Microsoft’s Secure Boot has been broken for a decade and no one noticed until now

Further complicating the process, even the expiration of the Microsoft certificate that signed the shims, which took place late last month, isn’t enough to revoke the ones ESET identified.

A rogue’s gallery of defective shims

The shims identified by ESET authorize secondary components that are known to be vulnerable to various exploits. The Oracle shim, for instance, signs a binary vulnerable to CVE-2015-5381. Smolár said the skill required to exploit the vulnerability is low. Other vulnerable shims fail to support protections, such as MOK deny-list enforcement and SBAT enforcement, both of which came into effect after the affected shim was released. Still other identified shims contain vulnerabilities in their own code.

In the interest of brevity, many additional details included in Tuesday’s report are omitted from this article.

An unsettling prospect

As noted, these vulnerable shims can be used against Windows and Linux machines alike, although likely not Windows 11 Secured-core PCs in their default state. Any Windows user who has installed Microsoft’s June update batch is no longer vulnerable. Linux users should check the Linux Vendor Firmware Service or consult their distributor. Revocation statuses are available using the uefi-dbx-audit script.

The prospect that attackers have had the means to bypass Secure Boot for more than a decade through what amounts to hack-by-numbers scripts isn’t much of an endorsement of the mechanism proposed by Microsoft in partnership with hardware makers. As mentioned earlier, a key contributor to this debacle is its complexity.

“This is a solid rebuke of the entire secure boot model,” HD Moore, a firmware security expert, CEO and founder of runZero, and a long-time critic of Secure Boot, said in an interview. His complaints include Microsoft being the de facto root of trust for the entire UEFI platform, the inability of the protection to scale sufficiently, and the ability for components to boot even after top-level certificates expire.

“The end result is a huge number of unknown (to everyone but Microsoft) signed things that bypass Secure Boot—some of which can then be used to boot other things—and both have normal security bugs and other mistakes that mean they can be used to boot nearly anything,” Moore added. “The whole ecosystem is somewhat broken and needs a reboot.”

https://arstechnica.com/security/2026/07/microsoft-secure-boot-has-been-broken-for-most-of-its-existence/




The incredible shrinking Xbox: Five studios, 3,200 employees let go

Today’s announced layoffs also seem focused on reining in a large Xbox platform team, which Sharma said has grown “40% larger than they were at the start of this generation, even as our player base and playtime have declined.” That could have an outsized impact on the development of Project Helix, the recently announced hybrid console that will also play generic PC games.

Hit the road, small studios

Amid these layoffs, Microsoft is also executing a massive reversal of its studio acquisition spree that dates back to 2018. Compulsion Games (We Happy Few) and Double Fine Productions (Psychonauts) will “return to management” and operate independently with full control of their intellectual property, Sharma writes. Ninja Theory (Hellblade: Senua’s Sacrifice) and Undead Labs (State of Decay), meanwhile, have been purchased by other unnamed companies, while France’s Arkane Studios (Dishonored, Prey) is reviewing “potential strategic options” to operate outside of Xbox.

Sharma bluntly admitted that these smaller studio acquisitions have been a financial mistake for Microsoft, resulting in a loss of “64 cents for every dollar we invested” in a “typical year.” In recent years, Sharma writes that Xbox has “learned that we are not the best home for every type of studio” and that “it is neither possible nor desirable to own every great independent studio.”

The era that brought games like Hellblade: Senua’s Sacrifice to Xbox is over.

Credit: Arkane Studios

The era that brought games like Hellblade: Senua’s Sacrifice to Xbox is over. Credit: Arkane Studios

At the same time, some of the larger game studios Microsoft has acquired are still apparently considered very desirable parts of its portfolio. Mojang (Minecraft) and King (Candy Crush) will now report directly to Sharma, reflecting their outsize share of Microsoft’s monthly player base and the “critical geographic, demographic, and differentiation” they bring to the gaming division, Sharma writes. And across Activision, Blizzard, Bethesda, and Xbox Game Studios, Sharma writes that Microsoft will be “shifting investment to focus on higher priority projects.”

https://arstechnica.com/gaming/2026/07/the-incredible-shrinking-xbox-five-studios-3200-employees-let-go/




NYT slams Microsoft for building copyright-infringing supercomputer for OpenAI

NYT targets Microsoft supercomputer

In 2023, the NYT became the first major publisher to sue OpenAI. The prominent newspaper alleged that ChatGPT was illegally trained on its articles, infringed on its copyrights by outputting articles verbatim, and caused market harms by positioning ChatGPT as a substitute for a NYT subscription, as well as reputational harms by falsely attributing claims to NYT reporting. Additionally, ChatGPT outputs summarizing Wirecutter reviews robbed writers of commissions from lost clicks on affiliate links, the NYT alleged.

