All news with #microsoft tag

🔒 Cybersecurity researchers disclosed a novel method called Reprompt that can enable single-click data exfiltration from AI chatbots, notably Microsoft Copilot, while bypassing typical enterprise controls. The technique exploits the Copilot q URL parameter to inject instructions from a link, then uses repeated requests and a remote attacker server to continue covert fetching and return of sensitive data with no further user interaction. Microsoft says it addressed the issue and that Microsoft 365 Copilot enterprise customers are not affected, but researchers warn the approach turns Copilot into an invisible exfiltration channel.

🔒 In Q4 2025, Check Point Research found Microsoft to be the most impersonated brand in phishing campaigns, responsible for 22% of branded phishing attempts. Google followed with 13%, while Amazon rose to 9%, driven by Black Friday and holiday sales, displacing Apple. After a lengthy absence, Facebook (Meta) reappeared in the top ten at fifth, underscoring renewed interest in social media account takeover. The pattern reflects a multi-quarter trend of attackers abusing trusted enterprise and consumer brands to harvest credentials and gain initial access.

🛡️ International law enforcement, together with Microsoft, dismantled the RedVDS cybercrime service after seizing servers hosted in Germany. Authorities from Germany, the United States and the United Kingdom, confirmed by the ZIT and the State Criminal Police Office of Brandenburg, say the platform enabled large-scale phishing and boss‑scam frauds. Microsoft reports $40 million in US losses over seven months and highlights prolific phishing volumes from rented virtual machines. No arrests have been reported; suspects are believed to be located in an unspecified Middle Eastern country.

🔒 Microsoft says it disrupted RedVDS, a cybercrime-as-a-service platform tied to at least $40 million in U.S. losses since March 2025. The company filed civil lawsuits in the U.S. and U.K., and — working with Europol and German authorities — seized servers, took the marketplace and customer portal offline, and removed malicious infrastructure. RedVDS rented disposable Windows cloud servers worldwide to enable large-scale phishing, BEC, credential theft and AI‑enhanced impersonation campaigns.

🔒 Microsoft was named a Leader in the 2025–2026 IDC MarketScape for Worldwide Unified AI Governance Platforms, recognizing its integrated approach to governing generative, agentic, and traditional ML across hybrid and multicloud environments. The company emphasizes centralized control, observability, and automated compliance through Microsoft Foundry, Agent 365, Purview, Entra, and Defender. Backed by the Responsible AI standard and an Office of Responsible AI, Microsoft highlights built-in transparency, fairness, explainability, and real-time security protections for regulated enterprises.

🔔 Microsoft has released updates to WinSqlite3.dll after third-party security tools began flagging the Windows core DLL as vulnerable to CVE-2025-6965. The company said the false positive affected Windows 10, Windows 11, and server editions through Windows Server 2025. Microsoft resolved the detection in updates released January 13, 2026 and later and urges users to install the latest patches. It also clarified WinSqlite3.dll is distinct from sqlite3.dll.

🛡️ Microsoft announced on 14 January that it has seized the infrastructure and website of RedVDS, a subscription-based cybercrime platform that rented disposable virtual machines and AI tools to facilitate phishing, business email compromise (BEC) and fraud. The service, available from about $24/month, has been linked to more than $40 million in losses in the US and nearly 190,000 victimised organisations worldwide. Legal partners in the US and the UK, with international law enforcement support, coordinated the takedown.

🔒Push Security discovered ConsentFix in December — a browser-native OAuth phishing technique that tricks victims into pasting a legitimate Microsoft authorization URL so attackers can exchange the code and hijack accounts. The campaign targeted pre-consented first-party Microsoft apps and legacy scopes to evade default logging and Conditional Access controls. Push and the security community have published hunting guidance and mitigations focused on logging, access restrictions, and browser-based detection.

⚠️ Pax8 confirmed it mistakenly emailed a CSV attachment on January 13 that contained internal pricing and Microsoft licensing data to fewer than 40 UK-based partners. Recipients reported the file listed about 56,000 entries covering roughly 1,800 partners, with fields including partner and customer IDs, SKUs, license counts, renewal dates, and booking details. Pax8 asked recipients to delete the message, required deletion confirmations, and said it launched an internal review. The company maintains the file did not contain personally identifiable information and that marketplace availability and security controls were not affected.

🔒 Microsoft released updates addressing over 100 CVEs on the first Patch Tuesday of 2026, including three zero-day vulnerabilities. CVE-2026-20805 is an actively exploited information-disclosure flaw in the Desktop Window Manager that can undermine ASLR; CVE-2026-21265 concerns a secure-boot certificate-expiration bypass affecting many devices; CVE-2023-31096 is an elevation-of-privilege in legacy Agere modem drivers that Microsoft is removing. Administrators should prioritize patching, review firmware and UEFI certificates, and audit hardware where updates may require manual acceptance.

