< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 17 of 42

Microsoft Removes Samsung App After C: Drive Access Issues

⚠️ Microsoft removed the Samsung Galaxy Connect app from the Microsoft Store after a joint investigation concluded the app (used for screen mirroring, file sharing and data transfer) was triggering "C:\ is not accessible – Access denied" errors on certain Windows 11 Samsung Galaxy Book 4 and desktop models. Affected users reported blocked applications, failure to access files, and privilege elevation problems that impeded diagnostics. Samsung republished a stable previous version to stop further occurrences, but recovery options for impacted devices remain limited. Microsoft and Samsung have not published a workaround yet; users should contact Samsung for device-specific support.
read more →

Google and Partners Sign Global Accord to Combat Scams

🤝 Google announced it has signed the Industry Accord Against Online Scams & Fraud with major industry partners including Adobe, Amazon, LinkedIn, Meta, Microsoft and OpenAI. The agreement commits participants to unify capabilities, share threat intelligence and coordinate defenses against sophisticated, cross-border scam networks. Google said it will expand technical support and deploy AI-driven detection tools, building on $15 million in Google.org funding. In 2026 the company will share more through the Global Signal Exchange and publish guides on data sharing, private sector referrals to law enforcement, and public policy frameworks.
read more →

Microsoft issues Windows 11 hotpatch for RRAS RCE update

🔧 Microsoft released an out-of-band hotpatch (KB5084597) for Windows 11 to address remote code execution flaws in the Routing and Remote Access Service (RRAS) management tool. The update patches CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111 and aligns with fixes shipped in the March 2026 Patch Tuesday release. The hotpatch performs in-memory patching so eligible Enterprise devices enrolled in the hotpatch program via Windows Autopatch receive cumulative fixes without a restart. It applies to Windows 11 25H2, 24H2, and Enterprise LTSC 2024 systems used for remote server management.
read more →

Windows 11: Some Samsung PCs Lose Access to C Drive

⚠️Microsoft is investigating reports that some Samsung laptops running Windows 11 lose access to the C:\ drive after installing the February 2026 security updates. Affected users encounter the error 'C:\ is not accessible - Access denied' and cannot launch applications such as Outlook, Office apps, web browsers, and system utilities. Microsoft says it is working with Samsung and that the problem may be related to the Samsung Share application, but no official workaround has been provided.
read more →

Microsoft Probes Classic Outlook Sync and Connection Issues

📧 Microsoft is investigating several issues that are disrupting email synchronization and server connections in the classic Outlook desktop client. One bug causes 'Can't connect to the server' errors when creating groups if Exchange Web Services (EWS) is enabled because an AD Graph validation call fails; Microsoft plans updated group functionality using REST APIs and recommends using the new Outlook or OWA until a fix is released. Separate reports describe 0x800CCC0F and 0x80070057 errors for Gmail and Yahoo accounts after password changes — a temporary workaround is to delete the affected identity registry entries — and a cursor disappearance bug affecting Outlook and some Microsoft 365 apps is also under investigation.
read more →

Handala Hack Wiper Attacks Targeting Intune Admins

🔒 Unit 42 warns of elevated risk from destructive wiper operations attributed to the Iranian-linked Handala Hack actor, which has used phishing and compromised Microsoft Intune administrative access to delete servers and devices and disrupt operations. The actor, first seen in late 2023 and also tracked as Void Manticore, COBALT MYSTIQUE and Storm‑1084/0842, is assessed as a state-directed front for Iran’s MOIS. Mitigations focus on eliminating standing privileges (JIT, PIM), hardening Entra ID and Intune admin roles, enforcing conditional access and hardware MFA, reducing session lifetimes and ensuring immutable offline backups.
read more →