In the initial complaint, the NYT discussed Microsoft’s supercomputing systems as if they were providing generic cloud computing services. The updated complaint seeks to specify that the supercomputer was tailor-made to help OpenAI infringe and allege that it was built for the explicit purpose of training AI on copyrighted works without permission. And as the NYT alleged, its articles were more heavily weighted by this system, as both firms hoped to train models on the highest-quality journalism possible, so that level of writing could be confidently mimicked in outputs.

By building this “unusually complex” machine, Microsoft not only helped select the works that were infringed but also provided a means to seize copyrighted works without permission, the NYT alleged.

“Microsoft specifically designed it for the purpose of using essentially the whole Internet—curated to disproportionately feature Times Works—to train the most capable LLM in history,” the NYT alleged.

And now it’s allegedly unfairly profiting.

“Microsoft’s deployment of Times-trained LLMs throughout its product line helped boost its market capitalization by a trillion dollars in the past year alone,” the NYT alleged.

Model outputs show market harms, NYT alleged

For the NYT, outputs shared during discovery—including a huge chunk of users’ ChatGPT sessions—remain some of the strongest evidence that OpenAI and Microsoft built tools that allegedly replaced the NYT by producing near-verbatim excerpts of its copyrighted works.

In some cases, users told ChatGPT they were trying to skirt paywalls and were able to see significant chunks of articles by requesting to see the “next paragraph.” In other cases, “models simply spit out several paragraphs” without such finagling. To prove market harms caused by substitution, they shared examples in their complaints of side-by-side comparisons, as well as screenshots of allegedly infringing outputs:

https://arstechnica.com/tech-policy/2026/06/microsoft-built-supercomputer-to-help-openai-infringe-copyrights-nyt-alleged/




Microsoft adds another year to Windows 10 extended update program

Unlike many past Windows updates, Windows 11 required some users to buy new PCs with specific CPU technologies and a Trusted Platform Module (TPM). Microsoft was widely criticized for excluding perfectly serviceable PCs, and that’s turning into a problem in 2026. The AI-driven shortage of storage and memory has made system upgrades vastly more expensive, potentially slowing upgrades. Some have also avoided Windows 11 due to Microsoft’s intense focus on AI features.

The result is that Windows 10 remains stubbornly popular. According to StatCounter data, Windows 10 is still running on about 26 percent of PCs, while Windows 11 sits at 72 percent. That means there are still hundreds of millions of active Windows 10 installs, but those machines will be up to date for at least an additional year.

Credit: Microsoft

Credit: Microsoft

To join the ESU program, just look for the enrollment option in the Windows Update menu. Customers in the EU get these updates for free, but in other regions, you have to sign in with a Microsoft account and sync your system settings to be eligible for free updates. Otherwise, it costs $30 (or 1,000 Microsoft Rewards points) to join the program.

Once you’re in, the ESU license works on up to 10 devices, but Microsoft stresses this is for personal use—businesses have to pay per device for Windows 10 updates, but the program is available through 2028. But at this rate, Microsoft might be releasing Windows 10 updates even beyond that timeline.

https://arstechnica.com/gadgets/2026/06/microsoft-adds-another-year-to-windows-10-extended-update-program/




Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware

Microsoft, law enforcement, and several cybersecurity companies have collaborated to take down infrastructure shared by two widely used malware families: Amadey and StealC.

The action, part of the long-running Operation Endgame, involved the use of AI, legal action, and the exploitation of a vulnerability in a malware control panel, and resulted in hundreds of domains and servers being targeted for takedown. 

