All news with #microsoft tag

⚠️ Microsoft is investigating a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage, with failures reported since November 2. The company says a recent service update introduced a code defect affecting the license check process, and it has tagged the situation as an incident. A fix has been developed and is being validated in Microsoft's internal environment, and the company promised an update on deployment timing by 6:30 PM UTC. Microsoft is also addressing a separate issue causing some users to be unable to open Excel attachments in the new Outlook client due to filename encoding errors.

🔒 Microsoft has quietly fixed CVE-2025-9491, a Windows Shortcut (.LNK) UI misinterpretation flaw that enabled remote code execution and has been abused since 2017 by multiple state-affiliated and criminal groups. The change, deployed in November 2025, forces the Properties dialog to display the full Target command string regardless of length, removing the truncation that hid malicious arguments. Vendors including 0patch and ACROS Security noted alternative mitigations — a UI change by Microsoft and a warning-based micropatch — that together reduce user exposure.

🔒 Microsoft has quietly mitigated a high-severity Windows LNK vulnerability tracked as CVE-2025-9491, which attackers used to hide malicious command-line arguments inside .lnk files. The flaw relied on padding the Target field so Windows previously masked arguments beyond 260 characters, enabling persistence and malware delivery. Microsoft’s November update now shows the full Target string in Properties but does not remove malicious arguments or warn users. An unofficial 0Patch micropatch limits target strings and warns on unusually long values.

🔒 AI-SPM is emerging to protect AI/ML pipelines, cloud-hosted models and large datasets without moving data. The guide outlines core capabilities — agentless access, data classification, pipeline protection, model monitoring and compliance checks — and summarizes offerings from vendors such as Cyera, LegitSecurity, Microsoft, Orca and Palo Alto Networks. It also advises reviewing standards like MITRE ATLAS and OWASP LLM when evaluating tools.

🚀 Microsoft has added Mistral Large 3 to Foundry on Azure, offering a high-capability, Apache 2.0–licensed open-weight model optimized for production workloads. The model focuses on reliable instruction following, extended-context comprehension, strong multimodal reasoning, and reduced hallucination for enterprise scenarios. Foundry packages unified governance, observability, and agent-ready tooling, and allows weight export for hybrid or on-prem deployment.

⚠️ Microsoft is mitigating an ongoing incident affecting the Defender XDR portal that began roughly 10 hours ago and was first acknowledged at 06:10 UTC. The outage stemmed from a traffic spike that drove high CPU utilization on components responsible for portal functions, blocking access and disrupting features such as advanced threat-hunting alerts and device visibility. Microsoft applied mitigation to increase processing throughput and reports partial recovery for some customers while it analyzes HAR traces and coordinates client-side diagnostics with impacted organizations.

🚀 Over the past decade Microsoft and Red Hat have built a strategic partnership centered on open source and enterprise cloud innovation. Together they delivered offerings such as Red Hat Enterprise Linux on Azure and Azure Red Hat OpenShift, combining managed services, integrated support, and Marketplace availability. At Ignite 2025 the collaboration brought GA of OpenShift Virtualization and Confidential Containers, enabling VMs and hardware-isolated containers to run side-by-side for modernization and secure workloads.

⚠️ Microsoft confirmed that the KB5070311 preview update can cause a brief bright white flash when launching File Explorer in dark mode on Windows 11 systems. The behavior is also triggered when navigating to or from Home or Gallery, creating a new tab, toggling the Details pane, or selecting 'More details' while copying files. Microsoft says it is working on a solution but has not provided a timeline; affected users are advised to disable dark mode as a temporary workaround.

🔧 Microsoft has published the optional KB5070311 preview cumulative update for Windows 11, delivering 49 non-security fixes and quality improvements. The November preview resolves an explorer.exe and taskbar hang triggered by certain notifications, corrects File Explorer search issues affecting some SMB shares, and addresses an LSASS access-violation instability. Install via Settings → Windows Update or download from the Microsoft Update Catalog; this update advances 25H2 and 24H2 builds to 26200.7309 and 26100.7309 respectively.

🔧 Microsoft is addressing a bug that prevents some users from opening Excel email attachments in the new Outlook client when filenames contain non‑ASCII characters. The company says the root cause is a missing encoding in the file‑open requests and that a fix has been developed and deployed for validation. While the rollout is still in progress, affected users are advised to use Outlook on the web or download the file to open it locally as a temporary workaround.

