All news with #microsoft tag

Ten Years of Microsoft and Red Hat: Open Innovation

🚀 Over the past decade Microsoft and Red Hat have built a strategic partnership centered on open source and enterprise cloud innovation. Together they delivered offerings such as Red Hat Enterprise Linux on Azure and Azure Red Hat OpenShift, combining managed services, integrated support, and Marketplace availability. At Ignite 2025 the collaboration brought GA of OpenShift Virtualization and Confidential Containers, enabling VMs and hardware-isolated containers to run side-by-side for modernization and secure workloads.

Malicious Chrome and Edge Extensions Threaten Enterprises

🔍 Koi Security revealed a long-running surveillance campaign by an actor it calls 'ShadyPanda' that abused legitimate-seeming Chrome and Edge extensions to harvest browsing data, hijack search results, and deploy a backdoor enabling remote code execution. The group built trust by publishing useful extensions (including Clean Master) and then silently pushed malicious updates that bypassed marketplace re-approval. With an estimated 4.3 million infected browser instances, enterprises should treat browser extensions as high-risk assets and urgently audit and remediate add-ons on corporate and employee devices.

ShadyPanda Browser Extension Campaign Hits 4.3M Users

🛡️ A seven-year browser extension campaign attributed to the actor known as ShadyPanda has infected 4.3 million Chrome and Edge users by operating legitimately for years and then pushing malicious updates. A Koi Security report describes a remote code execution backdoor that affected roughly 300,000 users across five extensions, including Clean Master, and a parallel spyware push via Edge extensions such as WeTab. Malicious updates enabled hourly downloads of arbitrary JavaScript, extensive logging of site visits, exfiltration of encrypted browsing histories, and comprehensive browser fingerprinting.

Amazon RDS for SQL Server: Optimize CPU on M7i/R7i

🔧Amazon RDS for SQL Server introduces an Optimize CPU option with support for M7i and R7i instance families, lowering prices by up to 55% compared with equivalent sixth‑generation instances. Optimize CPU disables SMT on instances with two or more physical CPU cores to halve vCPU counts and associated third‑party licensing charges while preserving the same number of physical cores and near‑equivalent performance. The biggest savings appear on 2Xlarge and larger sizes and on Multi‑AZ deployments; memory‑ or I/O‑intensive workloads can be further tuned to reduce costs.

Amazon RDS for SQL Server Adds Developer Edition Support

🆕 Amazon RDS for SQL Server now supports SQL Server 2022 Developer Edition, enabling teams to run a feature-complete, free edition of SQL Server in non-production RDS instances. The Developer Edition includes all Enterprise features for building, testing, and demonstrating applications while reducing licensing costs for development and test environments. Core RDS capabilities — automated backups, automated software updates, monitoring, and encryption — are supported on Developer Edition. The license is strictly limited to development and testing and may not be used in production or for commercial end-user scenarios.

KB5070311 Causes Explorer to Flash White in Dark Mode

⚠️ Microsoft confirmed that the KB5070311 preview update can cause a brief bright white flash when launching File Explorer in dark mode on Windows 11 systems. The behavior is also triggered when navigating to or from Home or Gallery, creating a new tab, toggling the Details pane, or selecting 'More details' while copying files. Microsoft says it is working on a solution but has not provided a timeline; affected users are advised to disable dark mode as a temporary workaround.

Startup Frenetik Launches Patented Deception Technology

🔐 Frenetik, a Maryland cybersecurity startup, emerged from stealth with a patented approach called Deception In-Use that continuously rotates real identities and resources across Microsoft Entra (M365), AWS, Google Cloud and on-prem environments. By routing critical change details through out-of-band channels accessible only to trusted parties, defenders retain accurate visibility while attackers operate on stale intelligence and are more likely to be funneled into decoys and honeypots.

Windows 11 KB5070311 Preview Fixes Explorer Freezes

🔧 Microsoft has published the optional KB5070311 preview cumulative update for Windows 11, delivering 49 non-security fixes and quality improvements. The November preview resolves an explorer.exe and taskbar hang triggered by certain notifications, corrects File Explorer search issues affecting some SMB shares, and addresses an LSASS access-violation instability. Install via Settings → Windows Update or download from the Microsoft Update Catalog; this update advances 25H2 and 24H2 builds to 26200.7309 and 26100.7309 respectively.

Microsoft: New Outlook Fails to Open Some Excel Attachments

🔧 Microsoft is addressing a bug that prevents some users from opening Excel email attachments in the new Outlook client when filenames contain non‑ASCII characters. The company says the root cause is a missing encoding in the file‑open requests and that a fix has been developed and deployed for validation. While the rollout is still in progress, affected users are advised to use Outlook on the web or download the file to open it locally as a temporary workaround.

NETSCOUT Omnis Wins Overall Network Security Award

🔍 NETSCOUT’s Omnis Cyber Intelligence was named “Overall Network Security Solution of the Year” in the ninth annual CyberSecurity Breakthrough Awards. The platform delivers always-on, packet-based visibility using scalable deep packet inspection to continuously capture, analyze, and retain high-fidelity network metadata. Its on-sensor storage minimizes data movement and helps address compliance and sovereignty requirements while providing the historical context analysts need to investigate threats across cloud and on-premises environments.