While many cybercrime operations have been disrupted in recent years as part of Operation Endgame, this one stands out because law enforcement and companies targeted what they described as the “cybercrime assembly line”. 

Making the rounds since 2018, Amadey is a malware-as-a-service loader that gives threat actors access to systems, enabling them to deliver secondary payloads. StealC is an infostealer that has been around since 2023, helping cybercriminals obtain credentials, cryptocurrency wallets, cookies, and other valuable data.

Amadey and StealC have often been used together — the former has enabled hackers to gain access to systems, while the latter has been used to steal information from the breached systems.

AI-powered analysis of the two malware families revealed that they use the same command-and-control (C&C) infrastructure, making it easier for Microsoft and its partners to conduct takedown activities.

Advertisement. Scroll to continue reading.

“This operation marked a shift in strategy: instead of focusing solely on individual threats, Europol, law enforcement and judicial authorities, as well as private industry partners disrupted the entire chain that allows cyberattacks to scale,” said Europol.

More than 25 million unique credentials stolen from over 385,000 systems were seized, and 18,000 compromised computers were identified and secured. Europol said crypto assets valued at more than $47 million were identified and flagged to restrict their use.

Researchers also discovered a vulnerability in the StealC C&C panel that enabled uploading a web shell to the server. While this flaw was exploited to collect data in support of the takedown operation, there is evidence that a StealC affiliate also used it to steal other affiliates’ data.

Microsoft, Europol, ESET, Bitsight, IBM X-Force, Proofpoint, and Japan’s Mitsui Bussan Secure Directions (MBSD) have published blog posts describing the action taken against Amadey and StealC.

The announcement comes shortly after law enforcement and cybersecurity companies worked together to take down the SocGholish botnet

Related: Russian Initial Access Broker Behind FortiBleed Campaign

Related: New ‘Mistic’ RAT Opens Door to Several Ransomware Families

Related: CryptoBandits Malware Doubles as a Backdoor, Abuses Tor

https://www.securityweek.com/microsoft-and-allies-smash-shared-infrastructure-of-amadey-and-stealc-malware/




Nadella (Microsoft) contro i signori dell’AI, meglio i modelli low cost e a sorpresa apre a DeepSeek

Il CEO di Microsoft Nadella contro il modello Silicon Valley: “L’AI non può essere nelle mani di pochi”

Per anni Satya Nadella è stato considerato il grande regista silenzioso della rivoluzione dell’intelligenza artificiale (AI). È stato lui, prima di molti altri, a intuire il potenziale di OpenAI e a investire decine di miliardi di dollari per trasformare ChatGPT da una promettente startup in uno dei protagonisti assoluti della nuova economia digitale. Oggi, però, il CEO di Microsoft sembra voler prendere le distanze proprio dalla traiettoria che ha contribuito a costruire.

In una lunga intervista al Wall Street Journal, Nadella ha delineato una visione alternativa dell’AI, criticando implicitamente il modello dominante che negli ultimi anni ha guidato la corsa all’intelligenza artificiale: pochi attori globali, modelli sempre più grandi, consumi energetici enormi, investimenti senza limiti e una narrazione pubblica spesso costruita attorno a scenari apocalittici.

Il messaggio è chiaro: l’attuale paradigma non è sostenibile né economicamente né socialmente.

La critica ai “signori dell’AI” e a un modello di sviluppo orientato al gigantismo

Senza mai citare direttamente OpenAI, Anthropic o Google, Nadella mette in discussione il presupposto su cui si fonda la corsa ai cosiddetti modelli di frontiera, i sistemi più avanzati e costosi oggi disponibili. Secondo il manager indiano-americano, il rischio è che una ristretta élite tecnologica finisca per concentrare nelle proprie mani una quantità eccessiva di potere cognitivo, economico e politico.

La proposta di Nadella è quasi una contro-rivoluzione rispetto all’immaginario dominante della Silicon Valley. Negli ultimi anni il settore ha vissuto una sorta di competizione permanente per costruire modelli sempre più potenti, alimentati da quantità crescenti di dati, chip e capacità computazionale. L’idea implicita era semplice: più grande è il modello, migliore sarà il risultato.

