All news with #microsoft tag

Retail at Risk: Single Alert Reveals Persistent Threat

🔍 A single Microsoft Defender alert triggered an investigation that uncovered a persistent cyberthreat against retail customers. Attackers exploited unpatched SharePoint flaws CVE-2025-49706 and CVE-2025-49704 using obfuscated ASPX web shells while also compromising identities through self-service password reset abuse and Microsoft Entra ID reconnaissance. DART swiftly contained the intrusions—removing web shells, isolating Entra ID, deprivileging accounts, and recommending Zero Trust measures, MFA enforcement, timely patching, and EDR deployment.

Brickstorm: Long-term Go-based Backdoor Targets US Orgs

🔒 Google researchers report suspected China-linked operators used a Go-based backdoor named Brickstorm to persistently exfiltrate data from U.S. technology, legal, SaaS and BPO organizations, with an average dwell time of 393 days. Brickstorm operated as a web server, file dropper, SOCKS relay and remote command executor while masquerading traffic as legitimate cloud services and targeting edge appliances that often lack EDR. GTIG attributes the activity to UNC5221, a cluster linked to Ivanti zero-day exploitation and custom tools like Spawnant and Zipline. Mandiant published a scanner with YARA rules but cautioned it may not detect all variants or persistence mechanisms.

AI-Obfuscated SVG Phishing Campaign Detected and Blocked

🔍 Microsoft Threat Intelligence detected and blocked a credential-phishing campaign that likely leveraged AI-generated code to obfuscate its payload inside an SVG attachment. The malicious SVG imitated a PDF and hid JavaScript within invisible, business-themed elements and a long sequence of business terms that the embedded script decoded into redirects, browser fingerprinting, and session tracking. Microsoft Defender for Office 365 blocked the activity by correlating infrastructure, behavioral, and message-context signals, while Security Copilot flagged the code as likely LLM-generated.

Microsoft Purview Study: 30% Reduction in Breach Risk

🔒 The Forrester Total Economic Impact™ study commissioned by Microsoft found that Microsoft Purview reduced the likelihood of data breaches by 30% for a composite organization, yielding more than $225,000 in annual savings from avoided incidents and fines. The report credits unified governance, automated classification, and fine‑tuned DLP policies with a 75% reduction in investigation time and 75% time savings for users searching and classifying data. Over three years the study shows $3.0M in benefits versus $633,000 in costs (NPV $2.3M; ROI 355%).

Azure Cobalt 100 VMs Deliver Performance and Efficiency

⚡ Azure's in-house Arm-based Cobalt 100 VMs are now live in 29 regions and designed to deliver higher performance, energy efficiency, and lower costs for a broad set of cloud workloads. Customers and platform vendors — including Databricks, Snowflake, Siemens, and Temenos — report measurable throughput and price-performance gains, while Microsoft services like Teams and Defender for Endpoint show meaningful internal improvements. The post presents these results as validation of an end-to-end systems strategy that couples custom silicon with infrastructure-level optimization.

Free IGA for SMBs: Streamline Access and Governance

🔒 Tenfold’s Community Edition offers a free, full-featured Identity Governance & Administration (IGA) platform for organizations of up to 150 users. Its no-code interface enables automated role-based onboarding and offboarding using configurable profiles, and supports self-service password resets and access requests with customizable approval workflows. The solution analyzes Active Directory, SharePoint and Microsoft 365 permissions, helps identify unwanted external sharing, and automates scheduled access reviews to reduce privilege creep and IT helpdesk workload.

AWS License Manager Adds Shared Managed Active Directory

🔁 AWS License Manager now supports shared AWS Managed Active Directory across multiple AWS accounts, enabling centralized management of Microsoft product subscriptions. Customers can subscribe once in a single admin account and extend those subscriptions to directory consumer accounts across their AWS Organization. This reduces duplicate directories and IT overhead and is available in all commercial regions where License Manager user subscription is supported.

Microsoft accelerates migration and modernization with AI

🔧 Microsoft outlined a set of agentic AI tools to speed migration and modernization across applications and data. GitHub Copilot now automates Java and .NET upgrades and end-to-end app modernization flows, while Azure Migrate adds AI-driven guidance, connected Copilot workflows, and broader application-awareness. The Azure Accelerate program pairs expert deployment support and funding to reduce friction and help teams move projects faster.

Microsoft Removes Windows 11 24H2 Safeguard Hold After Fix

🔧 Microsoft removed a compatibility hold that prevented devices with integrated cameras from installing Windows 11, version 24H2 after fixing a face/object detection bug that could cause the Camera app, Windows Hello facial sign-in, and other camera-using apps to freeze. The safeguard (ID 53340062) has been lifted; eligible devices with no other holds should be offered the update via Windows Update within 48 hours, and restarting may speed the offer. Microsoft recommends installing the latest security update, which includes the fix.

Microsoft: Updates Causing DRM Video Playback Issues

🎬 Microsoft confirmed a known issue that prevents some apps from playing DRM-protected video content or from displaying and recording live TV on Windows 11 24H2 systems after installing the August non-security preview update (KB5064081) or later. Applications using Enhanced Video Renderer with HDCP enforcement or DRM for digital audio may encounter copyright protection errors, frequent playback interruptions, freezing, or black screens. The vendor is working on a fix that will be delivered in a future Windows update.

