< ciso
brief />
Tag Banner

All news with #microsoft tag

835 articles

GigaWiper: Multipurpose Windows backdoor and wiper

🛡️ Microsoft dissected a destructive Windows backdoor dubbed GigaWiper, which bundles three older wipers into a single Go-based platform offering selectable destructive commands. The implant can wipe entire disks, overwrite the Windows drive, or run fake ransomware that encrypts files without saving keys, and also provides remote control capabilities like screenshots, VNC access, and process management. Microsoft and Binary Defense observed the same file hashes and command servers, with Binary Defense linking the samples to an Iran-linked actor while Microsoft refrains from attributing a country. Defenders should monitor for a OneDrive Update scheduled task, RabbitMQ/Redis traffic from desktops, and suspicious use of takeown/icacls, and apply tamper protection, endpoint blocking, and blocklisted server addresses.
read more →

Microsoft warns of more Windows security updates ahead

🛡️ Microsoft says AI-driven discovery is increasing the pace of vulnerability identification in Windows, leading to a likely rise in monthly security updates. The company uses its MDASH system to scan critical binaries and validate potential issues with multiple AI models, then runs a Windows-specific validation pipeline to reduce false positives. Microsoft also applies AI to accelerate triage, suggest fixes, and find similar bugs, while keeping humans in the review loop. The firm is updating its Secure Development Lifecycle to address AI-enabled attack techniques as adversaries also leverage AI.
read more →

Forg365 PhaaS Targets Microsoft 365 with AI

🛡️ Forg365 is a phishing-as-a-service platform that targets Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device-code phishing with integrated AI-assisted lure generation. The service offers an admin dashboard for campaign management, OAuth and SMTP configuration, token handling, and a browser extension called ForgCookie for persistent cookie harvesting. Researchers at ZeroBEC found the operation uses legitimate delivery services like Amazon SES and SendGrid-hosted resources to blend malicious emails into normal traffic.
read more →

Microsoft to retire OWA Light from Exchange Server

📰 Microsoft will remove the OWA Light experience from on-premises Exchange Server in an upcoming update. The Exchange Team says retiring OWA Light reduces legacy surface area, simplifies engineering, and lets them focus on the full Outlook on the web experience. Administrators can proactively disable OWA Light via PowerShell using Set-OwaMailboxPolicy and Set-OwaVirtualDirectory commands. The change is expected in August 2026 after OWA Light was deprecated in August 2024.
read more →

Microsoft patches RoguePlanet Defender flaw

🛡️ Microsoft released a security update addressing a privilege escalation bug in the Microsoft Malware Protection Engine, tracked as CVE-2026-50656. The issue, dubbed RoguePlanet, is a race condition that can allow an attacker to spawn a SYSTEM-level shell to run arbitrary code. The fix is included in engine version 1.1.26060.3008 and includes defense-in-depth hardening.
read more →

Microsoft patches Defender RoguePlanet zero‑day

🛡️ Microsoft released a Malware Protection Engine update to fix a Defender zero-day tracked as CVE-2026-50656, dubbed "RoguePlanet." The vulnerability, disclosed by researcher "Nightmare Eclipse," allows spawning a SYSTEM command prompt via a Defender race condition and reportedly works on fully patched Windows 10 and 11 devices. Microsoft shipped version 1.1.26060.3008 to address the issue after confirming work on a patch on June 16.
read more →

Microsoft details SFI AI system to harden cloud

🚀 Microsoft describes a multi-agent AI system within the Secure Future Initiative (SFI) that continuously evaluates and hardens its cloud services. The system combines code, configuration, identity, network, and runtime evidence to find composite vulnerabilities and assess layered defenses. It generates assurance trees tailored to each service and produces high-quality, actionable findings that speed remediation. Microsoft reports the system compresses deep security reviews from weeks to hours and that over 90% of findings were validated by engineers.
read more →

Fake Microsoft Teams support call scam targets files

📢 Palo Alto Networks’ Unit 42 warns of a new campaign targeting Microsoft Teams users that begins with a survey email and a malicious PDF. If opened, victims soon receive a voice call claiming to be Microsoft Support; the fake agent requests permission to install a remote access tool and additionally deploys Ether RAT. The Trojan gives attackers full access to the compromised machine, enabling theft of sensitive information and files. Users should be cautious of unsolicited surveys and support calls.
read more →

UK launches Cyber Resilience Pledge for businesses

🛡️ The UK government announced the Cyber Resilience Pledge, with over 60 businesses signing up after its unveiling at CYBERUK in April alongside a £90m support package. Signatories such as Microsoft UK, Marks & Spencer and Vodafone commit to board-level cyber accountability, NCSC training, Early Warning registration and risk-based Cyber Essentials adoption across supply chains. The scheme targets medium and large firms with the aim of driving baseline security improvements across suppliers.
read more →

Microsoft switches Windows backup to default-on for orgs

🛡️ Microsoft will enable the Windows settings backup and restore tool by default on Microsoft Entra-joined and Entra hybrid-joined enterprise devices when they upgrade to Windows 11 version 26H2. The feature, introduced as opt-in at Ignite 2024 and GA in August 2025, previously required admins to turn it on after installing the September 2025 cumulative update. Default-on applies only to eligible devices outside DMA-regulated regions and not in sovereign cloud environments, and explicit admin policies via Intune or Group Policy still take precedence. Restore remains disabled by default and requires explicit admin configuration.
read more →

