Microsoft has initiated a critical security hardening phase for Windows Active Directory domain controllers to address CVE-2026-20833, a Kerberos vulnerability that enables Kerberoasting attacks by allowing attackers to exploit weak RC4 encryption. The January 2026 security updates mark the beginning of a phased transition that will disable RC4 encryption by default and enforce AES-SHA1 as the standard encryption method for Kerberos authentication.

Source

Microsoft has started automatically updating Secure Boot certificates on eligible Windows 11 systems with the January 2026 security update. The update replaces certificates that are set to expire in June and October 2026, ensuring devices maintain boot security and continue receiving critical updates. Learn what admins need to know.

Source

Microsoft 365 users face a critical bug in Classic Outlook that prevents recipients from opening encrypted emails. In Classic Outlook, trying to open an encrypted email shows a specific error message in the Reading Pane: "This message with restricted permission cannot be viewed in the reading pane until you verify your credentials. Open the item to read its contents and verify your credentials." This issue stems from a client-side regression in how Classic Outlook handles encryption settings, and Microsoft is currently investigating the problem.

Source

Microsoft introduced hardware-accelerated BitLocker to address the performance overhead of disk encryption on modern high-speed NVMe drives. This feature offloads cryptographic operations from the main CPU to dedicated crypto engines in the system-on-chip (SoC), improving performance and enhancing security.

Source

On October 2, 2025, Google announced that Gmail Client-side Encryption (CSE) now enables Google Workspace Enterprise Plus users with the Assured Controls add-on to send end-to-end encrypted emails to external recipients across any email platform. The encryption occurs in the browser before data reaches Google's servers, allowing organizations to maintain control over their encryption keys while external recipients access encrypted messages through guest accounts without requiring S/MIME certificate exchanges.

Source