All news with #microsoft tag

🔧Microsoft released an out‑of‑band update (KB5071959) to address a Windows 10 Consumer ESU enrollment failure that could cause the ESU wizard to abort. Once the update is installed and the device is rebooted, affected systems should be able to complete ESU enrollment and resume receiving Extended Security Updates via Windows Update. Microsoft flagged the patch as a security update for non‑enrolled devices to restore access to essential fixes.

🔒 Microsoft released its November 2025 Patch Tuesday addressing 63 vulnerabilities across Windows, Office, Visual Studio and other components, including five labeled Critical. One important kernel elevation flaw, CVE-2025-62215, has been observed exploited in the wild. Critical issues include RCE in GDI+, Office, and Visual Studio, plus a DirectX elevation-of-privilege; Microsoft rates several as less likely to be exploited. Cisco Talos published Snort and Snort 3 rules and advises customers to apply updates and rule packs promptly.

🔐 Microsoft’s November 2025 progress report on the Secure Future Initiative outlines governance expansion, engineering milestones, and product hardening across Azure, Microsoft 365, Windows, Surface, and Microsoft Security. The update highlights measurable gains — a nine-point rise in security sentiment, 95% employee completion of AI-attack training, 99.6% phishing-resistant MFA enforcement, and 99.5% live-secrets detection and remediation. It also introduces AI-first security capabilities, new detections, and 10 actionable SFI patterns to help customers improve posture.

🔎 Microsoft researchers disclosed a new side-channel attack called Whisper Leak that can infer the topic of encrypted conversations with language models by observing network metadata such as packet sizes and timings. The technique exploits streaming LLM responses that emit tokens incrementally, leaking size and timing patterns even under TLS. Vendors including OpenAI, Microsoft Azure, and Mistral implemented mitigations such as random-length padding and obfuscation parameters to reduce the effectiveness of the attack.

🔔 The Windows 11 Start menu has received its first major redesign since 2021 and is rolling out with the November 11 Patch Tuesday update. The new Start is scrollable and places the All apps list on the main screen, offering a categorized view (groups built locally from a JSON file) and a classic A‑to‑Z grid. The UI adapts column counts to screen size, lets you hide the Recommended feed via Settings > Personalization > Start, and is included in Build 26200.7019 and 26100.7019 or newer though it may not enable immediately after updating.

🛡️ If you’re still running Windows 10, enroll in Microsoft’s Extended Security Updates (ESU) program before the next Patch Tuesday to continue receiving security fixes. Consumers can get one year of ESU for free by signing into a Microsoft account and enabling Windows settings backup, or alternatively pay $30 or redeem 1,000 Microsoft Rewards points. Enrollment is available via Settings > Update & Security > Windows Update and should confirm coverage through October 13, 2026.

🔁 Microsoft is testing a faster version of Quick Machine Recovery (QMR) in Windows 11 that runs a one‑time scan in the Windows Recovery Environment to more quickly identify and apply fixes for systems that fail to boot. When WinRE launches QMR it connects to the internet to upload crash data so administrators can remove problematic updates or adjust settings remotely. The update also lets administrators and users toggle Smart App Control from Windows Security without performing a clean OS install, and is currently available to Insiders on Dev and Beta via Build 26220.7070 (KB5070300).

⚠️ A proof-of-concept ransomware strain dubbed Ransomvibe was published as a Visual Studio Code extension and remained available in the VSCode Marketplace after being reported. Secure Annex analysts found the package included blatant indicators of malicious functionality — hardcoded C2 URLs, encryption keys, compression and exfiltration routines — alongside included decryptors and source files. The extension used a private GitHub repository as a command-and-control channel, and researchers say its presence highlights failures in Microsoft’s marketplace review process.

🔒 Many large enterprises deploy 40–80 distinct security tools, creating data silos, integration headaches and alert fatigue. Vendors such as Cisco, CrowdStrike and Microsoft are responding with integrated platform bundles that centralize cloud, email, endpoint, network, SIEM and threat intelligence. Drawing on the pitfalls of 1990s ERP migrations—data incompatibility, heavy customization and neglected organizational change—the article offers five practical tips for CISOs: secure executive buy-in, prioritize people over tech, phase implementations, build a modern data pipeline and use the move to streamline processes.

⚠️ Researchers flagged a malicious Visual Studio Code extension named susvsex that auto-zips, uploads and encrypts files on first launch and uses GitHub as a command-and-control channel. Uploaded on November 5, 2025 and removed from Microsoft's VS Code Marketplace the next day, the package embeds GitHub access tokens and writes execution results back to a repository. Separately, Datadog disclosed 17 trojanized npm packages that deploy the Vidar infostealer via postinstall scripts.

