-Zip version 26.00, enabling attackers to achieve arbitrary code execution via a vtable hijack by exploiting a defect in the tool's NTFS archive handler. Tracked as CVE-2026-48095 and assigned advisory GHSL-2026-140, the flaw resides in the CInStream::GetCuSize() function inside NtfsHandler.cpp. The function computes the NTFS compression-unit buffer size using a 32-bit shift operation: (UInt32)1 << (BlockSizeLog + CompressionUnit). Users are strongly advised to update 7-Zip to a patched version v26.01 immediately and avoid opening untrusted archive files or disk images of any extension until a fix is applied. #cybersecuritynews

"We're actually working toward making PowerShell 7 be the default in the next version of Windows Server." "We'll probably make PowerShell &lt;5.1&gt; an optional component or a feature on demand, and then we'll have PowerShell 7 be the default." 🥳 Source: https://t.co/g9hjKJ0RCL

Controlled Configuration for Microsoft Defender antivirus settings is coming to Intune. Microsoft describes it as an extension of Tamper Protection (AKA v2 :) ?) , with cloud delivered policy (MMP-C) becoming the source of truth. That means Defender settings managed from Intune or Microsoft Defender for Endpoint security settings management should be better protected against local changes. This is a big shift in how Defender settings are protected and enforced. Read the blog to find out more! https://t.co/PMbMIpBpTw #Intune #MSIntune #Defender

In case you missed it in the February KB5077241 update, Microsoft quietly added two new PowerShell cmdlets for Secure Boot verification: Get-SecureBootSVN - checks the Secure Version Number of your firmware and bootloader and reports compliance status. This tells you whether your device is protected against boot manager rollback attacks (CVE-2023-24932). Get-SecureBootUEFI -Decoded - finally displays Secure Boot keys and certificates in a human-readable format.

New solution available on my membership platform: Intune Driver Update Report. Intune's Windows Driver Update profiles show you a count of affected devices. That's it. No device names, no user details, no way to drill down before you approve a driver that hits hundreds of machines. This tool pulls the per-device data Microsoft left out of the portal. One command collects everything through Graph API, a WPF viewer lets you filter, sort, and export. You see exactly which users and devices will receive a driver before you approve it. PowerShell 7, Graph SDK, read-only permissions. Runs from any admin workstation. Available now for members: https://t.co/QoUl6MqgLK