< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 26 of 42

New e-book: Why point solutions hinder modern security

🔒 Microsoft’s new e-book, "3 reasons point solutions are holding you back", argues that fragmented security tools increase costs, slow investigations, and limit AI effectiveness. It advocates a unified, AI-ready security platform that consolidates telemetry, analytics, and automation across detection, response, exposure management, and cloud security. Learn how Microsoft Defender, Microsoft Sentinel, and Microsoft Security Copilot combine to improve MTTR, predictive defense, and operational efficiency.
read more →

OAuth Device Code Phishing Surges, Targeting Microsoft 365

🔐 Proofpoint has observed a sharp increase in phishing campaigns that abuse Microsoft's OAuth device code authorization flow to gain access to Microsoft 365 accounts. Attackers use social engineering — QR codes, embedded buttons and hyperlinks — to trick users into entering device codes on Microsoft's legitimate verification page, which yields valid access tokens. Readily available tools such as SquarePhish2 and Graphish have lowered the bar for both state-aligned and financially motivated actors.
read more →

Microsoft updates break Azure Virtual Desktop RemoteApp

⚠️ Microsoft has confirmed that recent Windows updates cause RemoteApp connection failures for Azure Virtual Desktop on Windows 11 24H2/25H2 and Windows Server 2025, triggered after the November 2025 non-security update KB5070311 or later. The issue affects RemoteApp streaming connections while full virtual desktop sessions remain functional and typically does not impact consumer Home or Pro devices. Microsoft advises a temporary mitigation — adding a registry DWORD (requires administrator privileges) and restarting the device — and has applied a Known Issue Rollback for Pro and Enterprise SKUs. Enterprise administrators can alternatively deploy the provided Group Policy MSI to apply the rollback centrally while Microsoft works on a permanent fix.
read more →

Microsoft warns MSMQ may fail after December update

⚠️ Microsoft warns a December security update (KB5071546) can cause MSMQ to become inactive in enterprise and clustered environments, disrupting applications that rely on queued messaging. Reported symptoms include IIS failures with resource errors, applications unable to write to queues, and misleading log entries about disk space. Microsoft says a workaround exists but directs admins to contact Support for Business; community responders have recommended temporarily granting write access to C:\Windows\System32\msmq or rolling back the update until an official fix is issued. Affected systems include Windows Server 2012/2012 R2/2016/2019 and several Windows 10 builds.
read more →

Zeroday Cloud: $320,000 awarded for 11 zero-days in London

🔒 The Zeroday Cloud competition in London, hosted by Wiz Research with support from AWS, Microsoft, and Google Cloud, awarded $320,000 to teams that demonstrated 11 zero-day remote code execution vulnerabilities. Exploits affected critical cloud components including Redis, PostgreSQL, MariaDB, Grafana, and a Linux-kernel container escape that broke tenant isolation. Team Xint Code earned the top prize of $90,000. Attempts against AI tooling such as vLLM and Ollama were made but failed due to time exhaustion.
read more →

Microsoft Named Leader in Gartner AI Application Platforms

🚀 Microsoft was named a Leader in the 2025 Gartner Magic Quadrant for AI Application Development Platforms and is positioned furthest for Completeness of Vision. The post presents Microsoft Foundry as a unified platform to build, deploy, and govern agentic AI—emphasizing secure grounding, multi-agent orchestration, observability, and cloud-to-edge model deployment. It also describes an agent-driven submission process that automated evidence collection and validation to improve accuracy and efficiency.
read more →

Microsoft advises admins to contact support over MSMQ bug

⚠ Microsoft has asked enterprise customers to contact support for guidance after a Message Queuing (MSMQ) change in recent December 2025 updates caused applications and IIS sites to fail. The bug, affecting Windows 10 22H2, Windows Server 2019, and 2016 systems with KB5071546/KB5071544/KB5071543 installed, alters NTFS permissions on C:\Windows\System32\MSMQ\storage, requiring write access and causing resource errors. Microsoft is investigating and advising businesses to seek tailored mitigations or consider rolling back updates.
read more →

Azure updates from Microsoft Ignite 2025 for partners

🔔 Microsoft announced a broad set of Azure updates at Ignite 2025 designed to help partners accelerate AI-first transformation and modernization. Key highlights include Azure Copilot (private preview) for ARM-driven agent automation, public previews of Foundry Control Plane, Foundry IQ and Fabric IQ, and the Microsoft Agent Factory program with streamlined P3 procurement. These capabilities emphasize governance, secure agent management, unified knowledge retrieval, and data-driven intelligence to reduce operational overhead and speed partner-led deployments.
read more →

Microsoft to Block Exchange Online for Outdated EAS

🔒 Microsoft will block mobile devices running outdated email software from connecting to Exchange Online if they use Exchange ActiveSync versions below 16.1, effective March 1, 2026. The change applies to native mobile email apps that rely on EAS and does not affect on-premises Exchange installations or users of Outlook Mobile, which uses a different sync method. Administrators can identify impacted devices with a provided PowerShell query and should coordinate updates with device and app vendors to avoid service disruption.
read more →

Microsoft named overall leader in GAD Leadership Compass

🛡️ Microsoft has been named an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense, highlighting its enterprise-ready security and governance capabilities for AI. The company emphasizes embedding security across AI apps, agents, platforms, and infrastructure using an identity-first, defense-in-depth approach. Key controls include Entra Agent ID, Microsoft Purview for real-time DLP and classification, Microsoft Defender for runtime protection, and governance tools such as Agent365 and Foundry. Built-in compliance support aligns with frameworks like EU AI Act, NIST AI RMF, and ISO 42001.
read more →

