Microsoft vendor security report

Security & Breach News (last 12 months)

• CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog

  CISA added Microsoft vulnerabilities to its active exploitation catalog, with confirmed reports that Russia and North Korea have exploited these flaws. This represents confirmed vulnerability exploitation affecting Microsoft products.

  Cybersecurity DiveMay 2, 2026

  high
• Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

  Microsoft confirmed active exploitation of CVE-2026-32202, a high-severity vulnerability in Windows Shell that has been patched. The vulnerability is being actively exploited in the wild, warranting immediate attention and patching.

  The Hacker NewsMay 2, 2026

  high
• Salesforce Lawsuit Against Microsoft Puts AI Workflow Ambitions In Focus

  Salesforce and Slack have filed an antitrust lawsuit against Microsoft in the UK, challenging Microsoft's practice of bundling Teams with other products. This represents a significant regulatory and legal action directly involving Microsoft's business practices, though it is not a security incident, breach, or outage.

  Yahoo FinanceMay 2, 2026

  medium
• No Microsoft Patch—All Windows Versions Likely At Risk From PhantomRPC

  Microsoft has failed to patch a security vulnerability called PhantomRPC affecting all Windows versions that could enable privilege escalation attacks. This is a confirmed unpatched vulnerability posing a direct risk to Windows users.

  ForbesMay 2, 2026

  high
• Microsoft facing UK antitrust lawsuit from Slack over Teams 'bundling'

  Salesforce's Slack is suing Microsoft at London's High Court alleging anticompetitive practices related to Microsoft's bundling of Teams with other products. This represents a significant regulatory/legal action directly involving Microsoft's business practices.

  ReutersMay 2, 2026

  medium