All news with #microsoft tag

Microsoft Investigates Microsoft 365 Access Outage

⚠️ Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications. The issue has been tagged as an incident in the admin center while Redmond reviews telemetry and recent service changes to identify the root cause. Microsoft first acknowledged the problem at 05:06 AM UTC and said it continued analysis nearly four hours later to develop a fix. Impact appears limited to users served by the affected infrastructure.

Developers Leading AI Transformation Across Enterprise

💡 Developers are accelerating AI adoption across industries by using copilots and agentic workflows to compress the software lifecycle from idea to operation. Microsoft positions tools like GitHub, Visual Studio, and Azure AI Foundry to connect models and agents to enterprise systems, enabling continuous modernization, migration, and telemetry-driven product loops. The shift moves developers from manual toil to intent-driven design, with agents handling upgrades, tests, and routine maintenance while humans retain judgment and product vision.

Windows 11 Media Creation Tool Fails on Windows 10

⚠️ Microsoft says the Windows 11 Media Creation Tool (MCT) version 26100.6584 released on September 29, 2025, may close unexpectedly on Windows 10 22H2 devices without showing an error. The company is working on a fix and recommends downloading a Disk Image (ISO) for x64 systems as a temporary workaround. Microsoft also notes the MCT is not supported on Windows 10 ARM64 machines, following earlier ARM64 compatibility problems after the Windows 11 25H2 rollout.

Microsoft Restricts Edge IE Mode After Active Exploits

🔒 Microsoft has tightened access to Internet Explorer mode in Edge after credible reports in August 2025 that unknown actors abused the legacy compatibility feature to compromise devices. Attackers used social engineering to coerce users into reloading pages in IE mode and then chained unpatched Chakra JavaScript engine exploits to gain remote code execution and elevate privileges. Microsoft removed the IE mode toolbar button, context-menu and hamburger-menu entries; IE mode must now be enabled explicitly via Edge settings and sites must be added to an IE mode pages list.

Windows 11 23H2 Home and Pro reach end of support soon

⚠ Microsoft warned that devices running Windows 11 23H2 Home and Pro editions will stop receiving security updates after November 11, 2025. The November 2025 monthly security update will be the final update for those editions. Users should upgrade to Windows 11 24H2 or later to remain protected; note that some PCs may be prevented from upgrading by a safeguard for SenseShield code-obfuscation drivers.

Copilot on Windows Adds Email Connectors and Office Export

🖥️ Microsoft has updated Copilot on Windows to let users link Outlook and Gmail accounts, plus Google Drive, Calendar, and Contacts, and to generate and export Office files directly from prompts. The change is rolling out to Windows Insiders via the Microsoft Store for devices running Copilot version 1.25095.161.0 or later and must be enabled manually in the app's Connectors settings. Responses longer than 600 characters now include an export button to save content as Word, PowerPoint, Excel, or PDF files. Microsoft asked testers to provide feedback from within the Copilot app.

Stealit Malware Uses Node.js SEA, Electron for Delivery

⚠️ Fortinet FortiGuard Labs has detailed an active campaign dubbed Stealit that uses Node.js Single Executable Application (SEA) packaging—and in some builds, the Electron framework—to deliver credential-stealing and remote-access payloads. Operators distribute counterfeit game and VPN installers via file-hosting sites and messaging platforms, which drop three primary executables that perform browser and messenger data theft, wallet extraction, and persistence with live screen streaming. Installers run anti-analysis checks, write a Base64 authentication key to %temp%\cache.json for C2 authentication, and configure Microsoft Defender exclusions to conceal downloaded components.

Microsoft: 'Payroll Pirates' Hijack HR SaaS Accounts

🔒 Microsoft warns that a financially motivated group tracked as Storm-2657 is hijacking employee accounts to redirect payroll by altering profiles in third-party HR SaaS platforms such as Workday. Attacks rely on AitM phishing, MFA gaps and SSO abuse rather than software vulnerabilities. Observed tactics include creating inbox rules to delete warning notifications and enrolling attacker-controlled phone numbers for persistent access. Microsoft reported compromises at multiple U.S. universities and recommends phishing-resistant, passwordless MFA such as FIDO2 keys, and reviews of MFA devices and mailbox rules to detect takeover.

Universities Targeted in 'Payroll Pirate' Workday Hijacks

🔐 Microsoft says the Storm-2657 gang has been targeting U.S. university HR employees since March 2025 in “payroll pirate” attacks that aim to hijack salary payments by compromising Workday accounts and Exchange Online mailboxes. Attackers use tailored phishing themes—campus illness, faculty misconduct, executive impersonation—and adversary‑in‑the‑middle (AITM) links to steal MFA codes and gain access. They then set inbox rules to hide warnings, adjust payroll SSO settings, and sometimes enroll attacker phone numbers as MFA devices; Microsoft urges deployment of phishing‑resistant MFA and offers investigative guidance.

Microsoft Defender Mislabels SQL Server as End-of-Life

⚠️Microsoft is addressing a bug in Microsoft Defender for Endpoint that incorrectly tags SQL Server 2017 and SQL Server 2019 as end-of-life. The company says a recent code change introduced the issue and it has begun deploying a fix to reverse that change. Support timelines remain unchanged: 2019 is supported until January 2030 and 2017 until October 2027. The incident is being tracked as an advisory while remediation continues.

