All news with #microsoft tag

Microsoft Agent Framework Brings Multi-Agent Tooling

🤖 The Microsoft Agent Framework is now in public preview inside Azure AI Foundry, offering an open-source SDK and runtime to simplify orchestration of multi-agent systems. Developers can prototype locally and deploy with built-in observability, durability, and compliance while integrating tools via OpenAPI, Agent2Agent (A2A), and the Model Context Protocol (MCP). Microsoft also previews stateful multi-agent workflows and has contributed multi-agent tracing standards to OpenTelemetry. Responsible AI controls and a generally available Voice Live API add governance and real-time voice capabilities for enterprise scenarios.

Microsoft Media Creation Tool Fails on Windows 11 ARM64

⚠️ Microsoft has confirmed that the Windows 11 Media Creation Tool (version 26100.6584), released on September 29, 2025, may not run on devices with Arm64 processors after the Windows 11 25H2 rollout. Affected users report an error that reads, "We're not sure what happened, but we're unable to run this tool on your PC," blocking creation of bootable installation media. Microsoft says the tool does not support creating media for Arm64 devices and that the normally available ability for Arm64 systems to produce x64 media is also failing. As a temporary workaround, Microsoft recommends using a PC with an AMD64 processor to create installation media while it investigates and prepares a fix.

Windows 11 25H2 (2025 Update) Now Generally Available

ℹ️ Windows 11 25H2 (2025 Update) is now generally available. The minor release shares the same platform as 24H2 and is rolled out gradually, with devices on 24H2 updated via small enablement packages (<200 KB) while systems on 23H2 receive a full OS swap. Enterprise-focused changes include Wi‑Fi 7 support, improved vulnerability detection, and an optional Group Policy to remove select preinstalled Store apps. Microsoft also removed legacy tools such as PowerShell 2.0 and WMIC.

Microsoft Partially Resolves DRM Video Playback Issue

🔧 Microsoft says it has partially resolved an issue that caused DRM-protected video playback failures on Windows 11 24H2 systems after the August preview update (KB5064081) or later. Affected applications using Enhanced Video Renderer with HDCP enforcement or DRM for digital audio experienced freezes, black screens, and copyright protection errors. The September preview update KB5065789 contains fixes, though Microsoft warns some audio DRM problems may continue for certain applications.

Microsoft Sentinel: Agentic Platform for Defenders Now

🛡️ Microsoft announced expanded agentic security capabilities in Microsoft Sentinel, including the general availability of the Sentinel data lake and public preview of Sentinel Graph and the Model Context Protocol (MCP) server to enable AI agents to reason over unified security data. Sentinel ingests structured and semi-structured signals, builds vectorized, graph-based context, and integrates with Microsoft Defender and Microsoft Purview. Security Copilot now offers a no-code agent builder and developer workflows via VS Code/GitHub Copilot, while enhanced governance controls (Entra Agent ID, PII guardrails, prompt shields) aim to secure agent lifecycles.

Microsoft Expands Sentinel into Agentic Security Platform

🔒 Microsoft announced the general availability of the Sentinel data lake and public previews of Sentinel Graph and the Sentinel Model Context Protocol (MCP) server. The release broadens Sentinel from a traditional SIEM into a unified, agentic security platform designed to ingest and correlate structured and semi-structured signals at scale. It is intended to give AI agents such as Security Copilot and developer tools in VS Code with GitHub Copilot richer contextual access for detection, retroactive hunting, and automated response while integrating with Defender and Purview.

Windows 11 KB5065789: 41 fixes and new AI actions now

🛠 Microsoft released the optional preview cumulative update KB5065789 for Windows 11 24H2 (build 26100.6725), delivering 41 non-security changes and fixes. Highlights include new AI actions in File Explorer, an updated Click to Do menu, an Administrator Protection Preview, and passkey plugin integration. The update addresses high CPU usage in Windows Sandbox (VmmemCMFirstBoot), WSUS-related update failures, Windows Hello 0x80090010 errors on Entra ID–joined devices, HDR and Hyper-V TPM issues, and gaming performance with overlays. Microsoft lists a known DRM-related playback issue; install via Settings > Windows Update or the Microsoft Update Catalog.

Grok 4 Arrives in Azure AI Foundry for Business Use

🔒 Microsoft and xAI have brought Grok 4 to Azure AI Foundry, combining a 128K-token context window, native tool use, and integrated web search with enterprise safety controls and compliance checks. The release highlights first-principles reasoning and enhanced problem solving across STEM and humanities tasks, plus variants optimized for reasoning, speed, and code. Azure AI Content Safety is enabled by default and Microsoft publishes a model card with safety and evaluation details. Pricing and deployment tiers are available through Azure.

Microsoft Blocks Phishing Using AI-Generated Code Tactics

🔒 Microsoft Threat Intelligence stopped a credential phishing campaign that likely used AI-generated code to hide a payload inside an SVG file disguised as a PDF. Attackers sent self-addressed emails from a compromised small-business account, hiding real targets in the Bcc field and attaching a file named "23mb – PDF- 6 pages.svg." Embedded JavaScript decoded business-style obfuscation to redirect victims to a fake CAPTCHA and a fraudulent sign-in page, and Microsoft Defender for Office 365 blocked the campaign by flagging delivery patterns, suspicious domains and anomalous code behavior.

UNC6040: Proactive Hardening for SaaS and Salesforce

🔒 Google Threat Intelligence Group (GTIG) tracks UNC6040, a financially motivated cluster that uses telephone-based social engineering to compromise SaaS environments, primarily targeting Salesforce. Operators trick users into authorizing malicious connected apps—often a fake Data Loader—to extract large datasets. The guidance prioritizes identity hardening, strict OAuth and API governance, device trust, and targeted logging and SIEM detections to identify rapid exfiltration and cross‑SaaS pivots.