🔒 Microsoft warned that updates to Windows 11 released since August may make the password sign‑in icon invisible on the lock screen for systems with multiple sign‑in options. The button remains functional — hovering over the blank space reveals the password control. The issue is tied to the non‑security preview KB5064081 and later releases on 24H2/25H2. Microsoft has provided no timeline for a fix and offers no workaround beyond the hover action.

⚠️ Researchers warn a cross-tenant blind spot in Microsoft Teams can allow attackers to sidestep Microsoft Defender for Office 365 when users accept guest access in another tenant. Protections follow the hosting tenant, not the user's home organization, enabling attackers to create protection-free malicious tenants using low-tier licenses. Organizations should restrict B2B invitations, enable cross-tenant access controls, and train users to reject unsolicited guest invites.

🔒 Microsoft will update its Content Security Policy to block unauthorized script injection during browser-based Entra ID sign-ins at login.microsoftonline.com. The policy will permit script downloads only from Microsoft-trusted CDN domains and allow inline execution solely from trusted Microsoft sources. Rolled out globally in mid-to-late October 2026 under the Secure Future Initiative, the change excludes Microsoft Entra External ID. Organizations should test sign-in flows and avoid browser extensions or tools that inject code to prevent authentication friction.

🔒 Kaspersky researchers report that ToddyCat updated its toolkit in late 2024 and early 2025 to target Outlook email data and Microsoft 365 access via OAuth 2.0 tokens. Previously known for compromising internet-facing Microsoft Exchange servers, the group now uses a C++ utility, TCSectorCopy, to copy OST files and parses them with XstReader to read full email archives. When browser-based token extraction was blocked, attackers deployed ProcDump to dump tokens from Outlook memory. Kaspersky released IOCs and technical details to support detection and response.

🔒 Security researchers warn that a cross-tenant collaboration design in Microsoft Teams can cause a user's Defender for Office 365 protections to be dropped when they accept a guest invitation and join another tenant. The default-enabled feature MC1182004 (chat with any email) lowers the bar for attackers to spin up hostile tenants and deliver links or files that bypass URL scanning, Safe Links, file sandboxing and zero-hour auto purge. Administrators are advised to treat guest access as a trust boundary: restrict B2B invites to vetted domains, enforce Entra ID cross-tenant policies, and disable the 'chat with Anyone' capability where appropriate.

🔒 The article by Stan Kaminsky summarizes practical hardening steps for on-premises Microsoft Exchange, emphasizing that Exchange Server Subscription Edition (Exchange SE) will be the only supported on-premises option in 2026 following the end of support for Exchange Server 2019. It outlines common attacker techniques — from password spraying and web shells to mail-flow rule abuse — and highlights immediate actions like migrating to Exchange SE or obtaining Extended Security Updates, applying regular Cumulative Updates, and enabling the Emergency Mitigation service. Recommendations also cover baseline configuration, EDR/EPP deployment, modern authentication, Kerberos adoption, TLS and HSTS, administrative access controls, PowerShell stream signing and protections for forged mail headers.

🔒 Microsoft warned that FIDO2 security keys may prompt users to create or enter a PIN after Windows updates beginning with the September 29, 2025 KB5065789 preview. This behavior affects devices running Windows 11 24H2 or 25H2 when a Relying Party or identity provider requests User Verification set to preferred. Microsoft says the change is intentional to align with the WebAuthn specification, which requires PIN setup when authenticators support user verification. Organizations that want to avoid PIN prompts can set user verification to discouraged in their WebAuthn settings.

🔒 Microsoft will strengthen the Entra ID browser sign-in experience starting mid-to-late October 2026 by enforcing a stricter Content Security Policy that permits scripts only from Microsoft-trusted CDN domains and approved inline sources. The change applies to sign-ins at login.microsoftonline.com; Microsoft Entra External ID is not affected. Administrators should test sign-in flows, remove code-injecting extensions and review developer-console violations to identify and address dependencies before the rollout.

🔒 Kaspersky Labs reports that the ToddyCat APT refined its toolkit in late 2024 and early 2025 to harvest Outlook offline archives and Microsoft 365 OAuth tokens in addition to browser credentials. New PowerShell and C++ components — notably TomBerBill and TCSectorCopy — copy browser artifacts and sector‑level OST files while attackers also attempt in‑memory token grabs from Outlook processes to maintain persistent access.

⚠️ Microsoft is investigating an Exchange Online outage (incident EX1189820) preventing customers from accessing mailboxes via the classic Outlook desktop client, with reports of server connection and login failures. The company says impact is specific to users in Asia Pacific and North America and has classified the event as an incident in the admin center. As a workaround, affected users are advised to use Outlook on the Web while Microsoft analyzes the issue.