< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 19 of 42

Microsoft tests Windows 11 batch-file security mode

🔒 Microsoft is rolling out Windows 11 Insider Preview builds that introduce a secure processing mode for batch files and CMD scripts. Administrators can enable the feature via the LockBatchFilesInUse registry value under HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor or via the LockBatchFilesWhenInUse manifest control. When enabled, batch files cannot be modified while executing and signature validation runs once rather than per statement, improving both security and performance for scripted enterprise workflows.
read more →

Adapting Threat Modeling for AI Applications at Scale

🛡️ The Microsoft Security Blog explains why threat modeling must be retooled for AI systems, noting that probabilistic behavior and complex input spaces require reasoning about ranges of likely outcomes rather than single execution paths. It identifies three core drivers — nondeterminism, instruction‑following bias, and system expansion through tools and memory — which widen attack surfaces and surface human‑centered risks like erosion of trust. The post advises starting from assets, mapping untrusted inputs, setting clear 'never do' boundaries, and embedding architectural mitigations, observability, and response plans to limit blast radius and sustain trust.
read more →

Microsoft expands Windows restore to more enterprise devices

🔁Microsoft now enables enterprise users to restore personal settings and Microsoft Store apps from a previous Windows 11 device using the first sign-in restore experience in Windows Backup for Organizations. The update extends support beyond Microsoft Entra-joined machines to hybrid-managed environments, multi-user devices, and Windows 365 Cloud PCs, presenting a one-time restore prompt at first login. Administrators can control and deploy the feature through existing policies via Microsoft Intune or Group Policy, with general availability for devices that installed Windows updates released Feb 24, 2026 or later.
read more →

Microsoft expands Copilot data controls to all storage

🔒 Microsoft is extending Purview data loss prevention controls so the Microsoft 365 Copilot assistant cannot read or process sensitive Word, Excel, and PowerPoint files regardless of where they are stored. The change leverages the Office Augmentation Loop (AugLoop) component so Office clients can supply sensitivity labels for local files as well as for SharePoint and OneDrive. Microsoft will roll out the update between late March and late April 2026 and says it will be automatically enabled for tenants with DLP policies configured to block Copilot. The move follows a January bug that briefly allowed Copilot Chat to access and summarize protected emails.
read more →

Microsoft: Classic Outlook bug hides mouse pointer

🖱️ Microsoft is investigating a known issue that causes the mouse pointer to disappear for some users in the classic Outlook desktop client, making parts of the app difficult to use. The company acknowledged the bug nearly two months after initial reports and said the pointer — and in some cases the text cursor — can vanish as it moves across the interface while hover effects still occur. Microsoft asked affected organizations to open a support case with the Outlook Support Team and submit diagnostic logs, and offered temporary workarounds such as clicking a message, switching to PowerPoint and back, or restarting the PC.
read more →

Device-Code Phishing Uses OAuth to Bypass Microsoft 365

🔐 Researchers at KnowBe4 discovered a campaign aimed at North American businesses that tricks employees into entering a “Secure Authorization” code on a legitimate Microsoft 365 login page. Unknown to victims, the code actually authorizes an attacker-controlled device through the OAuth 2.0 Device Authorization Grant, issuing access and refresh tokens that grant persistent access to Outlook, Teams, OneDrive and other services. Recommended mitigations include allowlisting OAuth apps, disabling device-code flow in Entra conditional access where feasible, auditing integrations, and ongoing employee awareness training.
read more →

Windows Admin Center: Microsoft Patches Privilege Bug

🔒 Microsoft disclosed and patched a high-severity flaw in Windows Admin Center that could allow an attacker to escalate privileges. Tracked as CVE-2026-26119 with a CVSS score of 8.8, Microsoft credited Semperis researcher Andrea Pierini and included the fix in Windows Admin Center version 2511 (Dec 2025). The vendor described the issue as improper authentication and tagged it as Exploitation More Likely; technical details are currently restricted. Administrators are advised to apply the update promptly and restrict access to the management endpoint.
read more →

Budget Bytes: Build AI Applications on Azure for $25

💡Budget Bytes is a new video series that shows developers how to build production-quality AI applications on Azure for under $25. Each episode walks through end-to-end scenarios using the Azure SQL Database Free Offer, with live cost tallies, authentic debugging, and complete GitHub repos you can deploy yourself. Expect practical patterns and demonstrations of tools like Microsoft Foundry, Copilot Studio, and the Model Context Protocol, plus links to Microsoft Learn for deeper dives.
read more →

Establishing Proactive Defense with Exposure Management

📘 Microsoft published a new e-book, Establishing proactive defense—A maturity-based guide for adopting a dynamic, risk-based approach to exposure management, that helps security teams move from fragmented, reactive practices to a unified, risk-driven exposure management model. The guide describes five maturity levels, common pain points, and practical next steps to prioritize and verify mitigations. It is intended for security leaders seeking to turn telemetry into measurable risk reduction.
read more →

Running OpenClaw Safely: Identity, Isolation, Runtime

🔒 Self-hosted agent runtimes such as OpenClaw shift the execution boundary by ingesting untrusted text, downloading third‑party skills, and acting with the host's credentials. This combination makes the runtime effectively untrusted code execution with persistent tokens and elevated access, unsuitable for standard workstations. Microsoft recommends evaluating OpenClaw only in isolated VMs or dedicated devices, using dedicated non‑privileged credentials, continuous monitoring, and a fast rebuild plan. Prioritize containment, least privilege, and monitoring with solutions like Microsoft Defender XDR.
read more →