Microsoft Warns of LLM-Crafted SVG Phishing Campaign

🛡️ Microsoft flagged a targeted phishing campaign that used AI-assisted code to hide malicious payloads inside SVG files. Attackers sent messages from a compromised business account, employing self-addressed emails with hidden BCC recipients and an SVG disguised as a PDF that executed embedded JavaScript to redirect users through a CAPTCHA to a fake login. Microsoft noted the SVG's verbose, business-analytics style — flagged by Security Copilot — as likely produced by an LLM. The activity was limited and blocked, but organizations should scrutinize scriptable image formats and unusual self-addressed messages.

Fake Microsoft Teams Installer Delivers Oyster Backdoor

⚠️ Blackpoint SOC observed a malvertising and SEO-poisoning campaign that directs searches for Teams downloads to a fake site at teams-install[.]top offering a malicious MSTeamsSetup.exe. The signed installer uses certificates from "4th State Oy" and "NRM NETWORK RISK MANAGEMENT INC" to appear legitimate, then drops CaptureService.dll into %APPDATA%\Roaming and creates a scheduled task CaptureService to run every 11 minutes. The payload installs the Oyster backdoor. Administrators should download software only from verified vendor domains and avoid clicking search ads.

Microsoft Photos adds AI Auto-Categorization on Windows

🤖 Microsoft is testing a new AI-powered Auto-Categorization capability in Microsoft Photos on Windows 11, rolling out to Copilot+ PCs across all Windows Insider channels. The feature automatically groups images into predefined folders — screenshots, receipts, identity documents, and notes — using a language-agnostic model that recognizes document types regardless of image language. Users can locate categorized items via the left navigation pane or Search bar, manually reassign categories, and submit feedback to improve accuracy. Microsoft has not yet clarified whether image processing happens locally or is sent to its servers.

Microsoft temporary fix for Outlook encrypted errors

🔧 Microsoft is investigating a known issue that prevents users of the classic Outlook for Windows from opening OMEv2-encrypted emails sent from a different organization, producing the error message "Configuring your computer for Information Rights Management." As a temporary workaround, administrators can either exclude external users from Conditional Access requirements or enable cross-tenant trust for MFA claims in the Microsoft Entra admin center. Enabling cross-tenant trust is the recommended and easiest option, but both sending and receiving tenants must apply it for full cross-tenant compatibility.

Microsoft Edge to Revoke Malicious Sideloaded Extensions

🔒 Microsoft will add a security feature to Edge that detects and revokes malicious sideloaded extensions. The protection targets extensions installed via Developer Mode or other local sideloading methods that bypass the Microsoft Edge Add-ons vetting process. Microsoft plans a worldwide rollout in November for standard multi-tenant instances, aiming to reduce large-scale extension abuse and forced-install campaigns.

Microsoft issues final Windows 10 22H2 preview update

🔧 Microsoft released the final non-security preview update for Windows 10 22H2 (KB5066198), delivering fixes for the out-of-box experience and SMBv1 connectivity over NetBIOS over TCP/IP (NetBT). This optional cumulative update lets administrators test improvements before they roll into the next month’s Patch Tuesday and raises systems to build 19045.6396. KB5066198 also resolves an Autopilot Enrollment Status Page (ESP) OOBE loading issue and includes prior fixes for unexpected UAC prompts and NDI streaming performance regressions. Install via Windows Update by choosing 'Download and install' for optional updates or obtain the package from the Microsoft Update Catalog.

Microsoft Marketplace: Unified Cloud and AI Solutions

🚀 The reimagined Microsoft Marketplace is a unified destination to find, try, buy and deploy cloud solutions, AI apps and agents, combining Azure Marketplace and Microsoft AppSource. It lists tens of thousands of offerings and more than 3,000 AI apps and agents with rapid provisioning into Microsoft environments using Model Context Protocol (MCP). Integrations with CSPs and channel partners support private offers, a resale-enabled preview and governance for enterprise deployment.

Microsoft to Provide Free Windows 10 Security Updates in EEA

🛡️ Microsoft will provide no-cost Extended Security Updates (ESU) for Windows 10 consumer users across the European Economic Area (EEA). The company adjusted enrollment so consumers can access critical patches without tying updates to Windows Backup or Microsoft Rewards, following pressure from Euroconsumers. Microsoft says the change aims to support customers transitioning to Windows 11 before Windows 10 reaches end of support on October 14, 2025.

Global Harms of Restrictive Cloud Licensing: One Year

⚖️ A year after Google Cloud filed a formal complaint with the European Commission, restrictive cloud licensing by Microsoft remains entrenched and, according to recent disclosures, appears to be intensifying. Microsoft has described efforts to drive customers to Azure as a core growth pillar, while new licensing changes due at the end of September further restrict managed service providers from hosting workloads on competing clouds. Regulators such as the U.K.'s CMA have found these policies harm customers, competition, innovation, and cybersecurity, and multiple global authorities are now scrutinizing the practices.

Chinese Backdoor Grants Year-Long Access to US Firms

🔐 Chinese state-linked actors deployed a custom Linux/BSD backdoor called BRICKSTORM on network edge appliances to maintain persistent access into U.S. legal, technology, SaaS and outsourcing firms. These implants averaged 393 days of undetected dwell time and were used to pivot to VMware vCenter/ESXi hosts, Windows systems, and Microsoft 365 mailboxes. Mandiant and Google TAG attribute the activity to UNC5221 and have released a scanner and hunting guidance to locate affected appliances.