< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 27 of 42

Microsoft Patches 56 Flaws Including Active Zero-Days

🛡️ Microsoft released December 2025 patches addressing 56 Windows vulnerabilities, three rated Critical and 53 Important. The update fixes 29 privilege-escalation flaws, 18 remote code execution bugs and other defects, and includes two zero-days and one actively exploited use-after-free (CVE-2025-62221) in the Cloud Files Mini Filter Driver. Administrators are urged to prioritize the KEV-listed fix and follow vendor guidance for mitigation and monitoring.
read more →

December Patch Tuesday: Active Windows Cloud Files Zero Day

🚨 Microsoft’s December Patch Tuesday delivers 57 fixes, but an actively exploited zero-day in Windows Cloud Files Mini Filter Driver (CVE-2025-62221) requires immediate remediation. The flaw is a low-complexity use-after-free escalation-of-privilege that can enable a local foothold to become full system compromise. Security teams should prioritize this patch, enforce least-privilege controls, and enhance monitoring where rapid patching isn't possible.
read more →

Microsoft Patch Tuesday December 2025: 57 Vulnerabilities

🛡️ Microsoft released its December 2025 Patch Tuesday addressing 57 vulnerabilities, two labeled as critical and the remainder as important. Cisco Talos notes Microsoft assessed exploitation of the two critical issues as less likely, while several important flaws are considered more likely to be attacked. Talos published Snort and Snort 3 rules to detect exploitation attempts and recommends updating firewall SRUs and applying vendor patches promptly.
read more →

Microsoft Patch Tuesday — December 2025 Security Fixes

🛡️ Microsoft released its final Patch Tuesday of 2025, addressing 56 vulnerabilities including one actively exploited zero-day, CVE-2025-62221, and two publicly disclosed bugs. The zero-day is a privilege escalation in the Windows Cloud Files Mini Filter Driver, a core component used by cloud sync services such as OneDrive. Three flaws received Microsoft’s Critical rating, including two Office bugs exploitable via Outlook’s Preview Pane. Administrators should prioritize updates for the flagged privilege escalation issues and apply patches promptly.
read more →

Windows PowerShell Warns When Invoke-WebRequest Runs

⚠ Windows PowerShell 5.1 now displays a security confirmation when using Invoke-WebRequest to fetch web pages, warning that scripts in a downloaded page might run during parsing. The change, delivered with update KB5074204, mitigates a high-severity RCE tracked as CVE-2025-54100 and brings safer parsing behavior from PowerShell 7. Microsoft recommends rerunning commands with the -UseBasicParsing switch or updating automation to include it. Note that the 'curl' alias maps to Invoke-WebRequest and will trigger the same prompt.
read more →

Microsoft issues KB5071546 ESU update for Windows 10

🔒 Microsoft has released the KB5071546 extended security update for Windows 10 Enterprise LTSC and systems enrolled in the ESU program, addressing 57 security vulnerabilities including three zero-days. The mandatory patch updates Windows 10 to build 19045.6691 (LTSC 2021 to 19044.6691) and installs automatically, requiring a restart. Notably, it fixes a remote code execution zero-day in PowerShell (CVE-2025-54100) by adding a confirmation prompt and guidance to use -UseBasicParsing with Invoke-WebRequest to avoid parsing embedded scripts.
read more →

Microsoft December 2025 Patch Tuesday: 57 Fixes, 3 Zero-Days

🔒 Microsoft's December 2025 Patch Tuesday delivers fixes for 57 vulnerabilities, including three zero-day flaws — one actively exploited and two publicly disclosed. The update addresses 19 remote code execution, 28 elevation of privilege, four information disclosure, three denial of service, and two spoofing issues across Windows, PowerShell, Office, Exchange Server and drivers. Administrators should prioritize the actively exploited CVE-2025-62221 and apply vendor patches promptly.
read more →

Windows 11 KB5072033 & KB5071417 Patch Tuesday December 2025

🔔 Microsoft released cumulative updates KB5072033 (25H2/24H2) and KB5071417 (23H2) as the December 2025 Patch Tuesday rollup. The mandatory updates include security fixes, bug patches, and new or enhanced features such as improved File Explorer dark mode, Virtual Workspaces advanced settings, and expanded Full‑Screen Experience for handheld devices. Install via Settings > Windows Update or the Microsoft Update Catalog; features will roll out gradually.
read more →

Changing the Physics of Cyber Defense with Graphs Today

🔍 John Lambert of MSTIC argues defenders should model infrastructure as directed graphs of credentials, entitlements, dependencies and logs so they can trace the attacker’s “red thread.” He introduces the algebras of defense—graphs, relational tables, anomalies, and vectors over time—that let analysts and AI ask domain-specific questions like blast radius or path to crown jewels. Lambert also emphasizes preventative hygiene: asset and entitlement management, deprecating legacy systems, segmentation, and phishing-resistant MFA. He urges collaborative intelligence and AI-enabled tooling to shift advantage back to defenders.
read more →

Malicious VS Code Extensions and Supply‑Chain Packages

🔒 Security researchers uncovered malicious extensions on the Microsoft Visual Studio Code Marketplace that delivered stealer malware while posing as a dark theme and an AI assistant. Koi Security reported the extensions downloaded additional payloads, captured screenshots, and siphoned emails, Slack messages, Wi‑Fi passwords, clipboard contents and browser sessions to attacker servers. Microsoft removed the packages in early December 2025 after investigators linked them to a publisher using multiple similarly named packages.
read more →