Microsoft tests Cloud Rebuild for Windows 11 recovery

🛠️ Microsoft is testing the new Cloud Rebuild recovery option in Windows 11 Insider Experimental Preview Build 26300.8772, enabling a full OS reinstall from the cloud when devices become inoperable. The feature downloads the target Windows image and device drivers from Windows Update, restoring functionality without USB media or a custom image. Insiders can initiate the process from WinRE under Troubleshoot > Recovery and must confirm a data-loss warning before the rebuild proceeds.
read more →

Massive Microsoft 365 password spray attack exposed

🔒 Microsoft users experienced a large-scale automated password spray campaign that targeted accounts indiscriminately, including clients of security firm Huntress. Huntress reported 81 million login attempts against its customers between June 12 and 26, with at least 78 successful compromises. Attack traffic originated from an IPv6 range tied to LSHIY LLC, which has since cut service to the offending customer. The attackers abused the OAuth ROPC flow to replay valid credentials, bypassing protections where MFA was not enforced for all cloud apps or all user groups.
read more →

Improving security across Microsoft partner ecosystem

🔒 This post by Raji Dani, Microsoft Deputy CISO, explains how Microsoft secures its partner ecosystem—especially Microsoft Cloud Solution Providers (CSPs)—to reduce risk to downstream customers. It outlines vetting, mandatory security requirements for authorization, granular delegated administrative privileges (GDAP), telemetry and rapid access revocation capabilities. The article emphasizes shared responsibility between Microsoft and partners and a continual roadmap to raise security standards.
read more →

CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog

🔒 CISA has added a high-severity SharePoint Server vulnerability, CVE-2026-45659 (CVSS 8.8), to its Known Exploited Vulnerabilities catalog following evidence of active exploitation. Microsoft patched the deserialization-based remote code execution flaw in May 2026 for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. The issue can be triggered by any authenticated attacker with as little as Site Member permissions and does not require elevated privileges. Federal agencies are advised to apply updates by July 4, 2026, while Microsoft assesses public exploitation as "Exploitation Less Likely."
read more →

Microsoft named a leader in Frost Radar for CARS

🔒 Microsoft highlights its recognition in Frost & Sullivan’s 2026 Frost Radar for Cloud/Application Runtime Security, emphasizing a shift from visibility to contextual risk reduction across cloud infrastructure, applications, APIs, and runtimes. The post explains how Microsoft Defender for Cloud integrated with Microsoft Defender XDR correlates posture, identity, data, and runtime signals to prioritize exploitable attack paths. It argues that unified platforms reduce alert fatigue, speed remediation, and enable continuous risk operations across development and runtime.
read more →

Microsoft restores GIFs in Windows Emoji Panel

🛠️ Microsoft has restored GIF functionality in the Windows Emoji Panel after Tenor retired its API on June 30, causing GIF options to show as 'GIF service is not available' for some users. The company switched the provider to GIPHY in the preview KB5095093 cumulative update for Windows 11 24H2/25H2/26H1 released on June 23. Users can install the optional update via Settings > Windows Update or the Microsoft Update Catalog. Microsoft is still working on fixes for Windows 11 23H2 and Windows Server 2025.
read more →

Microsoft Accelerates Move to Post‑Quantum Cryptography

🔒 Microsoft announced an acceleration of its Quantum Safe Program to transition critical products and services to post‑quantum cryptography by 2029. The company plans to integrate PQC requirements into its Secure Future Initiative and emphasize crypto‑agility, TLS 1.3 adoption, and protection of trust chains such as code signing and certificates. Microsoft urged organizations to begin migration now due to advances in quantum research and rising risk of 'harvest now, decrypt later.'
read more →

Microsoft Expedites Transition to Post‑Quantum Cryptography

🔒 Microsoft says it is accelerating its move to post-quantum cryptography, citing advances in quantum R&D and a shifting "risk horizon." CTO Mark Russinovich announced a goal to migrate critical products and services to PQC by 2029, and linked the work to its Microsoft Quantum Safe Program and Secure Future Initiative. The company outlined three pillars—upgrading network cryptography to TLS 1.3, building crypto-agility for data at rest, and modernizing crypto trust chains—and provided practical steps for organizations to begin their PQC transition.
read more →

Microsoft accelerates quantum-safe transition to 2029

🔒 Microsoft has accelerated its quantum-safe roadmap, saying advances in quantum computing bring the need to replace current encryption sooner than expected. The company plans to transition critical products and services to post-quantum cryptography (PQC) by 2029 under its Quantum Safe Program and integrate quantum-safe requirements into its Secure Future Initiative. Microsoft emphasizes modernizing infrastructure, enabling crypto-agility, and updating trust chains to ease future migrations.
read more →

Microsoft accelerates quantum-safe security timeline

🔐 Microsoft is advancing its quantum-safe timeline, now targeting transition of critical products and services to post-quantum cryptography by 2029. The company is embedding PQC requirements into its Secure Future Initiative to ensure clear ownership, measurable milestones, and platform readiness. Priorities include modernizing network cryptography, enabling crypto-agility, and securing chains of trust across keys, certificates, and signing. Microsoft urges organizations to begin discovery and modernization now to reduce long-term risk.
read more →