All news with #microsoft tag

🔔 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-20805, a Microsoft Windows information disclosure issue identified as being actively exploited. This vulnerability type is a common attack vector and presents significant risks to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV entries by prescribed due dates, and CISA strongly urges all organizations to prioritize timely remediation. CISA will continue to update the KEV Catalog as new exploited CVEs meet its criteria.

🔒 The CSO 2025 Security Priorities Study asked more than 640 senior security executives to rank leaders in AI-enabled security, and established, name-brand vendors dominated the results. CISOs prioritized product innovation but heavily weighed reputation, breach history, business value, cost, time to integrate, and peer adoption. The top-ranked providers included Cisco, Microsoft, and Google, while MSSPs and cloud-native service providers also gained visibility as teams seek managed incident response.

🔔 Microsoft released its January 2026 Patch Tuesday addressing 114 vulnerabilities, including three zero-days and several Critical flaws. Notable fixes include an actively exploited information-disclosure issue in Windows Desktop Window Manager (CVE-2026-20805) and publicly disclosed zero-days in Agere Soft Modem and Secure Boot. The release also remediates multiple Critical RCE and elevation-of-privilege issues across Windows and Microsoft Office. Organizations should prioritize testing and deployment and apply compensating controls where immediate patching is impractical.

📢 Microsoft has begun retiring the Microsoft Lens PDF scanner app for iOS and Android, with removal from app stores set for February 9, 2026 and scanning functionality scheduled to stop on March 9, 2026. Microsoft updated its Microsoft 365 Message Center guidance and recommends users switch to OneDrive's built-in scan feature. Existing scans remain accessible via MyScans while the app stays installed and the user is signed into their last active account, though Microsoft will no longer support the app after the cutoff. No administrative action is required; administrators should notify users of the change.

🔒 Microsoft 365 sharing is convenient but can quickly lead to uncontrolled access and data exposure. This sponsored article explains how tenfold provides centralized visibility across Teams, OneDrive and SharePoint and introduces targeted access reviews for shared content. Personalized review dashboards let owners confirm or revoke links, and automated enforcement removes permissions that fail review.

🏥 Microsoft announced Claude for Healthcare and Life Sciences is now available in Microsoft Foundry, bringing Anthropic’s Claude models into an Azure-backed, enterprise-grade platform for regulated health and research environments. The release emphasizes domain-tuned agents, model context protocols (MCPs), connectors, and skill libraries designed to support multi-step clinical and R&D workflows. Microsoft highlights specific applications such as prior authorization automation, claims appeal processing, care coordination triage, and life-sciences tasks from protocol design to bioinformatics. The offering underscores governance, safety investments, and flexible deployment options across regulated settings.

📚 Microsoft will retire the Send Documents to Kindle option in Microsoft Word, with the change rolling out after February 2026. The feature, formerly accessible from Word's Export menu, allowed .doc and .docx files to be transferred to a user's Kindle library while preserving page layout and most formatting. Microsoft notes that comments and tracked changes were not preserved when files were sent. After the retirement, users should use the Send to Kindle website to transfer documents.

🔧 Microsoft is testing a new Group Policy, RemoveMicrosoftCopilotApp, that enables IT administrators to uninstall the AI-powered Copilot app on managed Windows devices. The policy began rolling out in the Dev and Beta Insider channels with Windows 11 Insider Preview Build 26220.7535 (KB5072046) and applies to endpoints managed via Microsoft Intune or SCCM. It targets systems where both Microsoft 365 Copilot and Microsoft Copilot are installed, the app was not user-installed, and it hasn't been launched in the last 28 days. Admins can enable the setting at User Configuration -> Administrative Templates -> Windows AI -> Remove Microsoft Copilot App; users may still reinstall if they choose.

🔐 CrowdStrike will acquire identity security startup SGNL for $740 million to add real-time, risk-aware authorization that grants or revokes access based on current signals rather than static permissions. The deal, expected to close in CrowdStrike’s fiscal Q1 ending April 30, will be paid mostly in cash with some stock subject to vesting. SGNL’s technology layers with existing identity systems from Okta, Microsoft, and AWS, evaluating contextual signals — user behavior, device posture, and threat intelligence — to enforce continuous authorization and address rising machine-identity and AI-agent risks.

⚠ Microsoft is investigating an Exchange Online outage (EX1215307) that intermittently prevents users from accessing mailboxes via IMAP4. Microsoft attributes the disruption to a recent IMAP deployment that introduced a code conflict and authentication misconfiguration, and says a configuration fix has been deployed and is being rolled out. Other connection methods are not affected, and Microsoft advises retries may restore access while the update completes.

