< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 16 of 42

CTI-REALM: Benchmark for End-to-End Detection Rules

🔍 Microsoft introduces CTI-REALM, an open-source benchmark that evaluates AI agents on end-to-end detection engineering by turning real-world cyber threat intelligence into validated detections. The benchmark places agents in realistic, tool-rich environments where they must read CTI reports, explore telemetry, iterate on KQL queries, and produce Sigma rules and KQL-based logic scored against ground truth across Linux, AKS, and Azure. CTI-REALM's checkpoint-based scoring surfaces whether failures arise from CTI comprehension, technique mapping, data-source selection, or query construction, helping teams decide where human oversight and guardrails are required.
read more →

Securing Agentic AI: End-to-End Enterprise Protections

🔒 Microsoft presents an end-to-end strategy to secure agentic AI with the new Agent 365 control plane and updates across Microsoft Defender, Entra, Purview, and Sentinel. Announced for RSAC 2026, these measures focus on visibility, continuous identity protection, data loss prevention for Copilot prompts, and prompt-injection defenses to help organizations observe, govern, and defend agent ecosystems at scale.
read more →

KB5079473: March Windows 11 Update Breaks Sign-Ins

🛠️ Microsoft says the March Windows 11 cumulative update KB5079473 causes Microsoft account sign-in failures across multiple apps, including Teams, OneDrive, Edge, Excel, Word and Microsoft 365 Copilot. Affected apps display an erroneous message indicating the device is offline even when connected. Microsoft recommends restarting affected devices while they remain online as a temporary workaround while it works on a fix. Business sign-ins using Entra ID are not impacted.
read more →

CISA Warns to Harden Endpoint Management After Intune Attack

🔒 CISA is urging IT and security leaders to harden endpoint management configurations after pro‑Iranian group Handala reportedly abused Microsoft Intune in a March 11 attack on Stryker that disrupted operations and enabled remote wipes. The guidance emphasizes least‑privilege administrative roles, phishing‑resistant MFA, privileged access hygiene, and multi‑admin approval for destructive actions. Although focused on Intune, CISA says these defensive principles apply to any UEM. Organizations should audit admin access, require multi‑party approvals, and continuously monitor privileged activity.
read more →

Microsoft Announces Zero Trust for AI: New Tools and Guidance

🔒 Microsoft announced Zero Trust for AI, extending proven Zero Trust principles across the AI lifecycle and shipping new tools and guidance to help security teams deploy AI with confidence. The update adds an AI pillar to the Zero Trust Workshop, expands the Zero Trust Assessment to include Data and Networking, and introduces a Zero Trust for AI reference architecture. Microsoft also published practical patterns for threat modeling and AI observability to help teams verify agents, apply least privilege, and assume breach.
read more →

Critical Microsoft SharePoint Flaw Now Exploited in Attacks

🔴 The Cybersecurity and Infrastructure Security Agency (CISA) warned that a critical deserialization vulnerability in Microsoft SharePoint, tracked as CVE-2026-20963, is being exploited in the wild. The flaw affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition and can allow unauthenticated remote code execution on unpatched servers. Microsoft patched the issue during January Patch Tuesday but has not labeled it as exploited; CISA added the vulnerability to its actively exploited catalog and ordered federal agencies to remediate by March 21.
read more →

CISA Alerts: Zimbra, SharePoint Flaws Actively Exploited

⚠ CISA has urged federal agencies to apply patches for two actively exploited vulnerabilities affecting Synacor Zimbra Collaboration Suite and Microsoft Office SharePoint. Zimbra's Classic UI suffered a stored XSS (CVE-2025-66376) patched in versions 10.0.18 and 10.1.13 in November 2025, while SharePoint had a deserialization RCE (CVE-2026-20963) fixed in January 2026. CISA set FCEB patching deadlines and reported no public attribution or scale; separately, Amazon detailed exploitation of a Cisco firewall-management zero-day (CVE-2026-20131) by the Interlock ransomware group.
read more →

Advancing Agentic AI Across a Unified Microsoft Data Estate

🚀 At SQLCon 2026 in Atlanta, Microsoft detailed enhancements that position its database portfolio as a foundation for agentic AI and unified analytics across edge, PaaS, and SaaS. Key announcements include Azure SQL innovations such as GitHub Copilot in SSMS, a one‑year Savings Plan for databases, and Hyperscale advances (vector index performance, SQL MCP Server, and larger vCore options). The new Database Hub in Microsoft Fabric (early access) and enterprise security features for SQL in Fabric aim to simplify migration, governance, and AI‑driven app development.
read more →

FabCon & SQLCon 2026: Unifying Databases and Fabric

🧩 Microsoft outlined a strategy at FabCon and SQLCon 2026 to converge its database portfolio and Microsoft Fabric into a single, unified data platform. Key highlights include the new Database Hub (early access) for unified estate management across Azure SQL, Cosmos DB, PostgreSQL, MySQL, SQL Server via Arc, and Fabric Databases. The company also showcased enhancements to OneLake, Runtime 2.0, Fabric IQ, agent experiences, migration assistants, and a database savings plan that can reduce costs up to 35% for eligible scenarios.
read more →

CISA Adds CVE-2026-20963 to Known Exploited Vulnerabilities

⚠️ CISA has added CVE-2026-20963 — a Microsoft SharePoint deserialization of untrusted data vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog after observing active exploitation. This class of flaw is a frequent attack vector that can allow malicious actors to execute code or manipulate data when untrusted input is deserialized. CISA reminds Federal Civilian Executive Branch agencies that BOD 22-01 requires remediation by the assigned due dates and strongly urges all organizations to prioritize timely fixes.
read more →