Stryker hit by widespread device wipes linked to Iran

🛡️ Stryker reported a large-scale disruption after thousands of employee devices were remotely wiped and many users were unable to log in, saying the issue appears contained to its internal Microsoft environment and that there is no indication of malware at this time. The pro-Iranian group Handala claimed responsibility and employees reported seeing its logo on affected machines. Analysts say the pattern is consistent with a compromise of Microsoft Intune and Entra-based admin controls, which would permit remote wiping without deploying traditional malware, and recommend tightened admin verification and credential protections.
read more →

Storm-2561 SEO poisoning distributes fake VPN clients

🔒 Microsoft Threat Intelligence attributes a mid‑January 2026 credential theft campaign to the cybercriminal group Storm‑2561, which used SEO poisoning to surface malicious ZIP files masquerading as legitimate enterprise VPN installers. The ZIPs contained an MSI that side‑loaded signed trojan DLLs (dwmapi.dll and inspector.dll) which harvested VPN credentials and exfiltrated configuration data to attacker infrastructure. The binaries were signed with a certificate issued to Taiyuan Lihua Near Information Technology Co., Ltd. (now revoked), and the installers mimicked a Pulse Secure client to trick users; GitHub hosts were used but have been removed.
read more →

Latest Microsoft Email Security Benchmark Findings

🛡️ Microsoft published updated email security benchmarks comparing Defender, secure email gateways (SEGs), and integrated cloud email security (ICES) solutions. The data shows Microsoft Defender removes an average of 70.8% of malicious email post-delivery, with ICES partners contributing the remaining 29.2% of post-delivery remediation. Layering matters: integrated ICES solutions improve marketing and bulk filtering by an average of 13.7%, while incremental gains for spam and malicious filtering were modest (around 0.29% and 0.24% respectively). The report also compares misses per 1,000 users, showing Defender had fewer high-severity misses than several evaluated SEG vendors.
read more →

Detecting and Responding to Prompt Abuse in AI Tools

🔍 This post, the second in Microsoft's AI Application Security series, moves from planning to practical detection and response for prompt abuse. It describes common attack types — direct prompt override, extractive abuse targeting sensitive inputs, and indirect prompt injection via hidden instructions such as URL fragments — and why these are hard to spot without telemetry. The article provides a stepwise detection and incident response playbook and maps mitigations to Microsoft tools so teams can log interactions, sanitize inputs, and contain incidents.
read more →

Iran-linked Group Claims Massive Wiper Attack on Stryker

🚨 Pro-Iranian group Handala claimed it wiped over 200,000 devices and exfiltrated 50TB of data from medical device maker Stryker, asserting offices in 79 countries were forced to close. Stryker confirmed a cyber incident causing global disruption to its Microsoft environment but said there is no indication of ransomware and that it believes the incident is contained. Experts warned the attack appears to have leveraged enterprise management tools such as Microsoft Intune, suggesting a credential compromise and tactics consistent with Iranian state-linked activity.
read more →

Dozens of Vendors Patch Critical and High-Risk Flaws

🔒 SAP, Microsoft, Adobe and many other vendors released patches this month for multiple critical and high‑risk vulnerabilities, including remote code execution and authentication bypasses. SAP addressed two critical flaws — CVE-2019-17571 (Log4j 1.2.17, CVSS 9.8) and CVE-2026-27685 (insecure deserialization, CVSS 9.1) — while Microsoft and Adobe shipped fixes for dozens more. Hewlett Packard Enterprise patched an Aruba AOS‑CX authentication bypass (CVE-2026-23813, CVSS 9.8). Organizations should prioritize fixes for RCE, insecure deserialization, and authentication-bypass issues on Internet-facing and management interfaces.
read more →

Microsoft Patches Two Publicly Disclosed Zero-Day Flaws

🔒 Microsoft released its March Patch Tuesday updates addressing 79 vulnerabilities, including two publicly disclosed zero-day flaws. The zero-days are CVE-2026-21262, an SQL Server elevation-of-privilege issue (CVSS 8.8), and CVE-2026-26127, a .NET denial-of-service vulnerability. Security researchers warn that while only three flaws were rated critical, the bulk of fixes are elevation-of-privilege bugs in core Windows components and should be prioritised to avoid escalation chains and operational disruption.
read more →