⚠️ Microsoft confirmed a recent Windows 365 update is preventing some customers from signing in to their Cloud PC sessions. The disruption began Tuesday at 19:00 UTC after automated monitoring detected a spike in failed connection attempts, and engineers traced the problem to the update. Microsoft says the change was intended to improve security and is now analyzing it to determine mitigation and a permanent fix. As temporary workarounds, affected users can connect via the Windows App Web Client or use the Remote Desktop client to reach Azure Virtual Desktop.

🔒 Microsoft released its first security update of 2026 addressing 114 vulnerabilities across Windows, including one actively exploited in the wild. The set includes eight Critical and 106 Important flaws, spanning privilege escalation, information disclosure, and remote code execution issues. Administrators are urged to prioritize the exploited CVE-2026-20805 and VBS-related fixes, and to follow guidance for Secure Boot certificate updates to avoid disruption.

🛡️ Microsoft’s January 2026 Patch Tuesday addresses eight critical vulnerabilities and an actively exploited zero-day, with many high‑score flaws affecting Office and SharePoint. The Desktop Window Manager information-disclosure bug (CVE-2026-20805) is already being exploited and can leak memory to enable follow-on attacks. Other priorities include an RRAS heap overflow (CVE-2026-20868), Secure Boot certificate updates (CVE-2026-21265), and multiple NTFS and WinSock elevation issues. Administrators should accelerate patching, restrict local access, and monitor for suspicious activity.

🔒 Microsoft released January 2026 security updates addressing 113 vulnerabilities across Windows and supported products, including eight rated Critical. The company confirmed active exploitation of a Desktop Window Manager information disclosure flaw, CVE-2026-20805, which researchers say can be chained to code execution bugs. Other prominent fixes include two Office RCEs exploitable via the Preview Pane, a critical Secure Boot bypass, and removal of legacy modem drivers. Experts urge rapid, risk-based patching and careful BIOS/bootloader preparation.

🔒 Microsoft has begun automatically replacing expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 systems via Windows Update. The rollout uses high-confidence device targeting and phased signals to ensure only devices with sufficient successful update telemetry receive the new certificates, while administrators can also deploy them using registry keys, WinCS, or Group Policy. Organizations are urged to inventory fleets, verify Secure Boot status, apply firmware updates as needed, and install the certificate updates before existing credentials expire to preserve Secure Boot and pre-boot patching.

🔒 Microsoft released the KB5073724 Extended Security Update for Windows 10, available to Windows 10 Enterprise LTSC and systems enrolled in the ESU program. Install via Settings → Windows Update by performing a manual “Check for Updates”; installs update and raises builds to 19045.6809 (Windows 10) and 19044.6809 (Enterprise LTSC 2021). The update contains only security and bug fixes — including patches for three zero-days, an actively exploited elevation-of-privilege fix in Agere modem drivers, an updated WinSqlite3.dll, and targeted handling for expiring Secure Boot certificates.

🛡️ Microsoft released Windows 11 cumulative updates KB5074109 and KB5073455 as the January 2026 Patch Tuesday rollups for 25H2/24H2 and 23H2. The updates are mandatory and advance affected systems to new builds (25H2: 26200.7623 / 24H2: 26100.7462 / 23H2: 226x1.6050), addressing security vulnerabilities, stability fixes, and feature changes. Key fixes include removal of specific legacy modem drivers that will disable dependent hardware, networking repairs for WSL and Azure Virtual Desktop RemoteApp, an NPU idle power fix, an update to WinSqlite3.dll, and a new phased Secure Boot certificate targeting mechanism; Microsoft notes only a minor bug that can hide the password visibility button.

🔒Microsoft released its January 2026 Patch Tuesday updates addressing 114 vulnerabilities, including three zero-day flaws and one actively exploited issue. The bulletin patches an actively exploited Desktop Window Manager information disclosure (CVE-2026-20805), renews expiring Secure Boot certificates, and removes legacy Agere modem drivers (agrsm64.sys, agrsm.sys). Eight vulnerabilities are rated Critical, including six remote code execution flaws. Administrators should prioritize these cumulative updates and apply them promptly to reduce exposure.

🔒 Microsoft released its January 2026 security updates addressing 112 vulnerabilities across Windows and Office, including eight marked critical. One important issue, CVE-2026-20805, was observed exploited in the wild. Critical flaws include RCEs in LSASS, Word, Excel and Office, plus EoP in the Windows Graphics component and VBS Enclave. Cisco Talos published Snort rules to detect exploitation attempts (Snort 2: 65498, 65499, 65663–65676; Snort 3: 301344, 301368–301374).

🔐 In a Deputy CISO post, Terrell Cox explains how Microsoft aligns privacy and security as complementary priorities, treating privacy as a human right across products from Microsoft 365 to Azure. The company enforces rigorous internal compliance—audits, cross‑functional reviews, and executive oversight—and limits data access through controls like Customer Lockbox and zero‑trust access. Microsoft highlights solutions such as Microsoft Entra, Entra ID, and Microsoft Purview to support data residency, classification, protection, and regulatory compliance.