< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 21 of 42

AI Recommendation Poisoning: Manipulating Assistant Memory

🔒 Microsoft Defender researchers describe a growing practice they call AI Recommendation Poisoning, where hidden instructions in pre-filled prompts and “Summarize with AI” links attempt to inject persistent memory commands into assistants. The study identified more than 50 unique prompts from 31 companies across 14 industries targeting assistants such as Copilot, ChatGPT, and Claude. Freely available tools and plugins make the technique trivial to deploy, enabling subtly biased recommendations on topics like health, finance, and security. Microsoft reports mitigations are in place and provides hunting queries and guidance for defenders.
read more →

Microsoft Adds Mobile-Style Permission Prompts to Windows

🔐 Microsoft will introduce smartphone-style permission prompts in Windows 11 to request user consent before apps access sensitive resources such as files, cameras, and microphones. The company is also launching a Windows Baseline Security Mode to enable runtime integrity safeguards by default while still permitting targeted overrides for specific apps. These changes are part of the Secure Future Initiative and will roll out in phases with developer, enterprise, and ecosystem feedback. Users and IT administrators will be able to view, grant, or revoke app permissions and will receive clearer prompts when apps attempt to install unwanted software or access protected data.
read more →

CISA Adds Six Microsoft Vulnerabilities to KEV Catalog

⚠️ CISA added six Microsoft-related vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on February 10, 2026, citing evidence of active exploitation. The entries include CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21525, and CVE-2026-21533, affecting Windows, MSHTML, and Office components. Federal agencies must remediate KEV entries under BOD 22-01, and CISA urges all organizations to prioritize patching to reduce exposure.
read more →

February 2026 Patch Tuesday: Six Zero-Days, Five Criticals

🚨 Microsoft’s February 2026 updates address 59 vulnerabilities, including six actively exploited zero-days and five Critical issues. CrowdStrike identified the Windows Remote Desktop elevation-of-privilege (CVE-2026-21533) and observed exploitation against U.S. and Canadian organizations; other zero-days affect MSHTML, Windows Shell, Microsoft Word, Desktop Window Manager and Remote Access Connection Manager. Three Critical Azure service flaws were remediated in-platform while two Critical issues in Azure confidential containers require customer patching. CrowdStrike recommends timely updates, compensating controls, expanded detection/hunting, and use of the Falcon Exposure Management dashboard to prioritize and mitigate risk.
read more →

Exchange Online flags legitimate emails as phishing

📧 Microsoft is investigating an ongoing Exchange Online issue that is mistakenly marking legitimate email messages as phishing and quarantining them. The problem began on February 5 and continues to disrupt customers' ability to send and receive mail. Microsoft traced the fault to a newly introduced URL rule that incorrectly classifies certain links as malicious. The company is releasing quarantined messages and working to unblock legitimate URLs while it completes remediation.
read more →

Top Customer Identity and Access Management (CIAM) Tools

🔐 CIAM platforms manage authentication, authorization, consent, and customer identity for public-facing applications. Analysts highlight six leading solutions — IBM Security Verify, LoginRadius, Microsoft Entra, Okta/Auth0, OneLogin, and Ping Identity — each balancing usability, extensibility, and security differently. Offerings range from turnkey, no-code deployments to developer-led, API-first systems and vary in native fraud analytics, FIDO2 support, consent-management capabilities, and integrations with BI/CRM ecosystems. Organizations should weigh marketing data needs, privacy compliance, and fraud protection when choosing a CIAM.
read more →

State-Linked 'Shadow Campaigns' Target 155 Countries

🕵️‍♂️ Palo Alto Networks' Unit 42 reports a state-sponsored threat actor tracked as TGR-STA-1030/UNC6619 has run global-scale "Shadow Campaigns," compromising at least 70 government and critical infrastructure organizations across 37 countries and conducting reconnaissance tied to 155 countries. The actor has been active since at least January 2024 and is assessed to operate from Asia. Initial access combined tailored phishing lures hosted on Mega.nz with exploitation of known flaws in SAP Solution Manager, Microsoft Exchange, D-Link, and Windows to deploy loaders such as Diaoyu. Victim environments were instrumented with Cobalt Strike, webshells, tunneling tools, and a bespoke Linux eBPF rootkit named ShadowGuard to hide activity and evade detection.
read more →

Microsoft to retire Exchange Online EWS API in 2027

🔔 Microsoft will retire the Exchange Web Services (EWS) API for Exchange Online on April 1, 2027, after nearly 20 years. Beginning October 1, 2026, Microsoft will block EWS by default; administrators can temporarily preserve access via tenant application allowlists if configured by the end of August 2026, and Microsoft will pre-populate allowlists for tenants that do not create their own. The retirement applies only to cloud-hosted Exchange; Microsoft recommends migrating integrations to the Microsoft Graph API, which now offers near feature parity for most scenarios.
read more →

Anthropic's Claude Opus 4.6 Available in Microsoft Foundry

🤖 Claude Opus 4.6 is now available in Microsoft Foundry on Azure, delivering Anthropic’s advanced reasoning and agent capabilities to enterprise workflows. The model supports a beta 1M-token context window, up to 128K output tokens, and new API controls including Adaptive Thinking and Context Compaction. Integrated with Foundry IQ and Azure governance, Opus 4.6 targets coding, knowledge work, finance, legal, cybersecurity, and multi-tool agent automation—helping teams move from experimentation to production while preserving compliance and operational control.
read more →