Microsoft March Patch Tuesday: 84 Flaws, 2 Zero-Days

🔒Microsoft released its March Patch Tuesday updates addressing 84 security vulnerabilities, including two publicly disclosed zero-days. Of the fixes, eight are rated Critical and 76 Important, spanning privilege escalation, remote code execution, information disclosure and other classes. The highest-scoring issue is CVE-2026-21536 (CVSS 9.8) in the Microsoft Devices Pricing Program, which Microsoft says is fully mitigated. Administrators should review MSRC advisories and apply updates based on risk and exposure.
read more →

Microsoft Patch Tuesday — March 2026 Security Fixes

🔒 Microsoft released fixes for at least 77 vulnerabilities across Windows and related products in its March 2026 Patch Tuesday. Two issues were previously disclosed publicly, including a SQL Server privilege elevation (CVE-2026-21262) that can allow network-based escalation to sysadmin. Several critical remote code execution bugs in Microsoft Office and other components, plus a notable AI-discovered 9.8-rated RCE (CVE-2026-21536), merit prioritized attention. Administrators should review privilege escalation and RCE patches first and monitor for any post-update issues.
read more →

March Patch Tuesday: High-Severity Microsoft Office Flaws

🛡️ Microsoft’s March Patch Tuesday addresses 78 vulnerabilities, led by three high-severity flaws in Microsoft Office, including an Excel information-disclosure bug (CVE-2026-26144) and two remote-code-execution issues (CVE-2026-26113, CVE-2026-26110). While Microsoft reports no known zero-day exploitation, experts urge expedited patching, restricting outbound Office traffic, and limiting AI automation such as Copilot Agent to mitigate potential silent exfiltration and preview-pane attack vectors.
read more →

Microsoft March 2026 Patch Tuesday: 79 Vulnerabilities

🔒 Microsoft issued its March 2026 Patch Tuesday addressing 79 vulnerabilities, three of which were marked critical though assessed as less likely to be exploited. The critical issues include Office remote code execution bugs (CVE-2026-26110, CVE-2026-26113) and an Excel information-disclosure flaw (CVE-2026-26144). Important fixes affect SharePoint, SQL Server and multiple Windows components. Cisco Talos published Snort and firewall rules to detect exploitation attempts and urges customers to apply patches and rule updates promptly.
read more →

Microsoft Releases Windows 10 KB5078885 Security Update

🔒 Microsoft has released the Windows 10 KB5078885 extended security update for Enterprise LTSC and ESU devices. Install via Settings → Windows Update to move systems to build 19045.7058 (or 19044.7058 for LTSC 2021); the update consolidates March 2026 Patch Tuesday fixes that address 79 vulnerabilities, including two actively exploited zero-days. It also fixes a shutdown/hibernation bug and advances a controlled rollout of new Secure Boot certificates to maintain boot-time validation.
read more →

Microsoft March 2026 Patch Tuesday: 79 Flaws, 2 Zero-Days

🔒 Microsoft's March 2026 Patch Tuesday addresses 79 vulnerabilities, including two publicly disclosed zero-days and three Critical flaws. Notable fixes include two Office remote code execution bugs exploitable via the preview pane and an Excel information-disclosure issue that could enable data exfiltration via Copilot. Administrators should prioritize Office, Windows and Azure updates immediately.
read more →

Windows 11 KB5079473 and KB5078883 Updates Released

🛡️ Microsoft released cumulative updates KB5079473 and KB5078883 for Windows 11 (25H2/24H2 and 23H2) delivering the March 2026 Patch Tuesday security fixes, bug repairs, and new features. These mandatory updates can be installed via Start > Settings > Windows Update or downloaded from the Microsoft Update Catalog, and will increment build numbers for each channel. Highlights include expanded Secure Boot certificate targeting, a native Sysmon option, Emoji 16.0 additions, Quick Machine Recovery, and multiple reliability and UX improvements.
read more →