Non si può dire che tutti i lavori impiegatizi spariranno, che l’intelligenza artificiale potrebbe diventare un’arma e allo stesso tempo chiedere di costruire data center sempre più grandi”, osserva Nadella. Una critica diretta a quella retorica che negli ultimi anni ha alternato promesse di prosperità illimitata a previsioni catastrofiche sulla fine del lavoro umano o addirittura sull’estinzione della specie.

Dietro questa affermazione si intravede una questione fondamentale: la governance dell’AI. Chi decide come apprendono questi sistemi? Chi controlla i dati? E chi stabilisce le regole? Fino ad oggi le risposte sono rimaste concentrate nelle mani di pochissimi soggetti privati. I cittadini non accetteranno oltre modo questa situazione.

Piccolo è più bello (e meno costoso)

Microsoft sembra invece voler scommettere su una logica diversa. Nelle ultime settimane l’azienda ha presentato una serie di modelli a basso costo e nuove funzionalità che permettono agli utenti di scegliere quale AI utilizzare a seconda delle esigenze. L’obiettivo è ridurre la dipendenza dai sistemi più costosi e abbassare drasticamente il prezzo dell’intelligenza artificiale.

Secondo Nadella il futuro non sarà dominato da un singolo “cervello universale“, ma da una pluralità di modelli con differenti livelli di costo, specializzazione e prestazioni.

Una visione che richiama l’evoluzione di internet: da una rete inizialmente controllata da pochi grandi operatori a un ecosistema distribuito di servizi, applicazioni e piattaforme.

Copilot cambia pelle e mette l’utente al centro

In questo scenario anche Copilot assume un ruolo diverso. Lanciato inizialmente come risposta di Microsoft a ChatGPT di OpenAI, il prodotto non sembra più destinato a diventare il modello AI dominante del mercato. Piuttosto, potrebbe trasformarsi in una piattaforma neutrale capace di orchestrare diversi modelli e diversi fornitori.

La nuova strategia consiste nel mettere l’utente al centro, lasciandogli la possibilità di scegliere quale intelligenza artificiale utilizzare per ogni attività. Se questa impostazione verrà confermata, Copilot assomiglierà meno a un concorrente diretto di ChatGPT e più a un sistema operativo dell’intelligenza artificiale, capace di integrare modelli differenti e di gestire flussi di lavoro complessi.

È un cambiamento significativo perché sposta il valore dalla costruzione del modello alla gestione dell’ecosistema.

Il caso DeepSeek e la guerra dei prezzi

L’elemento più sorprendente della strategia di Microsoft riguarda però DeepSeek. L’azienda cinese è diventata negli ultimi mesi il simbolo di un approccio radicalmente diverso all’AI: modelli meno costosi, maggiore efficienza e costi operativi ridotti rispetto ai colossi americani.

Microsoft starebbe valutando la possibilità di ospitare una versione di DeepSeek all’interno del proprio ecosistema.

Se ciò accadesse, sarebbe un segnale fortissimo. Da un lato significherebbe riconoscere che il valore dell’AI non coincide necessariamente con il possesso del modello più potente. Dall’altro aprirebbe una vera e propria guerra dei prezzi contro OpenAI e Anthropic (che comunque è già iniziata), costrette a giustificare costi molto più elevati.

Non è un caso che proprio OpenAI e Anthropic abbiano accusato DeepSeek di aver utilizzato tecniche di distillazione per replicare parte delle capacità dei loro sistemi.

Dietro la disputa tecnica si nasconde una questione strategica: se modelli più economici riescono a offrire prestazioni sufficientemente buone per la maggior parte delle applicazioni aziendali, l’intero modello economico dell’AI di frontiera rischia di entrare in crisi.

Una svolta o una necessità per Microsoft?

La domanda inevitabile è se questa nuova filosofia rappresenti una convinzione profonda o una necessità strategica.

Negli ultimi tempi Microsoft ha perso terreno nella corsa ai modelli più avanzati. In parole povere, Copilot non ce l’ha fatta. OpenAI continua a guidare il mercato consumer con ChatGPT, Google ha recuperato rapidamente terreno con Gemini e Anthropic si è ritagliata uno spazio importante nel settore enterprise.

