All news with #microsoft tag

Microsoft Takedown Disrupts RaccoonO365 Phishing Service

🛡️ Microsoft's Digital Crimes Unit has seized 338 domains to dismantle the Phishing‑as‑a‑Service platform RaccoonO365, which enabled low‑skilled actors to deploy convincing Microsoft login pages. The DCU reports the service compromised more than 5,000 accounts across 94 countries since July 2024 and could bypass MFA to maintain persistent access. Operators marketed AI enhancements to scale attacks and collected at least $100,000 in cryptocurrency, prompting legal action to disrupt the infrastructure and seize control of the platform.

Blueprint for Building Safe and Secure AI Agents at Scale

🔒 Azure outlines a layered blueprint for building trustworthy, enterprise-grade AI agents. The post emphasizes identity, data protection, built-in controls, continuous evaluation, and monitoring to address risks like data leakage, prompt injection, and agent sprawl. Azure AI Foundry introduces Entra Agent ID, cross-prompt injection classifiers, risk and safety evaluations, and integrations with Microsoft Purview and Defender. Join Microsoft Secure on September 30 to learn about Foundry's newest capabilities.

Microsoft: Office 2016 and 2019 End Extended Support

🔔Microsoft reminded customers that Office 2016 and Office 2019 will reach the end of extended support on 14 October 2025. Organizations using Visio 2016/2019, Project 2016/2019, and related apps are urged to upgrade to avoid security, compliance, and performance issues because no further updates or fixes will be provided. Microsoft recommends migrating to Microsoft 365 Apps or selecting a perpetual release such as Office 2024 or Office LTSC 2024 depending on licensing and connectivity needs.

Microsoft and Cloudflare Disrupt RaccoonO365 Phishing

🔒 Microsoft and Cloudflare coordinated a disruption of the RaccoonO365 Phishing-as-a-Service operation in early September 2025, seizing 338 malicious websites and Cloudflare Worker accounts. The service is linked to at least 5,000 stolen Microsoft 365 credentials from 94 countries since July 2024 and was used in large campaigns, including a tax-themed sweep that targeted over 2,300 U.S. organizations. Kits bundled CAPTCHA and anti-bot evasion, were sold via a private Telegram channel, and investigators identified a suspected leader, prompting a criminal referral.

Microsoft and Cloudflare Disrupt RaccoonO365 Phishing

🔒 Microsoft and Cloudflare executed a coordinated takedown of RaccoonO365, a Nigerian-run phishing-as-a-service platform tracked by Microsoft as Storm-2246. The joint effort seized 338 domains and dismantled infrastructure that reportedly generated hundreds of millions of malicious messages and could bypass some MFA protections. Cloudflare removed intermediary Cloudflare Workers shields and deployed phish warning pages, while Microsoft pursued legal action and criminal referrals. The disruption exposed risks to healthcare providers and highlighted cross-border enforcement limits.

Microsoft Disrupts RaccoonO365 Phishing Kit Network

🛡️ Microsoft’s Digital Crimes Unit says it has dismantled the infrastructure behind RaccoonO365, seizing 338 malicious websites tied to the Storm-2246 phishing kit. The DCU, acting under a court order from the Southern District of New York, identified Nigeria-based operator Joshua Ogundipe and disrupted a Telegram-based subscription service with roughly 850 members. Microsoft says the service, launched July 2024, enabled the theft of thousands of Microsoft365 credentials, included tools to bypass MFA, and recently promoted an AI-powered feature to scale attacks.

RaccoonO365 Phishing Network Disrupted; 338 Domains Seized

🔒 Microsoft and Cloudflare coordinated a court-ordered disruption that seized 338 domains used by RaccoonO365, a phishing-as-a-service accused of harvesting over 5,000 Microsoft 365 credentials across 94 countries since July 2024. The takedown, executed between September 2–8, 2025, removed malicious Workers scripts, placed interstitial phish warnings, and suspended accounts to cut criminal access. RaccoonO365 was marketed by subscription and used legitimate services like Cloudflare Turnstile and Workers to harden phishing pages and evade detection.

Microsoft Adds Copilot Chat to Microsoft 365 Office Apps

💬 Microsoft is rolling out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for eligible Microsoft 365 business customers. Unlike Microsoft 365 Copilot, Copilot Chat is web-grounded and uses only web data by default, though it is content-aware and tailors responses to the file you have open. Microsoft says the feature is included at no additional cost for qualifying licenses, and admins can opt out of automatic installs; organizations can purchase a Microsoft 365 Copilot license to unlock full access to organizational data.

Azure Kubernetes Service Automatic: Simplified AKS for All

🚀 AKS Automatic is now generally available, delivering a fully managed, opinionated Kubernetes experience with production-ready defaults and automated day-two operations. It removes infrastructure toil—automatic node provisioning, scaling, patching, and repairs—while enabling intelligent autoscaling with HPA, VPA, KEDA and Karpenter. Developers retain the full Kubernetes API and toolchain and gain GPU and AI workload optimizations.