Recent Windows Updates Disrupt VPN Access for WSL Enterprise

🔧 Microsoft warns that recent Windows 11 updates, starting with the KB5067036 October 28, 2025 non-security update and including later releases such as KB5072033, can break VPN networking for enterprise users running WSL with mirrored mode enabled. Affected users report "No route to host" errors inside WSL because some third-party VPN virtual interfaces (for example OpenVPN and Cisco Secure Client) do not respond to ARP requests and so fail to resolve IP-to-MAC mappings. Microsoft is investigating the issue but has not provided a workaround or ETA for a fix.
read more →

Microsoft Expands Bug Bounty with 'In Scope by Default'

🛡️ Microsoft unveiled a new security policy, In Scope by Default, at Black Hat Europe to expand its bug-bounty coverage to any critical vulnerabilities that demonstrably affect its online services. The program covers Microsoft-managed code as well as third-party and open source components when no existing bounty exists. Researchers submit reports via Microsoft’s coordinated disclosure platform under defined rules that permit broad red-team testing while prohibiting credential access, phishing, and excessive DoS.
read more →

Microsoft December Updates Break Message Queuing Functionality

⚠️ Microsoft has confirmed that its December 2025 security updates are breaking Message Queuing (MSMQ) on affected systems. Machines with KB5071546, KB5071544, or KB5071543 installed — including Windows 10 22H2, Windows Server 2019, and Windows Server 2016 — can experience inactive queues, IIS sites failing with 'insufficient resources', and applications unable to write to queues. Microsoft attributes the failures to security model and NTFS permission changes that require MSMQ users to have write access to C:\Windows\System32\MSMQ\storage; a timeline for a fix has not been provided.
read more →

The Best XDR Tools: Top Extended Detection Platforms

🔒Extended Detection and Response (XDR) platforms combine elements of SIEM, EDR and SOAR to deliver unified visibility, real-time threat detection and automated response across endpoints, networks and cloud environments. The article outlines evaluation criteria — integration with existing investments, policy and rule management, and usability/training — and notes subscription pricing and staffing as primary cost considerations. It then lists prominent XDR offerings from vendors such as Bitdefender, CrowdStrike, Microsoft and others.
read more →

Microsoft Moves to 'In Scope by Default' for Vulnerabilities

🔒 Microsoft has shifted to 'In Scope by Default', making any critical vulnerability with a demonstrable impact on its online services—whether in Microsoft-owned code, third-party components, or open-source—eligible for bounty awards. Announced at Black Hat Europe, the policy expands eligibility across Microsoft domains and cloud services and invites coordinated disclosure under agreed rules of engagement. The company says the change aims to incentivize research on the highest-risk areas, while established Rules of Engagement prohibit credential misuse, phishing, disruptive DoS testing, and other harmful methods.
read more →

Microsoft Bounty Program Now Covers All Service Flaws

🔒 Microsoft will now pay bounties for critical vulnerabilities that directly impact any of its online services, whether the flawed code is Microsoft-owned, third-party, or open source. Announced by Tom Gallagher at Black Hat Europe, the change makes all current and newly launched Microsoft online services in-scope by default. The move aims to steer researcher attention to high-risk areas and accelerate remediation. Microsoft said it paid over $17 million to security researchers in the past year.
read more →

ConsentFix attack hijacks Microsoft accounts via Azure CLI

🔒 A new variant of the ClickFix social‑engineering technique, called ConsentFix, abuses the Azure CLI OAuth flow to hijack Microsoft accounts without passwords or MFA. Discovered by Push Security, the campaign lures targets via compromised high‑ranking websites and a fake Cloudflare Turnstile CAPTCHA to filter victims. The attack captures an OAuth authorization code returned to a localhost redirect and instructs the user to paste the URL, enabling the attacker to exchange the code for an Azure CLI access token and take control of the account.
read more →

Microsoft Fixes Explorer White Flashes in Dark Mode

⚠️Microsoft has issued a fix for a known bug that caused File Explorer to briefly flash white when launched or navigated in dark mode after installing the optional KB5070311 update. The behavior also occurred when opening a new tab, toggling the Details pane, selecting 'More details' during file copy, or moving to/from Home or Gallery. Microsoft says the December cumulative KB5072033 update resolves the issue and includes related stability and PowerShell warnings.
read more →

Microsoft Teams adds alerts for suspicious external traffic

🔔 Microsoft is introducing an External Domains Anomalies Report for Microsoft Teams to analyze messaging trends and surface suspicious interactions with external domains. The tool will flag sharp spikes in activity, communications with new domains, and abnormal engagement patterns to give administrators early visibility into potential data-sharing or security risks. Microsoft plans a worldwide rollout to standard multi-tenant web environments in February 2026, though licensing implications remain unspecified. The change complements other Teams protections such as malicious-link warnings, false-positive reporting, meeting screen-capture blocking, and desktop performance improvements.
read more →

Microsoft Patches Three Zero-Days Including Kernel EoP

⚠️ Microsoft has released patches for three zero-day vulnerabilities in its December update, including an actively exploited kernel elevation-of-privilege in the Windows Cloud Files Mini Filter Driver (CVE-2025-62221). Two additional zero-days—an RCE in PowerShell (CVE-2025-54100) and an RCE in GitHub Copilot for JetBrains (CVE-2025-64671)—were publicly disclosed but not observed in the wild. Security experts warn attackers could chain the kernel flaw with other exploits to achieve full system or domain compromise.
read more →