Microsoft dispone di enormi risorse finanziarie e di una posizione dominante nel software aziendale, ma non possiede oggi un modello proprietario capace di competere apertamente con i leader del settore.

In questo contesto, trasformare i modelli in una commodity (cioè una risorsa ampiamente disponibile, il cui solo possesso non costituisce più una fonte di vantaggio competitivo, come è stato nei decenni per l’energia elettrica, la connettività Internet e il cloud computing) e spostare il valore verso la piattaforma potrebbe essere anche una risposta pragmatica a una corsa che l’azienda non è riuscita a vincere sul piano tecnologico.

In altre parole: se non puoi controllare il miglior modello, puoi cercare di controllare l’infrastruttura che collega tutti i modelli. E qui per noi utilizzatori si genera un ennesimo rischio. Come ha spiegato bene Crescenzo Coppola via social: “Sostenere che l’AI sia una commodity è una mezza verità. È una commodity nell’accesso. Ma può trasformarsi in una dipendenza nell’infrastruttura e in una vulnerabilità nei processi“.

La vera battaglia è guadagnarsi “il permesso sociale

Al di là delle strategie industriali, il punto più interessante dell’intervista riguarda il rapporto tra AI e società.

Nadella sostiene che il settore abbia ormai esaurito il tempo delle promesse e delle narrazioni futuristiche. Adesso deve dimostrare concretamente di poter creare opportunità economiche, proteggere i lavoratori e distribuire i benefici della tecnologia. Qui Microsoft probabilmente cercherà di giocare la sua prossima partita per ottenere un vantaggio competitivo sulle altre società tecnologiche.

Dobbiamo guadagnarci il permesso sociale”, ha affermato il CEO del gigante di Redmond. È forse la frase più importante di tutta l’intervista. La vera sfida non è costruire modelli più grandi. È convincere la società, noi tutti, che l’AI possa essere uno strumento di progresso condiviso e non l’ennesima concentrazione di potere nelle mani di pochi. Una sfida notevole, se pensiamo che in fondo Microsoft è da tutti e da sempre considerata parte di quei “pochi”.

Novità su Google, per aggiungere Key4Biz tra le tue fonti preferite, clicca qui

Aggiungi Key4Biz tra le tue fonti preferite

Leggi le altre notizie sull’home page di Key4biz

https://www.key4biz.it/nadella-microsoft-contro-i-signori-dellai-meglio-i-modelli-low-cost-e-a-sorpresa-apre-a-deepseek/576342/




Microsoft, Atom Computing, EeroQ update their quantum computing progress

That doesn’t mean the error-corrected qubit was fully stable. Eventually, one of the errors that inevitably occurred couldn’t be recovered from because too many of its individual atoms changed state at once. But performing normal error correction could keep some of these logical qubits stable for up to 90 rounds.

Again, that’s not good enough for any sort of sophisticated calculation. But it’s a lot closer than the company was before working out this technique.

Resonating

EeroQ is a startup with a distinct approach to qubits. A number of companies are looking into using the spin of electrons as their qubits, typically because it’s easy to fabricate chips that can manipulate electrons held in quantum dots. EeroQ is making its chips with lots of tiny pools that can hold a drop of liquid helium. When an electron is placed on that drop, it has nowhere to go because helium hates to carry an extra electron. So, the lone electron just floats on the surface.

Which is great, but it was already well-established physics long before the company launched. The problem was that nobody had figured out a method to interact with the electron in useful ways.

Recently, the company released a manuscript describing a new version of its chip, one with a small resonator next to the helium-filled pool. They showed that this resonator could couple with the movement of the electron, which is kept from hitting the walls of the pool by an electrical field. Since the electron’s motional states are quantized, the resonator adopts one or two states during the experimental procedure, which is the potential building block of a qubit.