December 2025 Patch Tuesday: One Zero-Day, 57 CVEs Addressed

🔔 Microsoft’s December 2025 Patch Tuesday addresses 57 CVEs, including one actively exploited Important zero‑day in the Windows Cloud Files Mini Filter Driver and two publicly disclosed Important zero‑days impacting GitHub Copilot for JetBrains and PowerShell. Two Critical RCE flaws in Microsoft Office increase urgency for enterprise patching and remediation. Organizations should prioritize applying Microsoft fixes, adopt layered mitigations where patches are delayed, and use CrowdStrike Falcon dashboards to track affected assets and remediation progress.
read more →

Malicious VSCode Extensions on Marketplace Drop Infostealers

🛡️ Two malicious Visual Studio Code extensions on Microsoft's Marketplace, Bitcoin Black and Codo AI, were found delivering an information-stealing payload that can capture screenshots, harvest credentials and crypto wallets, and hijack browser sessions. Published under the developer name 'BigBlack', Codo AI remained live with under 30 downloads at the time of reporting while Bitcoin Black showed a single install. Researchers at Koi Security observed that Bitcoin Black uses a wildcard activation and executes PowerShell or a hidden batch script to download a DLL and executable that leverage DLL hijacking to run the infostealer as 'runtime.exe'.
read more →

Microsoft and Beazley Partner to Strengthen Cyber Resilience

🤝 Microsoft announced a collaboration with Beazley that designates Microsoft Incident Response as an approved incident response provider for Beazley’s InfoSec and Media Tech policies. This alignment brings technical responders, insurers, brokers, and legal counsel together to accelerate detection, containment, and recovery. Microsoft Incident Response, supported by Microsoft Threat Intelligence and direct engineering access, offers streamlined invoicing aligned to insurance standards. Eligible incident response services used during a cyber event are considered reimbursable, helping customers secure faster claims and recovery.
read more →

Microsoft named Leader in 2025 Gartner Email Security

🔒 Microsoft has been named a Leader in the 2025 Gartner® Magic Quadrant for Email Security, recognizing advances in Microsoft Defender for Office 365. The announcement highlights agentic AI innovations and automated workflows—including an agentic email grading system and the Microsoft Security Copilot Phishing Triage Agent—that reduce manual triage and speed investigations. Microsoft also cites new protections like email bombing detection and expanded coverage across collaboration surfaces such as Microsoft Teams, while committing to greater transparency through in-product benchmarking and reporting.
read more →

Four Immediate Cybersecurity Priorities for Organizations

🔒 In this Deputy CISO blog, Damon Becknel, Microsoft’s VP and Deputy CISO for Regulated Industries, outlines four immediate priorities organizations should act on now. He emphasizes reinforcing essential cyber hygiene—accurate asset inventories, network segmentation, timely patching, MFA, EDR, and proxying email and web traffic—as the most effective means to reduce common intrusions. Becknel also urges adoption of modern standards like phishing-resistant MFA, secure DNS and DMARC, deployment of fingerprinting to track bad actors, and active cross-industry collaboration to share threat signals and raise the cost of attack.
read more →

Microsoft bug in Microsoft 365 licensing blocks downloads

⚠️ Microsoft is investigating a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage, with failures reported since November 2. The company says a recent service update introduced a code defect affecting the license check process, and it has tagged the situation as an incident. A fix has been developed and is being validated in Microsoft's internal environment, and the company promised an update on deployment timing by 6:30 PM UTC. Microsoft is also addressing a separate issue causing some users to be unable to open Excel attachments in the new Outlook client due to filename encoding errors.
read more →

Microsoft Quietly Patches Long-Exploited Windows LNK Bug

🔒 Microsoft has quietly fixed CVE-2025-9491, a Windows Shortcut (.LNK) UI misinterpretation flaw that enabled remote code execution and has been abused since 2017 by multiple state-affiliated and criminal groups. The change, deployed in November 2025, forces the Properties dialog to display the full Target command string regardless of length, removing the truncation that hid malicious arguments. Vendors including 0patch and ACROS Security noted alternative mitigations — a UI change by Microsoft and a warning-based micropatch — that together reduce user exposure.
read more →

Microsoft mitigates Windows LNK zero-day exploited widely

🔒 Microsoft has quietly mitigated a high-severity Windows LNK vulnerability tracked as CVE-2025-9491, which attackers used to hide malicious command-line arguments inside .lnk files. The flaw relied on padding the Target field so Windows previously masked arguments beyond 260 characters, enabling persistence and malware delivery. Microsoft’s November update now shows the full Target string in Properties but does not remove malicious arguments or warn users. An unofficial 0Patch micropatch limits target strings and warns on unusually long values.
read more →

AI Security Posture Management: A Practical Buyer's Guide

🔒 AI-SPM is emerging to protect AI/ML pipelines, cloud-hosted models and large datasets without moving data. The guide outlines core capabilities — agentless access, data classification, pipeline protection, model monitoring and compliance checks — and summarizes offerings from vendors such as Cyera, LegitSecurity, Microsoft, Orca and Palo Alto Networks. It also advises reviewing standards like MITRE ATLAS and OWASP LLM when evaluating tools.
read more →

Mistral Large 3 Now Available in Microsoft Foundry

🚀 Microsoft has added Mistral Large 3 to Foundry on Azure, offering a high-capability, Apache 2.0–licensed open-weight model optimized for production workloads. The model focuses on reliable instruction following, extended-context comprehension, strong multimodal reasoning, and reduced hallucination for enterprise scenarios. Foundry packages unified governance, observability, and agent-ready tooling, and allows weight export for hybrid or on-prem deployment.
read more →