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0‑Days, AI Flaws

🛡️ This ThreatsDay round-up highlights critical developments including a patched OpenSSL CMS stack buffer overflow (CVE-2025-15467), multiple Foxit/Apryse PDF engine vulnerabilities, and a Microsoft 365 Copilot DLP bypass that allowed summarization of confidential drafts and Sent Items until a Feb 3, 2026 fix. The bulletin also details LockBit 5.0's cross-platform evolution, macOS social-engineering and stealer campaigns, widespread RMM abuse, and active exploitation of Ivanti EPMM flaws. Defenders should prioritize patching, audit cloud and RMM exposures, rotate credentials, and avoid using LLMs to generate secrets.
read more →

Device-Code Vishing Abuses Microsoft Entra OAuth Flow

📞 Threat actors are combining device-code phishing and voice-based social engineering to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. Instead of malicious apps, attackers leverage legitimate Microsoft OAuth client IDs and the standard device login workflow so victims unknowingly produce valid tokens and complete MFA. Security researchers suspect the ShinyHunters extortion group is involved; administrators should audit and revoke suspicious consents, disable the device code flow when not needed, and enforce conditional access policies.
read more →

Microsoft anti-phishing rules mistakenly blocked URLs

⚠️ Microsoft says a software error in its email security system incorrectly flagged thousands of legitimate URLs as phishing links, preventing users from opening messages across Exchange Online and Teams. The issue, which began on February 5 and persisted until February 12, caused some emails to be quarantined and generated false "potentially malicious URL click" alerts for administrators. Microsoft traced the fault to a logic error in heuristic detection rules intended to catch credential phishing and said it will publish a final report after full remediation.
read more →

Operational Cost of Fragmented SOCs: Unify Now or Lose

🔍 New research from Microsoft and Omdia exposes how tool sprawl, manual triage, and alert overload are stretching security operations to a breaking point. SOC teams report using an average of 10.9 consoles, manually ingesting data frequently, and leaving roughly 42% of alerts uninvestigated. The study argues that unification, targeted automation, and governable AI-integrated workflows—centered on identity-to-endpoint controls—are essential to restore analyst capacity and reduce business risk.
read more →

Microsoft Teams outage impacts users in US and Europe

⚠️ Microsoft is investigating an outage affecting Microsoft Teams, with users in the United States and Europe reporting sign-in problems, failures joining meetings, and delays when sending or receiving chats that include inline media such as images, code snippets, and videos. The company classified the incident as a service degradation and said engineers were reviewing telemetry to isolate the root cause. Microsoft also addressed related issues that temporarily blocked the Join button and prevented some Copilot Studio agents from being added or updated.
read more →

ClickFix Attack Uses nslookup DNS to Deliver PowerShell

⚠️ Microsoft has identified a novel ClickFix social-engineering variant that instructs victims to run an nslookup against an attacker-controlled resolver to retrieve a malicious PowerShell script embedded in the DNS NAME field. The response is parsed and executed via cmd.exe, then pulls a second-stage ZIP containing a Python runtime and scripts that lead to the ModeloRAT remote-access trojan. Organizations should monitor unusual DNS queries to untrusted nameservers and apply endpoint controls to block unauthorized script execution and persistence.
read more →

Windows 11 KB5077181 Fixes Boot Failures After Updates

🔧 Microsoft says the February 10, 2026 Patch Tuesday update KB5077181 resolves a bug that left some commercial Windows 11 systems unbootable with an UNMOUNTABLE_BOOT_VOLUME error after failed updates. The problem affected a limited set of physical devices running 25H2 and 24H2 and was linked to an incomplete rollback following a December 2025 security update. An optional preview fix (KB5074105) was released on January 29, 2026 to help prevent further devices from being affected. Systems that became unbootable prior to the February fix may still require manual remediation via Microsoft Support for Business.
read more →

Microsoft Details DNS-Based ClickFix Variant Targeting Users

🔍 Microsoft disclosed a DNS-based evolution of the ClickFix social-engineering tactic that coerces victims into running nslookup via the Windows Run dialog to retrieve a second-stage payload. The initial cmd.exe command queries a hard-coded external DNS server and extracts the Name: response to execute the next stage. The staged payload downloads a ZIP from azwsappdev[.]com, runs a malicious Python script, drops a VBScript that launches ModeloRAT, and establishes persistence via a Startup LNK.
read more →

CISA: Microsoft ConfigMgr RCE Patch Now Exploited in the Wild

⚠️ CISA has flagged a critical Microsoft Configuration Manager vulnerability (CVE-2024-43468) as actively exploited after Microsoft patched it in October 2024. The flaw is a SQL injection that can allow unauthenticated remote attackers to achieve remote code execution and run commands with elevated privileges on the server or site database. CISA ordered federal agencies to apply the patch or mitigations by March 5 under BOD 22-01 and urged all organizations to secure affected systems immediately.
read more →

Microsoft fixes Family Safety bug blocking Chrome launch

🔧 Microsoft has deployed a service-side fix for a Family Safety bug that prevented Google Chrome and some other browsers from launching or caused them to crash on Windows 10/11 devices. The problem, first reported in late June 2025, was traced to the service's web-filtering and block-list behavior that misidentified updated browser versions. The rollout began in early February 2026 and should reach affected devices in the coming weeks; users should connect to the Internet to receive the update. Those who cannot go online can enable Activity reporting in Family Safety to receive approval requests and allowlist newer browser versions.
read more →