Again, that’s nowhere near having functional computing hardware. But again, it’s this sort of incremental work that’s needed if any of these technologies is going to live up to its promise.

https://arstechnica.com/science/2026/06/microsoft-atom-computing-eeroq-update-their-quantum-computing-progress/




Microsoft plans Linux tools and an RTX Spark desktop for Windows developers

Microsoft’s Build developer conference kicked off today, and as with almost everything the company has done in the last few years, Microsoft’s opening keynote focused overwhelmingly on AI and other closely related technologies. There’s Microsoft Scout, an OpenClaw-based “Autopilot” agent that can hook into Microsoft 365 data to perform tasks for users; several new AI models; an expanded preview of “Codename MDASH,” which is a “multi-model agentic scanning system” meant to detect and fix software vulnerabilities.

A few of those announcements stood out to us as particularly interesting, either for esoteric technical reasons or because they seem like they may have some utility for those who aren’t spending their every waking moment using generative AI tools. (Microsoft’s recent efforts to make its flagship operating system faster, more reliable, more useful, and less annoying didn’t really come up, but there have been plenty of other announcements on that front lately.)

On the hardware front, we didn’t get any updates for existing Surface devices (not counting yesterday’s Surface Laptop Ultra announcement), but we did get something new: the Surface RTX Spark Dev Box is “a compact developer PC” built around Nvidia’s new RTX Spark chip with up to 128GB of built-in memory.

The Dev Box looks a little like a cartoon anvil or piano fell onto an Xbox Series X and flattened it. Its aluminum casing was designed “to double as a heatsink,” and its preloaded version of Windows 11 Pro will include a “purposeful” set of developer-centric default settings and preinstalled tools.

This is a follow-up of sorts to the Windows Dev Kit 2023, also known as “Project Volterra.” This Qualcomm Snapdragon 8cx Gen 3-powered PC was essentially the system board from a Surface Pro tablet stuffed into a plastic box, and it was introduced alongside Arm-native versions of several Microsoft developer tools. It helped to set the stage for the Arm-based flagship Surface devices that launched the next year, which benefitted from a better and faster x86-to-Arm code translation technology called Prism and a greater number of Arm-native third-party apps that didn’t need to be translated in the first place.

https://arstechnica.com/gadgets/2026/06/microsoft-plans-linux-tools-and-an-rtx-spark-desktop-for-windows-developers/




Microsoft’s Project Solara is an Android OS designed for agents instead of apps

However, Microsoft is clear that this is still just a concept. None of it works, but the company is committed to spending money on it as part of its massive AI expansion plans.

Agentic concepts

Microsoft has shown off two concept devices that illustrate where it hopes to go with Project Solara. The more conventional is the Desk Concept, which looks like a typical smart display. It’s got a touchscreen, microphones, and a camera. While you sit at your desk, this gadget would keep you apprised of what your theoretical AI agents are doing on your behalf. It can act as a secondary monitor or become a standalone Windows PC with Windows 365 cloud computing. This concept is built around MediaTek IoT chips.

The other Solara concept skews weirder. What if the work badge at the end of your lanyard had a touchscreen, 5G connectivity, a camera, microphones, and a fingerprint scanner? That’s the Badge Concept. It would have the same Solara software, piping in generative interfaces from your preferred AI agent. Microsoft envisions this Qualcomm-based device providing biometric-authenticated access to your agents—just tap the sensor and start telling your personal robot what to do. It could also record and summarize meetings and use the camera to “take action on the environment,” whatever that means.

You can’t even get in line to buy either of these devices. Microsoft’s next step is to demo its agent-first devices with industry partners, including AccuWeather, Best Buy, CVS Health, Levi’s, and Target.

Microsoft has struggled to branch out beyond traditional computing and enterprise services, having tried and failed on numerous occasions to gain a foothold in mobile computing. With AI, Microsoft was uncharacteristically at the forefront of change. With its OpenAI deal sputtering, the company is now looking to the future, and this is it: agents instead of apps.

[embedded content]

This is an interesting pitch for how we might actually use AI agents, and it’s not coming totally out of left field. Google is also pursuing agentic interfaces in its search products. At I/O, Google previewed new agent-first search tools that can instantly build dashboards and mini-apps based on your search queries.

As vague and pie-in-the-sky as Project Solara may be, Microsoft is pretty in tune with the rest of big tech’s AI plans. If any of it works, we can only hope it doesn’t lead to a new generation of touchscreen millstones around our necks.

https://arstechnica.com/gadgets/2026/06/microsofts-project-solara-is-an-android-os-designed-for-agents-instead-of-apps/




Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

Six Microsoft 365 Android apps contain an identical flaw that could risk billions of downloads being compromised.

