All news with #microsoft tag

HybridPetya Bootkit Bypasses Secure Boot on UEFI Systems

🔒 ESET researchers identified HybridPetya, a new ransomware strain that blends Petya-style MFT encryption with a UEFI bootkit that can bypass Secure Boot by abusing a patched flaw (CVE-2024-7344) in the Howyar Reloader EFI component. The malware installs a malicious EFI application, uses a three-state flag to track encryption and ransom status, displays a fake CHKDSK screen, and demands $1,000 in Bitcoin. Select variants load a cloak.dat payload into reloader.efi to evade integrity checks; Microsoft revoked the vulnerable binary via dbx updates. ESET found no evidence of widespread active abuse but warned Secure Boot bypasses are increasingly common and urged prompt patching and boot integrity monitoring.

Five AI Use Cases CISOs Should Prioritize in 2025 and Beyond

🔒 Security leaders are balancing safe AI adoption with operational gains and focusing on five practical use cases where AI can improve security outcomes. Organizations are connecting LLMs to internal telemetry via standards like MCP, using agents and models such as Claude, Gemini and GPT-4o to automate threat hunting, translate technical metrics for executives, assess vendor and internal risk, and streamline Tier‑1 SOC work. Early deployments report time savings, clearer executive reporting and reduced analyst fatigue, but require robust guardrails, validation and feedback loops to ensure accuracy and trust.

Microsoft Probes Exchange Online Outage in North America

⚠️ Microsoft is investigating an ongoing Exchange Online outage across North America that is preventing users from accessing mailboxes via any Exchange Online connection method. Customers have reported issues for more than six hours on DownDetector, with sign-in and server connection failures affecting Teams, Outlook, and Hotmail. Microsoft says it is reviewing telemetry and applying changes to optimize affected mailbox infrastructure while the root cause is still under investigation.

Senator Wyden Urges FTC Probe of Microsoft's Security

🚨 U.S. Senator Ron Wyden requested that the FTC investigate Microsoft for what he describes as “gross cybersecurity negligence” after product weaknesses tied to Kerberos and legacy RC4 usage contributed to ransomware incidents, including the May 2024 Ascension Health breach that exposed data for 5.6 million patients. Wyden says his office alerted Microsoft in July 2024 and urged setting stronger ciphers like AES as defaults; he criticized an October Microsoft blog as too technical to warn corporate decision-makers. Microsoft replied that RC4 accounts for under 0.1% of traffic, that full removal risks breaking legacy systems, and that deprecation is on its roadmap.

Microsoft adds malicious link warnings to Teams chats

🔔 Microsoft Teams will display warnings on private messages that contain URLs flagged as spam, phishing, or malware for customers using Microsoft Defender for Office 365 and enterprise Teams. The feature enters public preview for desktop, Android, web, and iOS in September 2025 and is slated for general availability in November 2025. Admins can enable the preview via the Teams Admin Center messaging settings; warnings will be enabled by default at GA and can be managed through the Teams Admin Center or PowerShell.

Wyden Urges FTC Probe of Microsoft After Ascension Hack

🛡️ US Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft following the 2024 ransomware attack on healthcare operator Ascension, which exposed data for 5.6 million patients after a contractor clicked a malicious Bing search result. Wyden says default Microsoft settings and support for the outdated RC4 standard enabled a Kerberoasting technique that granted administrative access. He notes Microsoft was warned in July 2024 and posted a blog in October announcing a planned update, but nearly a year later no update has been issued nor direct customer outreach made. The letter frames Microsoft’s control over default configurations as a systemic national security risk.

Senator Wyden Urges FTC Probe of Microsoft Ransomware Lapses

🔍 Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft for what he describes as "gross cybersecurity negligence" that he says facilitated ransomware attacks on U.S. critical infrastructure, including healthcare. Wyden's four-page letter to FTC Chair Andrew Ferguson cites the 2024 Ascension breach attributed to Black Basta and details an attack chain that began when a contractor clicked a malicious link after using Microsoft's Bing search. The senator highlights exploitation of insecure default Kerberos settings and legacy RC4 support enabling Kerberoasting, and criticizes Microsoft for not enforcing stronger defaults and minimum password requirements while noting the company's published mitigations and planned deprecations.