Hidden Text Salting in Emails and Strategic Cyber Decisions

🧯 Cisco Talos warns of extensive abuse of CSS to insert hidden “salt” — extraneous characters, comments and markup — into email preheaders, headers, attachments and bodies to evade detection. This hidden text salting technique is significantly more common in spam and malicious mail than in legitimate messages, undermining both signature and ML-based defenses. Talos advises detecting concealed content and, crucially, stripping or normalising that salt before passing messages to downstream engines, while also urging attention to longer-term strategic decision-making in cyber defense.

Microsoft Azure Debuts Large-Scale NVIDIA GB300 Cluster

🚀 Microsoft Azure announced the first production-scale cluster using more than 4,600 NVIDIA GB300 NVL72 (Blackwell Ultra) GPUs, co-engineered with NVIDIA to support OpenAI and other frontier AI workloads. The new ND GB300 v6 VMs are optimized for reasoning models, agentic systems, and multimodal generative AI, delivered on rack-scale systems with 72 GPUs per rack and 36 NVIDIA Grace CPUs. Microsoft says this infrastructure will shorten training from months to weeks and will scale to hundreds of thousands of Blackwell Ultra GPUs globally.

Securing Agentic AI: Microsoft Ignite Security Guide

🔒 Microsoft Ignite 2025 highlights security-focused sessions and hands-on labs tailored for practitioners and leaders. Join in San Francisco Nov 17–21 (or online Nov 18–20) for briefings, demos, and instructor-led labs covering Microsoft Security Copilot, Sentinel, Defender, Entra, and Purview. A Security Forum (Nov 17) and keynote segments led by senior security executives will explore designing, governing, and protecting agentic AI across the lifecycle.

Investigating Payroll Pirate Attacks on US Universities

🔍 Microsoft Threat Intelligence observed a financially motivated actor tracked as Storm-2657 conducting targeted 'payroll pirate' intrusions against US universities to divert salary payments. The actor used realistic phishing and adversary-in-the-middle (AiTM) links to harvest credentials and MFA codes, gained access to Exchange Online, abused SSO to reach Workday profiles, and created inbox rules to hide payroll notifications. Microsoft recommends adopting phishing-resistant, passwordless MFA and provides detections and remediation guidance.

Microsoft Expands Azure Datacenters and AI in Asia

☁️ Microsoft is expanding its Azure footprint across Asia, launching new datacenter regions in Malaysia and Indonesia in 2025 and announcing planned expansions in India and Taiwan for 2026. The company is investing billions to deliver AI-ready hyperscale infrastructure, next‑generation networking, scalable storage, and multi‑zone availability to support low-latency, compliant services. Microsoft also plans a second Malaysia region (Southeast Asia 3) and recommends multi-region architectures along with the Cloud Adoption and Well‑Architected Frameworks to improve resilience, performance, and cost optimization.

Microsoft Releases Enterprise Windows Backup for Orgs

🔒 Microsoft has made Windows Backup for Organizations generally available, offering an enterprise-grade, opt-in solution to preserve Windows settings, user preferences, and Microsoft Store-installed apps. The capability is available after installing the September 2025 Windows Monthly Cumulative Update on Entra-joined devices and must be enabled by administrators through Intune or backup and restore policy settings. Backups are stored in Exchange Online in the tenant's selected Country/Region, are protected by encryption, and are accessible to Microsoft personnel only under strict oversight for troubleshooting or legal compliance, helping streamline migrations to Windows 11 during device setup.

Azure Front Door Outage Disrupts Microsoft 365 Access

⚠️ Microsoft is addressing an outage in its Azure Front Door CDN that is blocking access to some Microsoft 365 services and admin portals across Europe, Africa, and the Middle East. The incident began around 07:40 UTC and produced delays and timeouts when connecting to the Azure and Entra portals. Engineering teams have been restarting Kubernetes instances that caused capacity loss across AFD instances and have initiated failover for the Microsoft 365 Portal while monitoring telemetry to confirm full recovery.

ThreatsDay: Teams Abuse, MFA Hijack, $2B Crypto Heist

🛡️ Microsoft and researchers report threat actors abusing Microsoft Teams for extortion, social engineering, and financial theft after hijacking MFA with social engineering resets. Separate campaigns use malicious .LNK files to deliver PowerShell droppers and DLL implants that establish persistent command-and-control. Analysts also link over $2 billion in 2025 crypto thefts to North Korean‑linked groups and identify AI-driven disinformation, IoT flaws, and cloud misconfigurations as multiplying risk. Defenders are urged to harden identity, secure endpoints and apps, patch exposed services, and limit long-lived cloud credentials.

Many Users Still on Windows 10 Ahead of End‑of‑Life

⚠️ A significant proportion of users and organisations remain on Windows 10 just days before Microsoft ends support on October 14, meaning no more security or feature updates. Remote-access vendor TeamViewer reports over 40% of endpoints it recently supported still run the OS, while a Which? survey found 26% of UK users do not plan to upgrade and 11% are undecided. Experts warn this creates a cybersecurity and compliance 'cliff edge' that could expose systems to unpatched vulnerabilities and increased attacker activity.

Microsoft 365 Outage Disrupts Teams, Exchange, and MFA

⚠️ Microsoft is addressing an ongoing outage that is preventing users from accessing Microsoft 365 services, including Teams, Exchange Online, and the Microsoft 365 admin center. The incident is being tracked on the Service Health Dashboard and Microsoft is publishing updates on its Service Health Status page. The outage is also affecting Microsoft Entra single sign-on and Multi-Factor Authentication, with some users unable to receive MFA prompts or authenticate.