< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 12 of 42

AI-Powered Defense for an AI-Accelerated Threat Landscape

🛡️ Microsoft outlines how defenders can harness AI to counter an accelerating threat environment. Through Project Glasswing and partnerships with model providers such as Anthropic, Microsoft tested Claude Mythos Preview against the CTI-REALM benchmark and observed meaningful detection improvements. The company plans to integrate advanced models into its Security Development Lifecycle, deploy rapid Defender detections, and share protections through MSRC and MAPP. The Secure Now exposure-management experience is available today, and a multi-model scanning harness is expected in preview in June 2026.
read more →

Microsoft Discovery: Agentic R&D at Enterprise Scale

🔬 Microsoft Discovery is an extensible platform that brings agentic orchestration, advanced reasoning, a graph-based knowledge foundation, and high-performance computing to enterprise R&D. It equips specialized agents to reason across proprietary data and external literature, generate hypotheses, and validate them through simulation and lab integrations under centralized governance. Built on Azure, the platform emphasizes security, compliance, partner interoperability, and enterprise-grade controls while remaining in preview.
read more →

Microsoft Teams adds Efficiency Mode for low-resource PCs

⚙️ Microsoft is rolling out an Efficiency Mode for Teams on Windows and Mac to improve responsiveness on devices with constrained CPU and memory. Enabled by default on eligible systems, the mode dynamically reduces camera resolution during meetings, launches the app without a pre-selected chat, and displays a static image in the message pane. The change begins in early May 2026 and will complete by mid-May. Users can opt out via Settings > General by toggling on "Never use efficiency mode," and Teams will display an indicator when the mode is active.
read more →

CISA Adds One Vulnerability to KEV Catalog After Exploitation

⚠ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-33825, an Microsoft Defender access-control issue characterized by insufficient granularity and identified as being actively exploited. The agency emphasizes that this class of flaw is a frequent attack vector and presents significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the prescribed due date, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

Microsoft Graph API Bug Disrupts Universal Print Shares

⚠️ Microsoft has traced an ongoing Universal Print sharing failure to a code change in the Microsoft Graph API, which increased Entra ID directory replication latency and exposed a pre-existing race condition that causes intermittent “Sharing Print Failed” errors when creating certain printer shares. The issue (UP1287359) affects shares created with the "Allow all users in my organization" toggle or when specific users/groups are selected. Microsoft is deploying a corrective code change and published a 13-step workaround that involves creating the share without assigning members initially, waiting for propagation, and then adding users or security groups manually.
read more →

Microsoft Issues Patch for Critical ASP.NET Core Flaw

🔒 Microsoft released an out-of-band update to address a high-severity privilege-escalation flaw in ASP.NET Core tracked as CVE-2026-40372 (CVSS 9.1). A regression in Microsoft.AspNetCore.DataProtection 10.0.0–10.0.6 allowed the managed encryptor to compute HMAC validation over incorrect payload bytes, enabling forged payloads to pass authenticity checks and potentially grant SYSTEM-level access on non-Windows hosts. Microsoft fixed the issue in ASP.NET Core 10.0.7 and warned tokens issued during the vulnerable window remain valid until the DataProtection key ring is rotated.
read more →

Microsoft issues emergency patches for ASP.NET flaw

🔒 Microsoft has released out-of-band updates to fix a critical ASP.NET Core privilege escalation vulnerability (CVE-2026-40372) in the ASP.NET Core Data Protection APIs. A regression in the Microsoft.AspNetCore.DataProtection 10.0.0–10.0.6 packages caused HMAC validation to be computed over the wrong bytes, allowing forged auth cookies and decryption of protected payloads. Developers should update to 10.0.7, redeploy, and rotate DataProtection key rings to invalidate tokens issued during the vulnerable window.
read more →

Azure Accelerate for Databases: Modernize Data for AI

🚀 Azure Accelerate for Databases is a Microsoft program that helps organizations modernize database estates to become AI-ready. It bundles a Savings Plan (up to 35% vs. pay-as-you-go), delivery funding, Azure credits, zero-cost Cloud Accelerate Factory support, partner services, AI-enhanced assessments, and role-based skilling. The offering aims to reduce friction and speed migrations at scale. Microsoft highlights Thomson Reuters’ migration of over 18,000 databases as a customer example.
read more →

State-Sponsored & Phishing Trends: Printers, M365 Risks

🔍 This podcast episode examines the 2025 Talos Year in Review, highlighting a sharp increase in internal phishing that evades traditional perimeter defenses. Hosts Amy Ciminnisi and Martin Lee explain how Microsoft 365's Direct Send feature has been broadly weaponized to deliver trusted-looking internal mail. They also unpack blended state-sponsored campaigns from China and North Korea that pair zero-day exploitation with advanced social engineering.
read more →

Phishing and MFA Exploitation: Targeting Trust in Workflows

🔐 In 2025 attackers increased focus on weaknesses in multi-factor authentication (MFA) and the trust inherent in everyday workflows, with phishing used for initial access in 40% of incidents. Cascaded phishing leveraged compromised, legitimate accounts to craft highly convincing lures, while abuse of Microsoft 365 Direct Send enabled internal-looking spoofed messages. MFA spray attacks and device compromise—driven by voice phishing against administrators—targeted IAM tools and high-turnover device ecosystems, with higher education notably impacted. Defenders should harden device management, enforce strong lockout and conditional access policies, and adopt email protections such as Reject Direct Send and tightened SPF/DMARC.
read more →