Senator Wyden Urges FTC Probe into Microsoft's Security

🚨 Senator Ron Wyden has asked the FTC to investigate Microsoft for what he calls "gross cybersecurity negligence," arguing insecure defaults enabled widespread ransomware attacks. He cites the February 2024 Ascension Health breach that exposed 5.6 million patient records and describes how a single click enabled lateral movement via Kerberoasting and lingering RC4 support. Wyden criticizes Microsoft for building a >$20 billion security business of add-on protections while leaving core products vulnerable and says promised fixes and plain-language guidance were inadequate. The letter warns this pattern poses national-security and industry-wide risks.

Microsoft Waives Publishing Fees for Windows Store

🎉 Microsoft announced that, starting today, individual Windows developers can publish applications to the Microsoft Store without paying registration fees. The policy covers Win32 (including .NET WPF and WinForms), UWP, PWA, .NET MAUI, and Electron apps; Microsoft will host MSIX-packaged binaries, sign apps for free, and pay for distribution so developers don't need their own CDN. Developers of non-gaming apps may also implement their own in-app payment systems and retain all revenue. To publish, creators sign in with a personal Microsoft account and must verify identity with a government ID and a selfie; no credit card is required.

Salty2FA Phishing Framework Evades MFA Using Turnstile

🔒 A newly identified phishing-as-a-service called Salty2FA is being used in campaigns that bypass multi-factor authentication by intercepting verification flows and abusing trusted services like Cloudflare Turnstile. Ontinue researchers report the kit uses subdomain rotation, domain-pairing, geo-blocking and dynamic corporate branding to make credential pages appear legitimate. The framework simulates SMS, authenticator apps, push approvals and even hardware-token prompts, routing victims through Turnstile gates to filter automated analysis before harvesting credentials.

Agent Integration with Open Standards: MCP and A2A

🔗 Azure's Agent Factory blog emphasizes that interoperability is the key to moving agentic AI from isolated prototypes to enterprise-scale solutions. The post promotes open standards like Model Context Protocol (MCP) and Agent2Agent (A2A) to enable shared context, reusable tools, and cross-framework collaboration across runtimes such as Semantic Kernel. It explains how Azure AI Foundry combines these protocols with thousands of connectors, unified observability, and governance so agents can act across SaaS, legacy systems, and custom APIs without costly rewrites.

Microsoft fixes NDI streaming issues from August updates

🔧 Microsoft has resolved severe lag and stuttering issues affecting NDI streaming on Windows 10 and Windows 11 that appeared after the August 2025 cumulative security updates. The root cause was tied to KB5063878 and KB5063709 and manifested as dropped NDI traffic and degraded performance specifically over RUDP connections, while UDP and Single-TCP streams were unaffected. On September 9, 2025, Microsoft released fixes (KB5065426 and KB5065429) and recommends applying those updates; NDI also published a temporary workaround to switch Receive Mode to Single TCP or UDP in the NDI Tools Access Manager for systems that cannot immediately update.

Cursor autorun flaw lets repos auto-execute code silently

⚠ Cursor's autorun feature can allow repositories to execute code automatically when a folder is opened in Visual Studio Code with Cursor installed. Oasis Security researchers demonstrated that attackers can embed hidden instructions that trigger commands tied to workspace events without a developer's consent. With Workspace Trust disabled by default in Cursor, opening a project can enable token theft, file tampering or persistent malware. Developers should treat unknown repositories cautiously and enable available trust controls.

