< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 11 of 42

Chinese State-Linked Hacker Extradited to the U.S.

🛡️ Xu Zewei, a 34-year-old accused of working for China's Ministry of State Security and linked to the state-backed hacking group Hafnium (also called Silk Typhoon), has been extradited from Italy to the United States and arrived in Houston. He pleaded not guilty at a federal hearing and is being held at the Federal Detention Center. U.S. prosecutors allege Xu targeted COVID-19 researchers in early 2020 and participated in the 2021 Microsoft Exchange zero-day campaign; if convicted on charges including wire fraud, conspiracy to damage protected computers, and aggravated identity theft, he faces decades in prison.
read more →

Microsoft backend change disrupts Teams Free chat and calls

⚠️ Microsoft is investigating a known issue that prevents some Teams Free users from chatting and calling others. A recently deployed backend change is skipping onboarding and privacy consent screens for affected users, leaving profiles incomplete and causing them to appear as 'Unknown users' to others. Microsoft has flagged the incident as an service degradation, says first reports emerged on April 8, and plans another status update later today.
read more →

Microsoft to Deprecate Legacy TLS for Exchange Online

🔒 Microsoft will block legacy TLS connections for POP and IMAP access to Exchange Online starting July 2026, deprecating TLS 1.0 and TLS 1.1. Connections that attempt to use those versions will fail, which may prevent older email clients, devices, or embedded systems from connecting. The company says most customers won't be affected because the majority of traffic already uses TLS 1.2 or later. Administrators are advised to verify client configurations, update custom or legacy systems, and avoid legacy endpoints to prevent disruption.
read more →

Microsoft: New Remote Desktop Warnings Display Issue

⚠ Microsoft confirmed a display bug causing newly introduced Windows security warnings to render incorrectly when opening Remote Desktop (RDP) files. The issue affects all supported Windows releases updated in April 2026 (including Windows 11 KB5083768 & KB5083769, Windows 10 KB5082200, and Windows Server KB5082063) and appears when multiple monitors use different scaling settings, producing overlapping text and misplaced buttons. These dialogs — deployed to warn users about unsigned or unverified RDP files and to show resource redirection settings — can become difficult or impossible to interact with until Microsoft provides a fix.
read more →

Microsoft asks iPhone users to re-enter Outlook creds

📧 Microsoft has asked iPhone users to manually re-enter credentials in the default Mail app to restore access to Outlook and Hotmail accounts after a global sign-in outage. The company reported intermittent sign-in failures and some users being signed out or seeing "too many requests" errors, attributing the disruption to a "recently introduced change." Service health was reported as restored around 7 PM UTC, but iOS users must follow a step-by-step procedure in Settings → Mail → Accounts to update passwords. Microsoft has not disclosed the outage's root cause, scale, or affected regions.
read more →

Microsoft: Active Exploitation of Windows Shell Bug

🛡️ Microsoft confirmed active exploitation of a patched Windows Shell vulnerability, CVE-2026-32202, after correcting its advisory metadata. The flaw is a spoofing/authentication-coercion issue (CVSS 4.3) that can disclose sensitive information and was addressed in April Patch Tuesday. Akamai researcher Maor Dahan links the defect to an incomplete February fix for CVE-2026-21510 and says an APT28 campaign weaponized LNK/CPL/UNC/SMB chains to harvest credentials.
read more →

Microsoft Fixes Agent ID Administrator Role Privilege Flaw

🔒 Researchers at Silverfort discovered that Microsoft’s Agent ID Administrator role could modify and take ownership of unrelated service principals, allowing role holders to create credentials and authenticate as compromised applications. The flaw stemmed from scope enforcement failing in the Agent Identity Platform, where agent identities share primitives with applications. Microsoft deployed a fix by April 9, 2026; organizations should audit role assignments and service principal ownership and monitor for unexpected changes.
read more →

Microsoft: Outlook.com outage causes sign‑in failures

📧 Microsoft is investigating an ongoing Outlook.com outage that is causing intermittent sign‑in failures and unexpected sign‑outs for some users. A high volume of reports on Downdetector indicate many customers are seeing connection problems and too many requests errors when attempting to access mailboxes. Microsoft says client sign‑in scenarios may be contributing and is validating interactions across service components. The company has flagged the incident as a service degradation but has not disclosed a root cause or affected regions.
read more →

Microsoft revamps Windows Insider Program channels

🛠️ Microsoft is rolling out a revamped Windows Insider Program to simplify channel structure and improve transparency around feature availability. The company is merging Dev and Canary into a new Experimental channel for high-risk or potentially non-shipping work, while maintaining an updated Beta channel where features in release notes will be broadly available without gradual rollouts. Experimental items may be gated behind Feature flags that users can toggle in Settings, and Microsoft is migrating Insiders in phases while shipping several preview builds and an updated Windows Update experience to give users more control over updates and reboots.
read more →

Windows Update adds controls to reduce forced restarts

🔧 Microsoft is rolling out Windows Update improvements to give users more control over update timing and reduce disruptive restarts. Insiders will see options to skip updates during OOBE, select specific pause dates via a calendar for up to 35 days, and separate standard power actions from update-triggering commands. Driver, .NET, and firmware updates will be consolidated with monthly quality updates to minimize reboots, while users can still opt to install specific updates earlier.
read more →