The findings, shared exclusively with SecurityWeek ahead of the expected public release of the research on Tuesday, were uncovered by Enclave, an AI-powered exploitable bug hunter. It is nothing more than a single debug flag being left in the production code of Word, PowerPoint, Excel, Microsoft 365 Copilot, Microsoft Loop and OneNote for Android. Someone left debug mode enabled in production: – set IsDebugMode(true). This was enabled across all six apps, but was not enabled in other Microsoft (MS) apps such as Teams. These were not affected by any consequent potential exploitation attempt.

The effect of such debug flags varies. Sometimes the purpose is simply to affect logging or to test output. “This one changed the behavior around account access token sharing,” explains Enclave reporting its findings. “With debug mode enabled, the protection that should have blocked untrusted apps from receiving tokens was skipped.”

Microsoft’s intention is to allow easy passage for its authorized customers from one MS app to another MS app on the same device, without requiring new login authorization from the Android user each time. So, the code in the apps is designed to pass access tokens to the other MS apps – but crucially, not do so for any other Android app. The effect of this debug flag omitted the restriction on non-MS apps, and the result was that Android MS access tokens were handed to any Android app that requested them.

To exploit this flaw, an attacker could write code requesting MS access. It could be a separate app or code within a doctored Android app. The only requirement would be to get that app onto as many Android devices as possible.

“The attacker could just write a snippet that is 15 lines of code. It just seeks access to the MS app and is given the token,” explains Yanir Tsarimi, co-founder and CPO at Enclave. “It doesn’t get any simpler than that, because it’s just a feature that is supposed to be there.”

Advertisement. Scroll to continue reading.

The flaw is not in handing over the access token, but in leaving a debug line that limits this handover to a request from the other MS apps installed on the Android device. “It was just a simple mistake that in this case is very painful.” One simple mistake potentially impacted apps totaling billions of downloads.

Tsarimi gave a potential exploitation scenario. “Suppose you are a mobile device game developer with auto update and 10,000 users. You write the malicious exploit code seeking access to the affected MS apps and include it within an update that gets delivered to your 10,000 users. Auto update installs it. The malicious code stealthily requests access to any MS app on the user’s Android, receives the token and quietly sends it back to you.”

In such a case, the victim may see nothing and be aware of nothing – but the attacker gets the token. “The owner of the app can do whatever they want with those tokens,” adds Tsarimi. “It’s essentially a supply chain attack, just from a different direction.”

The user sees nothing, confirms the report. “But from the attacker’s side, those tokens were enough to act through the Microsoft account and access the app that had just handed them over. We confirmed the issue in [all six of the MS] Android apps.” 

Potential misuse of the tokens is huge. They are Microsoft FOCI tokens that could be reused and refreshed over long periods without anyone noticing. “Any attacker-controlled app could gain full access to Microsoft account data exposed through the affected app context,” warns Enclave. “This could be emails, files, documents, communications, and calendar information. It could also allow the attacker to read sensitive information, modify documents, or send communications through the access exposed by the token.”

The firm reported the issues to Microsoft, and all were quickly confirmed. Microsoft fixed the flaws and issued CVE numbers CVE-2026-41100, -41101 and -41102 on May 12. Relevant patches were distributed through the firm’s Patch Tuesday mechanism, other than -41102 (the vulnerability in PowerPoint for Android) which was fixed and pushed as a patched build to the Google Play Store also on May 12.

Android users should now be safe, provided their patching is up to date.

“We reported the issues to MSRC, and all of them were confirmed and fixed,” concludes Enclave. “But the important part is this: a development setting reached production in several major apps and changed the behavior of a system protecting account access. That should be hard to do by accident. Here, it was not hard enough.”

Related: New BTMOB Android Malware Enables Full Device Takeover

Related: Critical Remote Code Execution Vulnerability Patched in Android

Related: Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge

Related: Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users

https://www.securityweek.com/exclusive-how-one-line-of-code-put-billions-of-microsoft-android-app-downloads-at-risk/