Forbes: Update Windows Now — Microsoft Confirms System Takeover Danger
Forbes included a finding from NetSPI senior security consultant, Joshua Murrell, in a story that warned Microsoft Windows users about critical security vulnerabilities that require immediate updates. Murrell identified and reported on CVE-2025-26685, a vulnerability affecting Microsoft Defender for Identity, a vulnerability that shows the real-world risks that major companies such as Microsoft face.
+ + +
Microsoft users are starting to get all too familiar with being advised to act now, as confirmation of security threat after security threat is made. A Windows secure boot bypass, and attacks exploiting vulnerabilities against Windows 10 and 11 users both require users to update now. That advice is all too clearly warranted as Microsoft has confirmed yet another Windows vulnerability that demands urgent update attention, and this one can lead to a system takeover. Here’s what you need to know about CVE-2025-33073, and what you need to do. Hint: update Windows now!
CVE-2025-26685: A Microsoft Defender Attack Vulnerability For Windows Users
Joshua Murrell, a senior security consultant at NetSPI, has confirmed that CVE-2025-26685, a spoofing vulnerability impacting Microsoft Defender for Identity, can elevate privileges for a successful attacker. It’s important to note that CVE-2025-26685 alone is not enough to undertake an attack on Windows users, but when combined with other vulnerabilities in a chained attack, it becomes part of a potent exploit weaponisation that can lead to escalated privileges in Active Directory environments. In other words, the MDI sensor vulnerability, in conjunction with other vulnerabilities such as Active Directory Certificate Services vulnerabilities or Lightweight Directory Access Protocol relays, to create a domain machine account, according to Murrell. “This is not a part of the MDI sensor vulnerability,” Murrell said, “but an opportunity to demonstrate the impact it has on the environment.”
You can read the full story here.
Explore More News
When AI Starts Taking Action, Security Needs to Think Differently
CIO Influence interviewed NetSPI's Field CISO, Nabil Hannan, for an April 6, 2026 article about how AI systems are evolving from generating outputs to taking autonomous actions, amplifying existing vulnerabilities and requiring organizations to adopt proactive security measures and robust governance to mitigate risks.
Minneapolis Cybersecurity Firm NetSPI Eyes $80M-Plus Acquisitions to Fuel AI Push
Minneapolis/St. Paul Business Jounral interviewed NetSPI's President and CEO, Aaron Shilts, for an April 1, 2026 article about NetSPI pursuing acquisitions to expand its AI capabilities, enhance customer offerings, and maintain sustainable growth among evolving industry demands.
March 31 is World Backup Day. Here’s How to Protect Your Data Now
Forbes interviewed NetSPI's Field CISO, Nabil Hannan, for a March 31, 2026 article about World Backup Day and the importance of protecting data.