Microsoft Purview Updates for Fabric: Securing Data for AI

🔒 Microsoft announced Purview innovations for Fabric at FabCon to unify discovery, protection, and governance across Azure, Microsoft 365, and Microsoft Fabric. New generally available controls include Information Protection policies for Fabric items, DLP for structured data in OneLake, and Insider Risk Management for Fabric. Preview features add DSPM data risk assessments and enhanced Copilot controls, while the Unified Catalog gains finer metadata, tagging, and data‑quality workflows to improve discoverability and trust.

Microsoft to Remove WMIC After Windows 11 25H2 Upgrade

🔧 Microsoft has announced that the legacy WMIC command-line tool will be removed after systems are upgraded to Windows 11 25H2 and later. Administrators are advised to migrate scripts and automation to PowerShell or programmatic alternatives such as WMI's COM API or .NET libraries. The change affects only the WMIC client; the underlying WMI infrastructure remains supported. Microsoft says the removal reduces complexity and limits abuse of WMIC by threat actors.

FabCon Vienna: Enterprise-ready Microsoft Fabric updates

📢 At FabCon Vienna, Microsoft unveiled a broad set of Microsoft Fabric enhancements to accelerate data-rich agents and enterprise adoption. Key updates include expanded OneLake shortcuts and mirroring (preview for Oracle and BigQuery), a preview Graph database and Maps for geospatial context, developer tooling (MCP, Extensibility Toolkit, CI/CD) and strengthened security controls like Azure Private Link and customer-managed keys. These features focus on zero-copy data access, governance, and operational scalability for mission-critical workloads.

Senator Probes Microsoft over Continued RC4 Use in Kerberos

🔒 Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft for its continued use of the RC4 encryption algorithm. The letter highlights a technique called Kerberoasting, which exploits Kerberos ticket encryption to extract service account credentials. The complaint raises concerns about lingering support for weak ciphers in enterprise authentication.

Microsoft: Exchange Server 2016/2019 End Support Soon

⚠️ Microsoft has warned that Exchange Server 2016 and Exchange Server 2019 will reach end of extended support on October 14, 2025. After that date Microsoft will stop providing technical support, including bug fixes, time zone updates, and security patches, which could increase exposure to vulnerabilities. Administrators are advised to migrate to Exchange Online or upgrade to Exchange Server Subscription Edition, with documented migration and upgrade paths available.

Microsoft to Auto-Install 365 Copilot on Windows in Oct

📥 Microsoft will automatically install the Microsoft 365 Copilot app on Windows devices that already have Microsoft 365 desktop apps beginning in early October, with rollout completing by mid-November 2025. The app will be placed in the Start menu and enabled by default, but administrators can opt out via the Apps Admin Center. Systems in the EEA are excluded, and Microsoft advises IT to notify helpdesk teams and users beforehand to reduce confusion and support requests.

Microsoft removes upgrade block for Windows 11 audio

🔧 Microsoft has removed a safeguard hold that blocked upgrades to Windows 11 24H2 on devices running Dirac audio enhancement software after reports that the component cridspapo.dll caused integrated speakers and Bluetooth audio devices to stop working. A new driver is available via Windows Update and Microsoft recommends installing the latest security update; restarting the device may speed the offering. The safeguard hold was lifted on September 11, 2025, but other upgrade blocks remain for unrelated driver and software incompatibilities.

Microsoft: September Windows Updates Break SMBv1 Shares

⚠️Microsoft confirmed that the September 2025 Windows security updates can break connections to SMBv1 shares when NetBIOS over TCP/IP (NetBT) is used. The issue affects client releases (Windows 11 24H2/23H2/22H2, Windows 10 22H2/21H2) and server releases (Windows Server 2025, 2022) and may occur if either the SMB client or server has the update. As a temporary workaround, administrators are advised to allow SMB traffic on TCP port 445 so Windows can switch from NetBT to TCP. Microsoft is investigating and developing a fix.

Microsoft warns Windows 10 support ends in 30 days

⚠️ Microsoft reminded customers that Windows 10 will reach end of servicing on October 14, 2025, with the October monthly update being the last security release for affected versions. After that date, Microsoft will no longer provide bug fixes or technical assistance for security, stability, or usability issues. Customers are advised to upgrade eligible devices to Windows 11, migrate to Windows 365 in the cloud, enroll in Extended Security Updates (ESU), or consider LTSC/LTSC alternatives for specialized devices.

Wesco Reimagines Risk Management with Data Consolidation

🔍 Wesco consolidated thousands of security alerts into a unified risk framework to separate urgent threats from noise. By integrating more than a dozen platforms — including GitHub, Azure DevOps, Veracode, JFrog, Kubernetes, Microsoft Defender, and CrowdStrike — the company applied ASPM, threat modeling, a security champions program, and AI-driven automation to prioritize remediation. The initiative reduced duplication, saved developer time, and improved risk visibility across the organization.

Windows 11 23H2 Home and Pro end support Nov 11, 2025

⚠️ Microsoft warned that devices running Windows 11 23H2 Home and Pro editions will reach end of servicing on November 11, 2025, with the November 2025 monthly security update as the last release for those editions. Enterprise and Education SKUs will continue to receive mainstream support until November 10, 2026. Users are advised to upgrade to Windows 11 24H2, but Microsoft has applied safeguard holds for systems with incompatible Intel Smart Sound Technology audio drivers, SenseShield code‑obfuscation drivers, wallpaper customization tools, certain integrated cameras, and Dirac audio software.