🔐 Microsoft will require MFA for all users signing into the Microsoft 365 admin center and will block accounts that do not have MFA enabled starting February 9, 2026. The enforcement covers portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com and follows an initial rollout that began in February 2025. Administrators are urged to enable MFA using Microsoft's setup wizard or official documentation to avoid service interruptions; Microsoft notes that MFA significantly reduces the risk of account compromise.

⚠️ CISA added two vulnerabilities — in Microsoft Office PowerPoint (CVE-2009-0556, CVSS 8.8) and HPE OneView (CVE-2025-37164, CVSS 10.0) — to its Known Exploited Vulnerabilities catalog after observing evidence of active exploitation. The HPE flaw permits unauthenticated remote code execution and affects versions prior to 11.00; HPE has released hotfixes for OneView 5.20 through 10. A proof-of-concept exploit for CVE-2025-37164 was disclosed publicly on December 23, 2025, prompting eSentire to urge immediate patching. Federal agencies subject to BOD 22-01 are instructed to remediate by January 28, 2026.

🔒 Microsoft Incident Response expands its proactive offerings to help organizations build cyber resilience and reduce disruption. New services include incident response plan development, major event support, an immersive cyber range, advisory engagements, and compromise assessments for M&A activity. These capabilities build on existing services such as compromise assessments, identity assessment and hardening, and tabletop exercises. The focus is on preparation, gap detection, defense hardening, and tailored threat insights to accelerate recovery and strengthen security posture.

🔒 Microsoft is investigating a bug in the classic Outlook client introduced by Current Channel Version 2511 (Build 19426.20218) that prevents recipients from opening messages encrypted with Encrypt Only permissions. Impacted users may see a reading pane error asking them to verify credentials or encounter a message_v2.rpmsg attachment instead of readable content. The Outlook Team is working on a fix but has not provided an ETA. Microsoft recommends two temporary workarounds: have senders save encrypted messages before sending, or roll back to build 16.0.19426.20186.

📧 Microsoft’s Threat Intelligence team warns that attackers are increasingly exploiting complex email routing and misconfigured DMARC and SPF policies to make phishing messages appear to come from inside targeted organizations. These campaigns often rely on MX records that route mail through on‑premises servers or third‑party relays before Microsoft 365, which can prevent correct spoof checks. Threat actors deliver lures ranging from password resets to shared documents and use PhaaS platforms such as Tycoon 2FA. Microsoft advises enforcing strict DMARC reject and SPF hard-fail policies, verifying connectors, and adopting phishing-resistant MFA like FIDO2 keys.

📭 Microsoft has canceled plans to impose a new daily limit of 2,000 external recipients on Exchange Online bulk senders after receiving negative customer feedback. The External Recipient Rate (ERR) cap was announced in April 2024 and was scheduled to begin in January 2025 with phased enforcement through late 2025. Microsoft said it will pursue "smarter, more adaptive approaches" to balance security and usability, while existing recipient limits remain unchanged.

🔐 Federated Identity Management (FIM) enables a single authentication to span multiple applications or organizations, letting users sign in once and reuse identity assertions across services. It improves user experience and resilience while introducing architectural complexity, potential vendor lock-in, and additional service costs. Implementations commonly rely on cloud identity providers such as Google, Microsoft, or Okta and use protocols like SAML, OAuth 2.0, and OpenID Connect.

🚀 Microsoft is rolling out GPT-5.2 to Copilot on web, Windows, and mobile as a free upgrade that will coexist with the existing GPT-5.1 model. The new option appears as a 'Smart Plus' mode and uses a 'Thinking' variant designed for more complex, multi-step tasks. OpenAI positions GPT-5.2 as its strongest model family yet, improving productivity for spreadsheets, presentations, coding, document understanding, image work, and tool use.

🔒 Microsoft will let security administrators block external users from sending messages, placing calls, or inviting employees to meetings in Teams, managed directly through the Tenant Allow/Block List in the Microsoft Defender portal. The capability integrates with Defender for Office 365 and the Defender XDR web portal and applies across all Teams clients without altering existing domain blocks or federation settings. Organizations must enable two disabled Teams admin center settings to grant security teams permission to manage blocked domains and users.

🔒 Microsoft is rolling out hardware-accelerated BitLocker in Windows 11, offloading bulk cryptographic operations to SoC components with HSMs and TEEs to reduce CPU usage and improve I/O performance. The feature defaults to XTS-AES-256 on supported NVMe systems and initially appears on Intel Core Ultra Series 3 platforms. It’s available in Windows 11 24H2 (with September updates) and 25H2; verify mode with manage-bde -status.