CISA Urges Hardening of Endpoint Management Systems

🔒 CISA warns of malicious activity targeting endpoint management systems following the March 11, 2026 attack against Stryker Corporation that affected its Microsoft environment. The agency urges organizations to harden endpoint management configurations and adopt Microsoft’s newly released best practices for securing Microsoft Intune, while applying those principles to other endpoint management tools. Key recommended controls include RBAC-based least-privilege administrative roles, phishing-resistant MFA and privileged access hygiene using Microsoft Entra ID, and configuring Multi Admin Approval policies for high-impact actions such as device wipes, application and script changes, and RBAC modifications.
read more →

Microsoft halts automatic install of 365 Copilot app

🔔 Microsoft has halted the planned automatic installation of the Microsoft 365 Copilot app on Windows devices outside the EEA. The rollout, announced earlier and scheduled for December, is temporarily disabled; existing installs are unchanged and administrators can still deploy the app manually. Microsoft offered no reason in its Microsoft 365 message center update and asked admins to await further information. EEA customers remain excluded from the change.
read more →

Windows 11 hotpatch fixes Bluetooth device visibility issue

🔧 Microsoft released an out-of-band hotpatch (KB5084897) to address a Bluetooth device visibility problem impacting hotpatch-enabled Windows 11 Enterprise systems. Connected Bluetooth peripherals may not appear in Settings or Quick Settings, and users might be unable to add new devices because available devices are not listed. The update targets Windows 11 25H2 and 24H2, installs automatically on eligible Enterprise clients, and requires no restart.
read more →

Microsoft: Teams Meeting Add-in Breaks Outlook Classic

⚠️ Microsoft warns that enabling the Microsoft Teams Meeting Add-in can render the classic Outlook desktop client unusable for affected users, according to an admin center notice (EX1254044). The company says the problem is tied to a previous Outlook build and is working with customers to ensure the latest version is deployed. As a temporary fix, impacted users should update Outlook or run an Online Repair for click-to-run installs, which reinstalls Office apps.
read more →

Microsoft, NVIDIA Expand Azure AI Infrastructure and Foundry

🚀 Microsoft and NVIDIA announced deeper integration at NVIDIA GTC, extending Microsoft Foundry to support NVIDIA Nemotron models and to simplify building production agents. New Azure AI infrastructure optimized for inference and reasoning will bring Vera Rubin NVL72 into liquid‑cooled datacenters and add initial support on Azure Local. Foundry Agent Service, Control Plane observability and a Voice Live API preview aim to accelerate prototype‑to‑production paths, while Fabric–Omniverse links and a public Physical AI Toolchain support simulation‑to‑operations workflows.
read more →

Stryker Attack Wipes Tens of Thousands of Devices Globally

🔒 Stryker reported a targeted attack that remotely wiped nearly 80,000 corporate devices by abusing Microsoft admin privileges and issuing remote wipe commands through Intune. The company says the incident was confined to its internal Microsoft environment, did not involve deployed malware, and investigators found no evidence of data exfiltration. Operational impacts include offline electronic ordering systems and manual order processing while recovery continues.
read more →

Microsoft Purview innovations for Fabric governance

🔒 Microsoft announced new Purview innovations for Fabric to help organizations discover sensitive data risks, prevent oversharing, and improve governance and data quality across their data estate. Updates include general availability of DLP policies for Fabric Warehouses and KQL/SQL DBs, Insider Risk Management for lakehouses, and preview capabilities for Copilots and Agents. The Unified Catalog also gains publication workflows and data quality checks for ungoverned assets to better prepare trusted data for AI.
read more →

From Legacy to Leadership: PostgreSQL on Azure for Agility

🚀 Microsoft outlines how moving from legacy on-prem Oracle to Azure Database for PostgreSQL and the new Azure HorizonDB can reduce costs, boost performance, and improve agility. The post highlights an Apollo Hospitals migration that cut operational costs by 60%, improved uptime to 99.95%, and delivered a 3x performance gain. It also describes an AI-assisted Oracle-to-PostgreSQL migration tool integrated into VS Code that automates schema and application conversion, testing, and validation to reduce risk and accelerate adoption.
read more →

Microsoft Exchange Online outage blocks mailbox access

📧Microsoft is investigating an ongoing Exchange Online outage that is preventing customers from accessing mailboxes and calendars. The company acknowledged the incident at 06:42 AM UTC and reported problems across Outlook on the web, Outlook desktop, Exchange ActiveSync, and other Exchange Online connection protocols. Microsoft said telemetry shows recovery for some users while engineers apply configuration changes and continue to monitor service health.
read more →

Vishing Leads to Compromise via Microsoft Teams Support

🔒 In this Cyberattack Series report, Microsoft Incident Response (DART) details an identity-first, human-operated intrusion that began with persistent Microsoft Teams voice phishing (vishing). After two failed attempts, the attacker persuaded a third employee to grant remote access via Quick Assist, then directed the user to a spoofed web form to capture corporate credentials and download multiple payloads. An early, disguised MSI sideloaded a malicious DLL to establish outbound command-and-control. DART contained the activity, removed artifacts, and recommends tightening external collaboration and disabling unnecessary remote-access utilities.
read more →