// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE CLK-MicDTG 0600Z
Vendor Clock

Microsoft
Exposure Clock

DAYS SINCE LAST PUBLIC RESET

How long since Microsoft's last public CVE, breach, demonstration, lab miss, and capability launch — the five resets that define a vendor's current exposure window.

CVE Disclosed
46d
since 2026-05-25
BitLocker Bypassed — Microsoft Rushes Mitigation for YellowKey (CVE-2026-45585)
Field Breach
none on file
No breach on file involving deployed Microsoft.
Demo / Bypass
1d
since 2026-07-09
Vishing Campaign Bypasses Microsoft 365 MFA by Enrolling Attacker-Controlled Entra Passkeys
Lab Miss
71d
since 2026-04-30
1.0% miss · Business Security Test (Mar–Apr 2026)
Capability Launch
1d
since 2026-07-09
Fargo impact unclear as Microsoft announces plans to eliminate 4,800 jobs - InForum

Each tile shows the days since the most recent event of that type drawn from public reporting, with the headline that reset the counter.

The Exposure Clock is an original ColdRecon metric. A small number is not "bad" and a large number is not "good" — they're counts of days since something happened, drawn from open-source reporting. See Microsoft's full spine →

Three days since Microsoft's last reset is a fact. What you do about it in the next deal is judgment.

ColdRecon delivers a daily intelligence brief from the seller's seat — every reset turned into a one-sentence position for your next call. Request clearance and the first lands tomorrow at 0600.

Request Clearance →