Microsoft supports Operation Winter SHIELD to close gaps

🔒 Microsoft is supporting Operation Winter SHIELD, a nine-week FBI-led effort beginning February 2, 2026, that shifts focus from guidance to practical implementation so organizations can operationalize controls that actually reduce risk. Microsoft will provide technical resources and platform-backed guardrails — including Baseline Security Mode — to enforce phish-resistant MFA, block legacy authentication, and surface unsupported systems. The initiative emphasizes secure-by-default configurations and automation to turn recommendations into enforceable protections and narrow the execution gap attackers exploit.
read more →

Microsoft Builds Scanner to Detect Backdoors in LLMs

🔍 Microsoft has developed a lightweight scanner to detect backdoors in open-weight large language models (LLMs) by evaluating three observable signals tied to internal model behavior. The tool extracts memorized content, isolates suspect substrings, and scores candidates with loss functions that formalize attention and output anomalies. The approach requires no additional training and runs across common GPT‑style models, but it needs access to model files and is best suited for trigger-based, deterministic backdoors.
read more →

Detecting Backdoored Language Models at Scale — Practical Scanner

🔍 Microsoft researchers released new findings and a practical scanner for detecting backdoors in open-weight language models. The study identifies three signatures — a distinctive “double triangle” attention pattern, leakage of poisoning training data through memorization, and trigger “fuzziness” — and uses them to reconstruct likely triggers without retraining. The scanner requires only forward passes, works on GPT-like models, and was validated across 270M–14B models and common fine-tuning regimes. The team notes limits: it needs model file access, favors deterministic backdoors, and should be used as part of layered defenses.
read more →

Microsoft Adds Native Sysmon to Windows 11 Preview Builds

🛡️ Microsoft has begun rolling out native Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program. The built-in feature is disabled by default and requires uninstalling any Sysmon copies from the Sysinternals site before enabling the native implementation. Administrators can enable it via Settings or by running Dism, then complete installation with sysmon -i. Captured events are written to the Windows Event Log and support custom configuration files to filter telemetry.
read more →

Microsoft SDL Expands to Secure AI-Powered Systems

🔒 Microsoft’s SDL is expanding to secure AI-powered systems by treating AI risks as dynamic, cross-disciplinary challenges rather than a static checklist. The update highlights AI-specific threats—prompt injection, data poisoning, memory and cache leakage, and malicious tool interactions—and stresses the need for telemetry-driven detection and faster feedback loops. Microsoft emphasizes developer-friendly policy, automation, and collaborative threat modeling to integrate security into everyday engineering practice.
read more →

Microsoft Provides BitLocker Keys to FBI Under Orders

🔐 Microsoft has the technical ability to release BitLocker recovery keys to the FBI when presented with appropriate court orders, a capability reportedly exercised roughly twenty times per year. While users can keep recovery keys only on their own devices, Microsoft advises storing them on its servers for convenience. That cloud backup simplifies recovery after lost credentials or device lockouts but also makes keys accessible to law enforcement through subpoenas or warrants.
read more →

Microsoft January update shutdown bug affects more PCs

⚠️ Microsoft confirmed that a shutdown bug first reported on Windows 11 also affects Windows 10 devices with Virtual Secure Mode (VSM) enabled after recent January updates. The issue was initially tied to Windows 11 23H2 with KB5073455 and System Guard Secure Launch; emergency patches were issued shortly afterward. Affected users can temporarily force a shutdown using the command shutdown /s /t 0 while Microsoft prepares a broader fix.
read more →

Microsoft Begins Three-Stage NTLM Phase-Out Plan for Windows

🔒 Microsoft announced a three-stage plan to make NTLM disabled by default and move Windows environments to stronger, Kerberos-based authentication. Phase 1 (available now) introduces enhanced NTLM auditing to identify where legacy authentication is used. Phase 2 (pre-release) will address migration blockers with features such as IAKerb and a Local KDC and update core Windows components to prefer Kerberos (targeted H2 2026). Phase 3 will ship NTLM disabled by default in the next Windows Server and associated client, with policy controls to explicitly re-enable legacy behavior.
read more →

Microsoft fixes Windows 11 bug hiding password icon

🔒 Microsoft has resolved a Windows 11 sign-in issue that caused the password icon to disappear from lock screen options after installing August 2025 updates and later. Affected users with multiple sign-in methods could still sign in by hovering over the placeholder to reveal the hidden button. The fix is included in the optional January 2025 KB5074105 preview update released January 29; install via Settings > Windows Update or the Microsoft Update Catalog.
read more →

Microsoft to Disable NTLM by Default in Windows Releases

🔒 Microsoft announced it will disable NTLM network authentication by default in upcoming Windows Server and client releases, shifting systems toward Kerberos-based and passwordless authentication. The vendor outlined a three‑phase transition: Phase 1 provides enhanced auditing in Windows 11 24H2 and Windows Server 2025, Phase 2 (H2 2026) adds mitigation features such as IAKerb and a Local Key Distribution Center, and Phase 3 will block NTLM network authentication by default. The protocol will remain in the OS and can be re-enabled by policy where necessary.
read more →

Microsoft Fixes Outlook Bug Blocking Encrypted Emails

✅ Microsoft has issued a fix for a known issue that prevented Microsoft 365 customers from opening Encrypt Only messages in classic Outlook after a December update. Impacted users saw a message_v2.rpmsg attachment instead of readable content and a 'restricted permission' notice in the Reading Pane. Microsoft says the repair is available in the Beta Channel now and will roll to Current Channel and Current Channel Preview in February. Temporary workarounds are provided for users who cannot upgrade immediately.
read more →