Major EDR Vendors Withdraw from MITRE ATT&CK Tests

🔍Three major cybersecurity vendors — Microsoft, SentinelOne and Palo Alto Networks — have declined to participate in the 2025 MITRE Engenuity ATT&CK Evaluations: Enterprise, citing a need to prioritize product development and innovation. Their exits, after strong 2024 performances, have sparked debate over the tests' scope and whether they encourage PR-driven preparation. MITRE says it will revive a vendor forum for 2026 to improve engagement.

Microsoft Fixes Entra ID Token Flaw Allowing Impersonation

🔒 Microsoft has patched a critical token validation failure in Entra ID (formerly Azure AD), tracked as CVE-2025-55241 and assigned a CVSS score of 10.0. The flaw combined misused service-to-service (S2S) actor tokens issued by the Access Control Service (ACS) with a validation gap in the legacy Azure AD Graph API that enabled cross-tenant impersonation, including Global Administrators. Microsoft released a fix on July 17, 2025 and said no customer action is required; there is no indication the issue was exploited in the wild. Security firms warned the vulnerability could bypass MFA, Conditional Access and logging, potentially enabling full tenant compromise.

Microsoft Entra ID Flaw Could Allow Tenant-Wide Hijack

🔒 A critical token validation flaw in Microsoft Entra ID could permit full tenant compromise by abusing undocumented, unsigned actor tokens issued by a legacy Access Control Service. Researcher Dirk-jan Mollema showed that when paired with a vulnerability in the deprecated Azure AD Graph API (CVE-2025-55241) those tokens could impersonate any user — including Global Administrators — across tenants without leaving tenant logs. Microsoft confirmed a fix after the July report and later patched the CVE.

Microsoft Rolls Out Gaming Copilot to Windows 11 PCs

🎮 Microsoft has begun a beta rollout of Gaming Copilot to Windows 11 PCs for users aged 18 and older outside mainland China. Integrated into the Game Bar via the Xbox PC app (Win+G), the assistant offers a Voice Mode for in‑game help, game recommendations, achievement checks and play‑history insights. Microsoft plans to push the feature to the Xbox mobile app on iOS and Android in October. Users can remove the widget from the Game Bar via Settings if they prefer.

Entra ID Actor Token Flaw Lets Attackers Impersonate Admins

🔒 Researchers disclosed a max-severity vulnerability in Microsoft Entra ID that allowed attackers to request and reuse internal Actor tokens to impersonate any user, including Global Administrators, across tenants. The issue stemmed from a legacy Azure AD Graph API that failed to validate the originating tenant, enabling cross-tenant impersonation without triggering MFA, Conditional Access, or audit logs. Microsoft patched the flaw, tracked as CVE-2025-55241, and rolled a global fix but experts warn that lack of historical visibility leaves uncertainty about past exploitation.

Forrester: Microsoft Defender Delivers 242% ROI Over 3 Years

🔒 Microsoft’s latest Forrester TEI study found a 242% return on investment over three years for organizations using Microsoft Defender. The analysis attributes $17.8 million in total benefits and reports an average payback period of less than six months for a composite organization. Integrated with Microsoft Sentinel, Defender streamlines SecOps by consolidating tooling, lowering false positives, and accelerating response through automation and KQL-enabled detections. Customers cite improved visibility across hybrid and multicloud environments and reduced operational overhead.

Inside Fairwater: Microsoft's New Frontier AI Datacenter

🚀 Microsoft unveiled Fairwater, a purpose-built AI datacenter in Wisconsin and sister sites in Norway and the UK, designed to operate as a single, global-scale supercomputer. The facility deploys interconnected racks of NVIDIA GB200 servers (72 GPUs per rack) and claims 10× the performance of the world’s fastest supercomputer. It combines closed-loop liquid cooling, exabyte-scale storage and an AI WAN to enable distributed training and large-scale inference across Azure.

Microsoft Named Leader in 2025 Gartner IIoT Report

🔷 Microsoft was named a Leader in the 2025 Gartner Magic Quadrant for Global Industrial IIoT Platforms, highlighting its industrial cloud portfolio. Azure’s adaptive cloud—anchored by Azure IoT, Azure Arc, Azure Digital Twins, and Microsoft Fabric—is positioned to unify cloud-to-edge data, enable real‑time intelligence, and scale AI-driven operations. The platform emphasizes security with Microsoft Defender for IoT, Microsoft Sentinel, and Microsoft Entra, while enabling brownfield integration and partner-led solutions to accelerate industrial modernization.

Microsoft 365: Why Its Dominance Creates Major Risk

🔒 Microsoft 365 has become the central nervous system of modern business, and its market dominance has turned the platform into a lucrative target for attackers. With over 400 million paid seats and tightly integrated apps like Outlook, SharePoint, Teams and OneDrive, a single compromise can cascade across services. Organizations must close backup gaps, adopt zero trust, enforce MFA and deploy cross-application threat detection to reduce catastrophic exposure.

Notepad Adds Free AI Writing Tools on Copilot+ Windows 11

📝 Microsoft is adding free AI-powered text features to Notepad on Copilot+ PCs running Windows 11, rolling out now to Windows Insiders in the Canary and Dev channels on Notepad version 11.2508.28.0. The new Summarize, Write, and Rewrite tools were previously part of Microsoft 365 subscriptions but are available without an extra subscription on Copilot+ devices. Features support English only; subscribers can switch between local and cloud models while unsigned users use the local model. Users may disable the AI options in settings or uninstall the updated Notepad to use classic notepad.exe. Paint and Snipping Tool also received recent updates.