All news with #microsoft tag

🔒 Microsoft is deprecating the legacy RC4 cipher in Windows, ending a 26-year presence that left servers accepting RC4-based authentication responses by default. The company cited RC4’s vulnerability to Kerberoasting, an attack class linked to last year’s breach at Ascension that disrupted hospital operations and exposed millions of medical records. Security and regulatory scrutiny, including calls from Senator Ron Wyden, helped force the change.

🔒 Cybercriminals and state-sponsored actors are increasingly abusing OAuth device authorization to hijack enterprise Microsoft 365 accounts, often bypassing multifactor protections. Proofpoint reports campaigns have surged since September 2025 and shifted from targeted voice-phishing to scalable email-based social engineering. Attackers prompt victims to enter short-lived device codes on Microsoft’s verification page, validating tokens and granting access. Tools such as SquarePhish2 and Graphish automate the flow and lower the skill barrier for large-scale attacks.

⚠️ Microsoft is investigating a widespread incident affecting Microsoft Teams, with thousands of users reporting messaging delays, failed sends, and issues with other service functions. The outage began around 2:30 PM ET and is impacting users across the United States and Europe. Microsoft says it is observing recovery in telemetry, is continuing analysis to identify impacted scenarios and determine root cause, and will share updates; this is a developing story.

🔒 Nigerian police arrested three individuals linked to targeted Microsoft 365 phishing attacks delivered via the Raccoon0365 platform, citing intelligence shared by Microsoft and the FBI. Authorities say one suspect, Okitipi Samuel (aka RaccoonO365 or Moses Felix), developed and sold phishing kits on Telegram and hosted pages on Cloudflare using compromised accounts. The toolkit automated fake Microsoft login pages and has been tied to at least 5,000 account compromises across 94 countries; two other detainees currently have no proven role in creating the service.

🔒 Multiple threat actors are exploiting the OAuth device code flow to compromise Microsoft 365 accounts by tricking users into entering device codes on legitimate Microsoft device login pages, which results in victims authorizing attacker-controlled applications and granting persistent access without credential theft or direct MFA bypass. Proofpoint reports a significant volume increase since September and attributes activity to financially motivated groups such as TA2723 and a suspected Russia-aligned actor tracked as UNK_AcademicFlare. The campaigns use phishing kits like SquarePhish and Graphish and employ lures such as salary bonuses and spoofed OneDrive links. Organizations should enforce Microsoft Entra Conditional Access and implement sign-in origin policies to mitigate these attacks.

🔒 Microsoft’s new e-book, "3 reasons point solutions are holding you back", argues that fragmented security tools increase costs, slow investigations, and limit AI effectiveness. It advocates a unified, AI-ready security platform that consolidates telemetry, analytics, and automation across detection, response, exposure management, and cloud security. Learn how Microsoft Defender, Microsoft Sentinel, and Microsoft Security Copilot combine to improve MTTR, predictive defense, and operational efficiency.

🔐 Proofpoint has observed a sharp increase in phishing campaigns that abuse Microsoft's OAuth device code authorization flow to gain access to Microsoft 365 accounts. Attackers use social engineering — QR codes, embedded buttons and hyperlinks — to trick users into entering device codes on Microsoft's legitimate verification page, which yields valid access tokens. Readily available tools such as SquarePhish2 and Graphish have lowered the bar for both state-aligned and financially motivated actors.

⚠️ Microsoft has confirmed that recent Windows updates cause RemoteApp connection failures for Azure Virtual Desktop on Windows 11 24H2/25H2 and Windows Server 2025, triggered after the November 2025 non-security update KB5070311 or later. The issue affects RemoteApp streaming connections while full virtual desktop sessions remain functional and typically does not impact consumer Home or Pro devices. Microsoft advises a temporary mitigation — adding a registry DWORD (requires administrator privileges) and restarting the device — and has applied a Known Issue Rollback for Pro and Enterprise SKUs. Enterprise administrators can alternatively deploy the provided Group Policy MSI to apply the rollback centrally while Microsoft works on a permanent fix.

⚠️ Microsoft warns a December security update (KB5071546) can cause MSMQ to become inactive in enterprise and clustered environments, disrupting applications that rely on queued messaging. Reported symptoms include IIS failures with resource errors, applications unable to write to queues, and misleading log entries about disk space. Microsoft says a workaround exists but directs admins to contact Support for Business; community responders have recommended temporarily granting write access to C:\Windows\System32\msmq or rolling back the update until an official fix is issued. Affected systems include Windows Server 2012/2012 R2/2016/2019 and several Windows 10 builds.

🔒 The Zeroday Cloud competition in London, hosted by Wiz Research with support from AWS, Microsoft, and Google Cloud, awarded $320,000 to teams that demonstrated 11 zero-day remote code execution vulnerabilities. Exploits affected critical cloud components including Redis, PostgreSQL, MariaDB, Grafana, and a Linux-kernel container escape that broke tenant isolation. Team Xint Code earned the top prize of $90,000. Attempts against AI tooling such as vLLM and Ollama were made but failed due to time exhaustion.