Microsoft to Deploy Entra Passkeys on Windows in Late April

🔐 Microsoft will roll out Entra passkey support for phishing‑resistant passwordless authentication on Windows devices starting in late April, with general availability expected by mid‑June 2026. The capability enables device‑bound FIDO2 passkeys stored in the Windows Hello container and used via face, fingerprint, or PIN on corporate, personal, and shared devices, including unmanaged Windows machines. Administrators can control rollout and access through Conditional Access and Authentication Methods policies.
read more →

Admins Can Now Uninstall Copilot from Windows 11 Enterprise

🛠️ Microsoft now allows IT administrators to uninstall the AI-powered Microsoft Copilot app from managed enterprise devices using the new RemoveMicrosoftCopilotApp policy setting, broadly available after the April 2026 Patch Tuesday. The setting is provided as a Policy CSP and Group Policy for endpoints managed via Microsoft Intune or SCCM, and applies only to Windows 11 25H2 devices where both Microsoft 365 Copilot and Microsoft Copilot are installed, the user did not install the Copilot app, and it has not been launched in the last 28 days. If enabled, the app will be uninstalled in a non-disruptive way; users can still re-install it if they choose.
read more →

OpenAI GPT-5.5 in Microsoft Foundry for Enterprise Use

🚀 GPT-5.5 is being made generally available in Microsoft Foundry, enabling enterprises to run OpenAI's latest frontier model for production agentic workflows. The model brings deeper long-context reasoning, improved agentic execution, higher computer-use accuracy, and better token efficiency. Foundry supplies governance, identity isolation, persistent sandboxes, and integrations to evaluate and scale agents securely.
read more →

Amazon Quick Adds Document-Level SharePoint ACLs Support

🔒 Amazon Quick now supports document-level access controls (ACLs) for Microsoft SharePoint knowledge bases, allowing organizations to preserve native SharePoint permissions when indexing content. Quick uses a dual approach—ACL replication for fast pre-retrieval filtering paired with real-time permission checks against SharePoint at query time—to avoid stale or incorrectly mapped access. Administrators can enable this in an admin-managed SharePoint knowledge base in the Quick console; the feature is available in all Regions where Quick is offered.
read more →

UNC6692: Social Engineering and Custom SNOW Malware

🔒 UNC6692 used persistent social engineering to lure victims via Microsoft Teams, delivering a staged payload that installed an AutoHotkey loader and a malicious Chromium extension (SNOWBELT) from attacker-controlled AWS S3. The intruders deployed a modular suite — SNOWBELT, SNOWGLAZE, and SNOWBASIN — to establish WebSocket tunnels, local HTTP backdoors, and stealthy proxying for lateral movement. The campaign combined credential theft, LSASS and NTDS extraction, and exfiltration to cloud services, highlighting the need to monitor browser extensions and cloud egress.
read more →

Microsoft: Edge update prevents some Teams meeting joins

⚠️ Microsoft confirmed a recent Microsoft Edge update introduced a regression preventing some Windows users from joining scheduled Microsoft Teams meetings or meetings launched via links. The company advised impacted users to restart the Teams client as a temporary workaround while engineers analyze diagnostic data and monitor recent service changes. Microsoft classified the incident as an advisory and has not disclosed affected regions or user counts.
read more →

GopherWhisper APT Abuses Outlook, Slack, Discord in Attacks

🔐 A previously undocumented state-linked threat cluster dubbed GopherWhisper has been observed using a Go-based toolkit and legitimate services such as Microsoft 365 Outlook (via the Microsoft Graph API), Slack, and Discord to perform command-and-control and payload delivery. ESET identified the campaign targeting a Mongolian government entity and uncovered multiple backdoors — including LaxGopher, RatGopher, and BoxOfFriends — plus an exfiltration utility that uploads stolen archives to file.io. Analysts recovered thousands of Slack and Discord messages from attacker accounts, and telemetry including UTC+8 activity helped link the group to China.
read more →

CISA Orders Patching of Microsoft Defender BlueHammer Flaw

🔒 CISA has ordered federal agencies to urgently patch a high-severity Microsoft Defender privilege escalation vulnerability tracked as CVE-2026-33825 and publicly dubbed BlueHammer, after evidence of active exploitation. Microsoft released a patch on April 14 following public disclosure and proof-of-concept code published by a researcher using the handle 'Chaotic Eclipse', who also revealed related Defender issues. Huntress Labs reported attacks showing hands‑on‑keyboard activity and suspicious FortiGate SSL VPN access tied to a Russia‑geolocated IP. Agencies must apply mitigations or update systems within two weeks, with a compliance deadline of May 7.
read more →

Microsoft Adds Anthropic Mythos to SDLC, Boosts Security

🔒 Microsoft will integrate Anthropic’s Mythos Preview into its Security Development Lifecycle, using the model alongside other advanced AI to surface vulnerabilities earlier in the software development process. The company says the move aims to strengthen and harden core products including Windows, Azure, and Microsoft 365 by improving automated detection and secure coding. Analysts note the shift signals frontier models moving from experimental tools into standard engineering workflows while raising dual-use concerns.
read more →

Microsoft issues out-of-band patch for ASP.NET Core flaw

🔒 Microsoft released an out-of-band fix after an April 14 .NET update (10.0.6) introduced a critical regression in the ASP.NET Core Data Protection NuGet package (CVE-2026-40372, CVSS 9.1). A bug in the ManagedAuthenticatedEncryptor caused HMAC validation tags to be computed with an incorrect offset, allowing forged cookies and tokens to be treated as valid. Developers should upgrade to 10.0.7, rebuild embedded apps (including Docker images), expire affected cookies and tokens, and rotate protection keys to remove potential forgeries.
read more →