DevOps
fromTheregister
18 hours agoHybrid clouds have two attack surfaces - so watch both
Hybrid cloud management tools present significant security vulnerabilities that users often overlook.
Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, carries a CVSS score of 8.8 out of a maximum of 10.0 "Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network," Microsoft said in an advisory released on February 17, 2026.
A newly disclosed Windows Admin Center flaw carries a CVSS score of 8.8 and could let an authorized user quietly escalate privileges across enterprise environments. The vulnerability affects WAC version 2.6.4 and, if exploited, may grant sweeping administrative control over the very systems it was built to manage. "Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network," Microsoft said in its advisory.
Microsoft has made a new VM Conversion tool available in Windows Admin Center in a public preview. The extension is designed to help organizations convert virtual machines from VMware to Windows Server with Hyper-V, without additional costs or complicated installation. Although Microsoft Azure offers a fully managed cloud environment with numerous pay-as-you-go services, many organizations prefer to keep their data on-premises for compliance or governance reasons. For this target group, Microsoft is now introducing an accessible way to migrate VMware environments to Hyper-V,