🚀 Microsoft was named a Leader in the 2025 Gartner Magic Quadrant for AI Application Development Platforms and is positioned furthest for Completeness of Vision. The post presents Microsoft Foundry as a unified platform to build, deploy, and govern agentic AI—emphasizing secure grounding, multi-agent orchestration, observability, and cloud-to-edge model deployment. It also describes an agent-driven submission process that automated evidence collection and validation to improve accuracy and efficiency.

⚠ Microsoft has asked enterprise customers to contact support for guidance after a Message Queuing (MSMQ) change in recent December 2025 updates caused applications and IIS sites to fail. The bug, affecting Windows 10 22H2, Windows Server 2019, and 2016 systems with KB5071546/KB5071544/KB5071543 installed, alters NTFS permissions on C:\Windows\System32\MSMQ\storage, requiring write access and causing resource errors. Microsoft is investigating and advising businesses to seek tailored mitigations or consider rolling back updates.

🔔 Microsoft announced a broad set of Azure updates at Ignite 2025 designed to help partners accelerate AI-first transformation and modernization. Key highlights include Azure Copilot (private preview) for ARM-driven agent automation, public previews of Foundry Control Plane, Foundry IQ and Fabric IQ, and the Microsoft Agent Factory program with streamlined P3 procurement. These capabilities emphasize governance, secure agent management, unified knowledge retrieval, and data-driven intelligence to reduce operational overhead and speed partner-led deployments.

🔒 Microsoft will block mobile devices running outdated email software from connecting to Exchange Online if they use Exchange ActiveSync versions below 16.1, effective March 1, 2026. The change applies to native mobile email apps that rely on EAS and does not affect on-premises Exchange installations or users of Outlook Mobile, which uses a different sync method. Administrators can identify impacted devices with a provided PowerShell query and should coordinate updates with device and app vendors to avoid service disruption.

🛡️ Microsoft has been named an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense, highlighting its enterprise-ready security and governance capabilities for AI. The company emphasizes embedding security across AI apps, agents, platforms, and infrastructure using an identity-first, defense-in-depth approach. Key controls include Entra Agent ID, Microsoft Purview for real-time DLP and classification, Microsoft Defender for runtime protection, and governance tools such as Agent365 and Foundry. Built-in compliance support aligns with frameworks like EU AI Act, NIST AI RMF, and ISO 42001.

🔧 Microsoft warns that recent Windows 11 updates, starting with the KB5067036 October 28, 2025 non-security update and including later releases such as KB5072033, can break VPN networking for enterprise users running WSL with mirrored mode enabled. Affected users report "No route to host" errors inside WSL because some third-party VPN virtual interfaces (for example OpenVPN and Cisco Secure Client) do not respond to ARP requests and so fail to resolve IP-to-MAC mappings. Microsoft is investigating the issue but has not provided a workaround or ETA for a fix.

🛡️ Microsoft unveiled a new security policy, In Scope by Default, at Black Hat Europe to expand its bug-bounty coverage to any critical vulnerabilities that demonstrably affect its online services. The program covers Microsoft-managed code as well as third-party and open source components when no existing bounty exists. Researchers submit reports via Microsoft’s coordinated disclosure platform under defined rules that permit broad red-team testing while prohibiting credential access, phishing, and excessive DoS.

⚠️ Microsoft has confirmed that its December 2025 security updates are breaking Message Queuing (MSMQ) on affected systems. Machines with KB5071546, KB5071544, or KB5071543 installed — including Windows 10 22H2, Windows Server 2019, and Windows Server 2016 — can experience inactive queues, IIS sites failing with 'insufficient resources', and applications unable to write to queues. Microsoft attributes the failures to security model and NTFS permission changes that require MSMQ users to have write access to C:\Windows\System32\MSMQ\storage; a timeline for a fix has not been provided.

🔒Extended Detection and Response (XDR) platforms combine elements of SIEM, EDR and SOAR to deliver unified visibility, real-time threat detection and automated response across endpoints, networks and cloud environments. The article outlines evaluation criteria — integration with existing investments, policy and rule management, and usability/training — and notes subscription pricing and staffing as primary cost considerations. It then lists prominent XDR offerings from vendors such as Bitdefender, CrowdStrike, Microsoft and others.

🔒 Microsoft has shifted to 'In Scope by Default', making any critical vulnerability with a demonstrable impact on its online services—whether in Microsoft-owned code, third-party components, or open-source—eligible for bounty awards. Announced at Black Hat Europe, the policy expands eligibility across Microsoft domains and cloud services and invites coordinated disclosure under agreed rules of engagement. The company says the change aims to incentivize research on the highest-risk areas, while established Rules of Engagement prohibit credential misuse, phishing, disruptive DoS testing, and other harmful methods.