< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 28 of 42

Microsoft Defender portal outage disrupts XDR access

⚠️ Microsoft is mitigating an ongoing incident affecting the Defender XDR portal that began roughly 10 hours ago and was first acknowledged at 06:10 UTC. The outage stemmed from a traffic spike that drove high CPU utilization on components responsible for portal functions, blocking access and disrupting features such as advanced threat-hunting alerts and device visibility. Microsoft applied mitigation to increase processing throughput and reports partial recovery for some customers while it analyzes HAR traces and coordinates client-side diagnostics with impacted organizations.
read more →

Ten Years of Microsoft and Red Hat: Open Innovation

🚀 Over the past decade Microsoft and Red Hat have built a strategic partnership centered on open source and enterprise cloud innovation. Together they delivered offerings such as Red Hat Enterprise Linux on Azure and Azure Red Hat OpenShift, combining managed services, integrated support, and Marketplace availability. At Ignite 2025 the collaboration brought GA of OpenShift Virtualization and Confidential Containers, enabling VMs and hardware-isolated containers to run side-by-side for modernization and secure workloads.
read more →

KB5070311 Causes Explorer to Flash White in Dark Mode

⚠️ Microsoft confirmed that the KB5070311 preview update can cause a brief bright white flash when launching File Explorer in dark mode on Windows 11 systems. The behavior is also triggered when navigating to or from Home or Gallery, creating a new tab, toggling the Details pane, or selecting 'More details' while copying files. Microsoft says it is working on a solution but has not provided a timeline; affected users are advised to disable dark mode as a temporary workaround.
read more →

Windows 11 KB5070311 Preview Fixes Explorer Freezes

🔧 Microsoft has published the optional KB5070311 preview cumulative update for Windows 11, delivering 49 non-security fixes and quality improvements. The November preview resolves an explorer.exe and taskbar hang triggered by certain notifications, corrects File Explorer search issues affecting some SMB shares, and addresses an LSASS access-violation instability. Install via Settings → Windows Update or download from the Microsoft Update Catalog; this update advances 25H2 and 24H2 builds to 26200.7309 and 26100.7309 respectively.
read more →

Microsoft: New Outlook Fails to Open Some Excel Attachments

🔧 Microsoft is addressing a bug that prevents some users from opening Excel email attachments in the new Outlook client when filenames contain non‑ASCII characters. The company says the root cause is a missing encoding in the file‑open requests and that a fix has been developed and deployed for validation. While the rollout is still in progress, affected users are advised to use Outlook on the web or download the file to open it locally as a temporary workaround.
read more →

Windows updates hide password icon on lock screen issue

🔒 Microsoft warned that updates to Windows 11 released since August may make the password sign‑in icon invisible on the lock screen for systems with multiple sign‑in options. The button remains functional — hovering over the blank space reveals the password control. The issue is tied to the non‑security preview KB5064081 and later releases on 24H2/25H2. Microsoft has provided no timeline for a fix and offers no workaround beyond the hover action.
read more →

Microsoft Teams guest access can bypass Defender protections

⚠️ Researchers warn a cross-tenant blind spot in Microsoft Teams can allow attackers to sidestep Microsoft Defender for Office 365 when users accept guest access in another tenant. Protections follow the hosting tenant, not the user's home organization, enabling attackers to create protection-free malicious tenants using low-tier licenses. Organizations should restrict B2B invitations, enable cross-tenant access controls, and train users to reject unsolicited guest invites.
read more →

Microsoft to Block Unauthorized Scripts in Entra ID

🔒 Microsoft will update its Content Security Policy to block unauthorized script injection during browser-based Entra ID sign-ins at login.microsoftonline.com. The policy will permit script downloads only from Microsoft-trusted CDN domains and allow inline execution solely from trusted Microsoft sources. Rolled out globally in mid-to-late October 2026 under the Secure Future Initiative, the change excludes Microsoft Entra External ID. Organizations should test sign-in flows and avoid browser extensions or tools that inject code to prevent authentication friction.
read more →

ToddyCat toolkit pivots to Outlook and Microsoft tokens

🔒 Kaspersky researchers report that ToddyCat updated its toolkit in late 2024 and early 2025 to target Outlook email data and Microsoft 365 access via OAuth 2.0 tokens. Previously known for compromising internet-facing Microsoft Exchange servers, the group now uses a C++ utility, TCSectorCopy, to copy OST files and parses them with XstReader to read full email archives. When browser-based token extraction was blocked, attackers deployed ProcDump to dump tokens from Outlook memory. Kaspersky released IOCs and technical details to support detection and response.
read more →

Microsoft Teams guest chat exposes cross-tenant blind spot

🔒 Security researchers warn that a cross-tenant collaboration design in Microsoft Teams can cause a user's Defender for Office 365 protections to be dropped when they accept a guest invitation and join another tenant. The default-enabled feature MC1182004 (chat with any email) lowers the bar for attackers to spin up hostile tenants and deliver links or files that bypass URL scanning, Safe Links, file sandboxing and zero-hour auto purge. Administrators are advised to treat guest access as a trust boundary: restrict B2B invites to vetted domains, enforce Entra ID cross-tenant policies, and disable the 'chat with Anyone' capability where appropriate.
read more →