Microsoft sets 2034 deadline to retire WINS support

⚠️ Microsoft has announced that WINS will be unsupported after the lifecycle of Windows Server 2025 on the LTSC channel, creating an effective sunset in 2034. The deprecated NetBIOS-era name service, long superseded by DNS, remains in place in many environments, especially industrial and OT systems. Administrators are urged to inventory dependencies, plan migrations to DNS, or isolate legacy workloads to reduce security and operational risk.

Sha1-Hulud NPM Worm Returns, Broad Supply‑Chain Risk

🔐 A new wave of the self‑replicating npm worm, dubbed Sha1‑Hulud: The Second Coming, impacted over 800 packages and 27,000 GitHub repositories, targeting API keys, cloud credentials, and repo authentication data. The campaign backdoored packages, republished malicious installs, and created GitHub Actions workflows for command‑and‑control while dynamically installing Bun to evade Node.js defenses. GitGuardian reported hundreds of thousands of exposed secrets; PyPI was not affected.

AWS Transform Expands .NET Modernization and Developer UX

🔧 AWS Transform is now generally available with expanded .NET modernization features that let customers convert .NET Framework and .NET code to .NET 10 or .NET Standard. New capabilities include automated UI porting from ASP.NET Web Forms to Blazor on ASP.NET Core and Entity Framework ORM porting. An enhanced IDE workflow via the AWS Toolkit for Visual Studio 2026 or 2022 provides an editable transformation plan, real‑time progress, repeatable iterations, detailed logs, and a Next Steps markdown for AI code companions.

AWS launches preview of Interconnect - multicloud service

🔗 AWS has opened a preview of AWS Interconnect - multicloud, a new service to create private, resilient, high-speed links between Amazon VPCs and other cloud providers. The preview launches with Google Cloud as the initial partner and a planned expansion to Microsoft Azure in 2026. It integrates with AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC, and is available in five AWS Regions via the AWS Management Console. CSPs can adopt the capability through a published open API package on GitHub.

Windows updates hide password icon on lock screen issue

🔒 Microsoft warned that updates to Windows 11 released since August may make the password sign‑in icon invisible on the lock screen for systems with multiple sign‑in options. The button remains functional — hovering over the blank space reveals the password control. The issue is tied to the non‑security preview KB5064081 and later releases on 24H2/25H2. Microsoft has provided no timeline for a fix and offers no workaround beyond the hover action.

Microsoft Teams guest access can bypass Defender protections

⚠️ Researchers warn a cross-tenant blind spot in Microsoft Teams can allow attackers to sidestep Microsoft Defender for Office 365 when users accept guest access in another tenant. Protections follow the hosting tenant, not the user's home organization, enabling attackers to create protection-free malicious tenants using low-tier licenses. Organizations should restrict B2B invitations, enable cross-tenant access controls, and train users to reject unsolicited guest invites.

Microsoft to Block Unauthorized Scripts in Entra ID

🔒 Microsoft will update its Content Security Policy to block unauthorized script injection during browser-based Entra ID sign-ins at login.microsoftonline.com. The policy will permit script downloads only from Microsoft-trusted CDN domains and allow inline execution solely from trusted Microsoft sources. Rolled out globally in mid-to-late October 2026 under the Secure Future Initiative, the change excludes Microsoft Entra External ID. Organizations should test sign-in flows and avoid browser extensions or tools that inject code to prevent authentication friction.

ToddyCat toolkit pivots to Outlook and Microsoft tokens

🔒 Kaspersky researchers report that ToddyCat updated its toolkit in late 2024 and early 2025 to target Outlook email data and Microsoft 365 access via OAuth 2.0 tokens. Previously known for compromising internet-facing Microsoft Exchange servers, the group now uses a C++ utility, TCSectorCopy, to copy OST files and parses them with XstReader to read full email archives. When browser-based token extraction was blocked, attackers deployed ProcDump to dump tokens from Outlook memory. Kaspersky released IOCs and technical details to support detection and response.

Microsoft Teams guest chat exposes cross-tenant blind spot

🔒 Security researchers warn that a cross-tenant collaboration design in Microsoft Teams can cause a user's Defender for Office 365 protections to be dropped when they accept a guest invitation and join another tenant. The default-enabled feature MC1182004 (chat with any email) lowers the bar for attackers to spin up hostile tenants and deliver links or files that bypass URL scanning, Safe Links, file sandboxing and zero-hour auto purge. Administrators are advised to treat guest access as a trust boundary: restrict B2B invites to vetted domains, enforce Entra ID cross-tenant policies, and disable the 'chat with Anyone' capability where appropriate.

Hidden URL-fragment prompts can hijack AI browsers

⚠️ Researchers demonstrated a client-side prompt injection called HashJack that hides malicious instructions in URL fragments after the '#' symbol. AI-powered browsers and assistants — including Comet, Copilot for Edge, and Gemini for Chrome — read these fragments for context, allowing attackers to weaponize legitimate sites for phishing, data exfiltration, credential theft, or malware distribution. Because fragment data never reaches servers, network defenses and server logs may not detect this technique.