🔒 A malicious VS Code extension named susvsex, published by 'suspublisher18', was listed on Microsoft's official marketplace and included basic ransomware features such as AES-256-CBC encryption and exfiltration to a hardcoded C2. Secure Annex researcher John Tuckner identified AI-generated artifacts in the code and reported it, but Microsoft did not remove the extension. The extension also polled a private GitHub repo for commands using a hardcoded PAT.

🔐 CISOs are urged to learn from 1990s ERP migrations as they evaluate vendor-led security platforms from Cisco, CrowdStrike, Microsoft, Palo Alto Networks and others. Research shows many enterprises run 40–80 discrete security tools, driving silos, integration headaches, and alert fatigue. The article warns that platformization can repeat ERP mistakes—data inconsistency, excessive customization, political resistance, and costly timelines—and recommends executive sponsorship, phased implementations, a modern data pipeline, team retraining, and process reengineering to succeed.

🔒 Bug bounty programs remain a core component of security testing in 2025, drawing external researchers to identify flaws across web, mobile, AI, and critical infrastructure. Leading platforms like Bugcrowd, HackerOne, Synack and vendors such as Apple, Google, Microsoft and OpenAI have broadened scopes and increased payouts. Firms now reward full exploit chains and emphasize human-led reconnaissance over purely automated scanning. Programs also support regulatory compliance in critical sectors.

🔒 Microsoft confirmed that Microsoft Defender Application Guard (MDAG) for Office will be removed from enterprise Office builds, with phased removal beginning in 2026 and final cut-offs through 2027. MDAG used Hyper‑V sandboxing to isolate malicious Office documents but incurred slower load times and carried sandbox escape risks. Microsoft advises enabling Attack Surface Reduction (ASR) rules and Windows Defender Application Control (WDAC), and reviewing any automation, workflows, or SIEM integrations that depended on MDAG’s isolation logs.

🧰 The Microsoft Store web now enables Windows 11 users to create a Ninite-style multi-app installer that downloads and installs multiple apps from a single executable. Users can select apps on the Store website and click Install selected, which generates a background installer to run the installs. The capability currently works only in the Store web, is limited to a curated set of 64 apps, and restricts packages to 16 apps per download to avoid overwhelming Store servers.

🔒 Microsoft warned that installing Windows security updates released on or after October 14, 2025 can cause some systems to boot into BitLocker recovery, prompting users to enter their recovery key on first restart. The issue mainly affects Intel devices that support Connected Standby (Modern Standby) and occurs during restart or startup on Windows 11 24H2/25H2 and Windows 10 22H2. Microsoft says devices should boot normally after the key is entered and offers a Group Policy mitigation via Known Issue Rollback (KIR), with affected customers advised to contact Microsoft Support for Business.

🛡️ Microsoft announced expanded sovereign cloud offerings aimed at helping governments and enterprises meet regulatory and resilience requirements across Europe and beyond. The update includes end-to-end AI data processing within an EU Data Boundary, expanded Microsoft 365 Copilot in-country processing to 15 countries and additional rollouts through 2026, plus a refreshed Sovereign Landing Zone for simplified deployment of sovereign controls. Azure Local gains increased scale, external SAN support, and NVIDIA RTX Pro 6000 Blackwell GPUs for high-performance on-prem AI, along with planned disconnected operations. A new Digital Sovereignty specialization gives partners a way to validate and badge their sovereign-cloud expertise.

🚀 Microsoft and Anyscale announced a private preview bringing Anyscale’s managed Ray to Azure, enabling developers to run distributed Python AI/ML workloads with native Azure integration. The service leverages the RayTurbo runtime and Azure Kubernetes Service (AKS) to provide elastic scaling, GPU packing, spot VM support, and enhanced observability. It aims to simplify scaling from prototype to production and reduce operational overhead.

🔒 Microsoft will remove Defender Application Guard for Office (MDAG) from supported Office builds beginning with version 2602 in early February 2026 and expects full removal with version 2612 by mid‑2027. Files that previously opened in Application Guard will open in Protected View instead. Microsoft recommends enabling Defender for Endpoint ASR rules and Windows Defender Application Control to preserve protections; no admin action is required to trigger the removal.

🔒 Microsoft describes how generative AI, exemplified by Microsoft Security Copilot, addresses common SOC challenges such as alert fatigue, tool fragmentation, and analyst burnout. The post highlights AI-driven triage, rapid incident summarization, and automated playbooks that accelerate containment and remediation. It emphasizes proactive threat hunting, query generation to uncover lateral movement, and simplified, audience-ready reporting. Organizations report measurable improvements, including a 30% reduction in mean time to resolution.