Hardening Microsoft Exchange SE for 2026 and Beyond

🔒 The article by Stan Kaminsky summarizes practical hardening steps for on-premises Microsoft Exchange, emphasizing that Exchange Server Subscription Edition (Exchange SE) will be the only supported on-premises option in 2026 following the end of support for Exchange Server 2019. It outlines common attacker techniques — from password spraying and web shells to mail-flow rule abuse — and highlights immediate actions like migrating to Exchange SE or obtaining Extended Security Updates, applying regular Cumulative Updates, and enabling the Emergency Mitigation service. Recommendations also cover baseline configuration, EDR/EPP deployment, modern authentication, Kerberos adoption, TLS and HSTS, administrative access controls, PowerShell stream signing and protections for forged mail headers.
read more →

Microsoft: FIDO2 Security Keys May Require PIN on Windows

🔒 Microsoft warned that FIDO2 security keys may prompt users to create or enter a PIN after Windows updates beginning with the September 29, 2025 KB5065789 preview. This behavior affects devices running Windows 11 24H2 or 25H2 when a Relying Party or identity provider requests User Verification set to preferred. Microsoft says the change is intentional to align with the WebAuthn specification, which requires PIN setup when authenticators support user verification. Organizations that want to avoid PIN prompts can set user verification to discouraged in their WebAuthn settings.
read more →

Microsoft hardens Entra ID sign-ins against script injection

🔒 Microsoft will strengthen the Entra ID browser sign-in experience starting mid-to-late October 2026 by enforcing a stricter Content Security Policy that permits scripts only from Microsoft-trusted CDN domains and approved inline sources. The change applies to sign-ins at login.microsoftonline.com; Microsoft Entra External ID is not affected. Administrators should test sign-in flows, remove code-injecting extensions and review developer-console violations to identify and address dependencies before the rollout.
read more →

ToddyCat APT Targets Outlook Archives and M365 Tokens

🔒 Kaspersky Labs reports that the ToddyCat APT refined its toolkit in late 2024 and early 2025 to harvest Outlook offline archives and Microsoft 365 OAuth tokens in addition to browser credentials. New PowerShell and C++ components — notably TomBerBill and TCSectorCopy — copy browser artifacts and sector‑level OST files while attackers also attempt in‑memory token grabs from Outlook processes to maintain persistent access.
read more →

Exchange Online outage prevents classic Outlook access

⚠️ Microsoft is investigating an Exchange Online outage (incident EX1189820) preventing customers from accessing mailboxes via the classic Outlook desktop client, with reports of server connection and login failures. The company says impact is specific to users in Asia Pacific and North America and has classified the event as an incident in the admin center. As a workaround, affected users are advised to use Outlook on the Web while Microsoft analyzes the issue.
read more →

Microsoft adds Teams call handler to speed Windows client

⚡Microsoft will introduce a new Teams call handler, ms-teams_modulehost.exe, that runs as a child process to manage the calling stack separately from the main ms-teams.exe application, improving startup times and in-meeting performance. The change is transparent to end users and requires no retraining. Administrators should allowlist the new process in security and endpoint protection systems and notify helpdesk staff to avoid false positives during the rollout.
read more →

Claude Opus 4.5 Brings Agentic AI to Microsoft Foundry

🚀 Claude Opus 4.5 is now available in public preview in Microsoft Foundry, aiming to shift models from assistants to agentic collaborators that execute multi-tool workflows and support complex engineering tasks. Anthropic and Microsoft highlight Opus 4.5’s strengthened coding, vision, and reasoning capabilities alongside improved safety and prompt-injection robustness. Foundry adds developer features like Programmatic Tool Calling, Tool Search, Effort Parameter (Beta), and Compaction Control to help teams build deterministic, long-running agents while keeping centralized governance and observability.
read more →

Microsoft Tests File Explorer Preloading for Speed

⚡ Microsoft is testing an optional background preload for File Explorer on Windows 11 to reduce launch times and improve responsiveness. When enabled, the app loads automatically with no visible UI change; users can disable it by unchecking "Enable window preloading for faster launch times" in File Explorer's Folder Options under the View tab. The feature is rolling out to Windows Insiders on 25H2 in the Dev and Beta channels with preview build 26220.7271 (KB5070307). Microsoft also reorganized File Explorer's context menu into grouped flyouts to reduce clutter and has requested feedback via the Feedback Hub.
read more →

Microsoft to Remove WINS Support After Windows Server 2025

⚠️ Microsoft announced that WINS support will be removed from Windows Server releases after Windows Server 2025, with standard support for that final LTSC build continuing through November 2034. The legacy NetBIOS name registration and resolution service was deprecated in Windows Server 2022. Microsoft said WINS components, management snap-ins and automation APIs will be removed, and urged administrators to audit dependencies and migrate to DNS-based solutions to avoid disruptions.
read more →

Windows 11 24H2 Bug Crashes Explorer and Start Menu

⚠️ Microsoft confirmed a Windows 11, version 24H2 bug in cumulative updates released since July 2025 that causes XAML dependency packages not to register in time, leading Explorer, StartMenuExperienceHost, ShellHost.exe and other shell components to crash or fail to initialize. Microsoft provided three PowerShell Add-AppxPackage commands as a temporary workaround and says a restart is required after running them. Organizations using non-persistent VDI should run a logon script to provision the packages before Explorer launches; a permanent fix is in development with no timeline.
read more →