Microsoft Fixes UAC Prompts and App Install Issues

🔧 Microsoft has issued a fix for an August 2025 update that caused unexpected User Account Control (UAC) prompts and blocked MSI app installations for non-administrative users across multiple Windows client and server releases. The behavior resulted from a security patch addressing CVE-2025-50173, which introduced broader elevation checks to mitigate privilege escalation. Microsoft’s September 2025 update narrows when UAC is required for MSI repairs and lets IT administrators add specific MSI packages to an allowlist via new SecureRepairPolicy and SecureRepairWhitelist registry keys. The company also resolved a separate bug that caused severe lag and stuttering in NDI streaming software on Windows 10 and Windows 11.

Microsoft Patches 80 Flaws, Including SMB Elevation

🔒 Microsoft released fixes for 80 security flaws across its products, including one publicly disclosed SMB privilege-escalation issue (CVE-2025-55234). Eight flaws are rated Critical and 72 Important, with a high proportion of elevation-of-privilege bugs. The update also includes a CVSS 10.0 Azure Networking fix and new auditing options to help administrators assess Windows SMB signing and Extended Protection compatibility before hardening.

Two Zero-Days Among Microsoft Patch Tuesday Fixes This Month

⚠️ Microsoft released its monthly Patch Tuesday addressing 81 vulnerabilities, including two disclosed zero-days affecting SQL Server and SMB. The first, CVE-2024-21907, involves improper handling in Newtonsoft.Json used by SQL Server and can cause denial of service via deeply nested JSON. The second, CVE-2025-55234, is a remotely exploitable SMB elevation-of-privilege that can be mitigated by hardening features like SMB Server Signing and Extended Protection for Authentication; Microsoft also offers audit tools to check compatibility before enabling them.

Patch Tuesday: Critical SAP NetWeaver and Microsoft Fixes

🔔 CISOs with SAP NetWeaver AS Java deployments should urgently patch two critical flaws: CVE-2025-42944, a CVSS 10.0 insecure deserialization in the RMI-P4 module, and a CVSS 9.9 insecure file-upload vulnerability that can lead to full system compromise. As an immediate mitigation, admins can apply P4 port filtering at the ICM level until patches are installed. Microsoft released fixes for 13 critical bugs this month, including Hyper‑V guest-to-host escalation issues and an NTLM elevation flaw (CVE-2025-54918) marked Exploitation More Likely; teams should prioritize domain controllers and virtualization hosts.

Microsoft Patch Tuesday: September 2025 Security Fixes

🔒 Microsoft today released Patch Tuesday updates addressing more than 80 vulnerabilities across Windows and related products, including 13 rated critical. There are no known zero‑day or actively exploited flaws in this bundle, but Microsoft patched several high‑risk issues such as CVE-2025-54918 (Windows NTLM), CVE-2025-55234 (SMB client), and CVE-2025-54916 (NTFS). Researchers warn many fixes are for privilege‑escalation bugs — some remotely exploitable — and note that Apple and Google recently patched zero‑days in their platforms as well.

Microsoft September 2025 Patch Tuesday: 86 Fixes Guidance

🔒Microsoft released its September 2025 security update addressing 86 vulnerabilities across Windows, Office, DirectX, Hyper-V and related components. Microsoft reported no active in-the-wild exploitation but identified eight flaws where exploitation is more likely, including a network RCE in NTFS (CVE-2025-54916). Talos published Snort rules to detect attempts and recommends administrators prioritize patches and update IDS/IPS signatures promptly.

Windows 10 KB5065429 — 14 Fixes for UAC and NDI Issues

🔧Microsoft has released the KB5065429 cumulative update for Windows 10 22H2 and 21H2, delivering fourteen fixes and improvements, including remedies for unexpected UAC prompts and severe lag with NDI streaming software. This update is mandatory as it bundles the September 2025 Patch Tuesday security fixes, addressing two publicly disclosed zero-days and 81 additional vulnerabilities. Systems will update to build 19045.6332 (22H2) or 19044.6332 (21H2) and can be installed via Windows Update or the Microsoft Update Catalog. Microsoft reports no known issues with this release.