Designing Systems to Thwart Opportunistic Cyberattacks

🔐 Microsoft Deputy CISO Ilya Grebnov outlines practical steps to make opportunistic cyberattacks harder by design. He emphasizes credential elimination using managed identities and federated tokens, paired with endpoint reduction to move services off the public internet. The article further advocates platform engineering—paved paths, policy-as-code, and centralized core services—to enforce consistent secure defaults and reduce the attack surface at scale.
read more →

Teams abused for helpdesk impersonation, warns Microsoft

🔒 Microsoft warns that threat actors are increasingly abusing external Microsoft Teams collaboration to impersonate IT or helpdesk staff and gain remote access. Attackers initiate cross-tenant chats to request remote assistance—commonly via Quick Assist—then perform reconnaissance and deploy small payloads into user-writable locations. They abuse trusted, signed applications for execution and use HTTPS-based C2 and tools like Rclone to exfiltrate filtered, high-value data, often blending into normal traffic. Administrators are urged to treat external Teams contacts as untrusted, restrict remote-assistance tools, and limit WinRM usage.
read more →

Attackers Use Microsoft Teams to Impersonate IT Support

🔒 Microsoft warns that attackers are exploiting Microsoft Teams cross-tenant features to impersonate IT helpdesk staff and trick employees into granting remote control. The cross-tenant helpdesk impersonation playbook leverages real-time chats, social engineering, and legitimate remote-support tools so access appears user-approved and avoids typical malware detections. Organizations are urged to tighten external access, restrict support workflows, enforce Zero Trust controls, and improve behavioral monitoring.
read more →

Microsoft Trials File Explorer Speed and Performance Boosts

⚡Microsoft is rolling out a set of File Explorer enhancements to Windows 11 Insiders that aim to improve launch speed and overall performance. While implementation details are limited, the company earlier tested optional background preloading to accelerate startup times and offers a toggle to disable that behavior. The update also improves reliability around stopping explorer.exe after closing windows and expands fixes for bright white flashes in dark mode. A new full-screen Xbox mode is available as well; changes are arriving for Release Preview Insiders on Builds 26100.8313 and 26200.8313 (KB5083631).
read more →

Microsoft Reverts Update That Broke Teams Desktop Launches

🔧 Microsoft has reverted a service update that prevented some customers from launching the Microsoft Teams desktop client, leaving affected users stuck on a loading screen with the error “We're having trouble loading your message. Try refreshing.” The vendor traced the failure to a transient service infrastructure issue and a regression in the client build caching system. Microsoft says its automated recovery system remediated the impact and advises users to fully quit and restart Teams so the fix can propagate.
read more →

Microsoft issues emergency Windows Server OOB updates

⚠️Microsoft has released out-of-band updates to address multiple issues affecting Windows Server systems after the April 2026 cumulative patches. An installation failure impacting KB5082063 on Windows Server 2025 and LSASS crashes that can force domain controllers into restart loops are the primary problems. Microsoft published OOB fixes for Server 2025 (KB5091157) — which resolves both issues — and separate updates for 23H2, 2022, 2019, 2016 and Azure hotpatch editions; some Server 2025 devices may also enter BitLocker recovery after KB5082063.
read more →

Edge Update Breaks Right-Click Paste in Microsoft Teams

🔧 A recent Microsoft Edge update introduced a code regression that breaks right-click paste in the Microsoft Teams desktop client, leaving the Paste option greyed out in chat context menus. Microsoft advises using keyboard shortcuts (Ctrl+C/Ctrl+V on Windows, Cmd+C/Cmd+V on macOS) as an immediate workaround. The company says it identified the cause in Edge and is rolling out a staged fix while monitoring telemetry.
read more →

Cross‑tenant helpdesk impersonation and exfiltration

🔐 Microsoft Defender Security Research outlines a human-operated intrusion playbook where attackers abuse cross-tenant Microsoft Teams collaboration to impersonate IT/helpdesk staff and socially engineer users into granting remote assistance. With user consent, adversaries gain interactive access via Quick Assist or similar tools, then execute attacker modules by side-loading them into trusted vendor-signed applications. The chain leverages native administrative protocols such as WinRM and commercial RMM tooling to move laterally and stage sensitive business data for exfiltration. Microsoft Defender provides correlated identity, endpoint, and collaboration telemetry to surface and disrupt this pathway.
read more →

Three Microsoft Defender Zero-Days Exploited in the Wild

🔒 Huntress warns that threat actors are actively exploiting three recently disclosed Microsoft Defender vulnerabilities — codenamed BlueHammer, RedSun, and UnDefend — to gain elevated privileges and disrupt defenses. Microsoft addressed BlueHammer in this week's Patch Tuesday as CVE-2026-33825, but RedSun and UnDefend remain unpatched and have PoCs observed in the wild. Huntress reported weaponization beginning April 10 for BlueHammer and April 16 for RedSun and UnDefend, and said it isolated affected environments while investigating post-exploitation activity.
read more →

RedSun exploit abuses Microsoft Defender to gain SYSTEM

🛡️ A new proof-of-concept called RedSun demonstrates that Microsoft Defender can be manipulated to overwrite protected system files and escalate privileges to SYSTEM on Windows 10 and 11 systems with cloud files features enabled. The exploit leverages Defender’s special handling of cloud-tagged files, which can trigger a rewrite to disk during remediation, allowing attackers to influence timing and destination. Researchers reproduce the issue using the Cloud Files API, oplocks, Volume Shadow Copy race conditions, and directory junctions; detection is limited and Microsoft has not yet commented.
read more →