All news with #microsoft tag

🔒 Microsoft 365 has become the central nervous system of modern business, and its market dominance has turned the platform into a lucrative target for attackers. With over 400 million paid seats and tightly integrated apps like Outlook, SharePoint, Teams and OneDrive, a single compromise can cascade across services. Organizations must close backup gaps, adopt zero trust, enforce MFA and deploy cross-application threat detection to reduce catastrophic exposure.

📝 Microsoft is adding free AI-powered text features to Notepad on Copilot+ PCs running Windows 11, rolling out now to Windows Insiders in the Canary and Dev channels on Notepad version 11.2508.28.0. The new Summarize, Write, and Rewrite tools were previously part of Microsoft 365 subscriptions but are available without an extra subscription on Copilot+ devices. Features support English only; subscribers can switch between local and cloud models while unsigned users use the local model. Users may disable the AI options in settings or uninstall the updated Notepad to use classic notepad.exe. Paint and Snipping Tool also received recent updates.

🛡️ Microsoft's Digital Crimes Unit has seized 338 domains to dismantle the Phishing‑as‑a‑Service platform RaccoonO365, which enabled low‑skilled actors to deploy convincing Microsoft login pages. The DCU reports the service compromised more than 5,000 accounts across 94 countries since July 2024 and could bypass MFA to maintain persistent access. Operators marketed AI enhancements to scale attacks and collected at least $100,000 in cryptocurrency, prompting legal action to disrupt the infrastructure and seize control of the platform.

🔔Microsoft reminded customers that Office 2016 and Office 2019 will reach the end of extended support on 14 October 2025. Organizations using Visio 2016/2019, Project 2016/2019, and related apps are urged to upgrade to avoid security, compliance, and performance issues because no further updates or fixes will be provided. Microsoft recommends migrating to Microsoft 365 Apps or selecting a perpetual release such as Office 2024 or Office LTSC 2024 depending on licensing and connectivity needs.

🔒 Microsoft and Cloudflare coordinated a disruption of the RaccoonO365 Phishing-as-a-Service operation in early September 2025, seizing 338 malicious websites and Cloudflare Worker accounts. The service is linked to at least 5,000 stolen Microsoft 365 credentials from 94 countries since July 2024 and was used in large campaigns, including a tax-themed sweep that targeted over 2,300 U.S. organizations. Kits bundled CAPTCHA and anti-bot evasion, were sold via a private Telegram channel, and investigators identified a suspected leader, prompting a criminal referral.

🔒 Microsoft and Cloudflare executed a coordinated takedown of RaccoonO365, a Nigerian-run phishing-as-a-service platform tracked by Microsoft as Storm-2246. The joint effort seized 338 domains and dismantled infrastructure that reportedly generated hundreds of millions of malicious messages and could bypass some MFA protections. Cloudflare removed intermediary Cloudflare Workers shields and deployed phish warning pages, while Microsoft pursued legal action and criminal referrals. The disruption exposed risks to healthcare providers and highlighted cross-border enforcement limits.

🛡️ Microsoft’s Digital Crimes Unit says it has dismantled the infrastructure behind RaccoonO365, seizing 338 malicious websites tied to the Storm-2246 phishing kit. The DCU, acting under a court order from the Southern District of New York, identified Nigeria-based operator Joshua Ogundipe and disrupted a Telegram-based subscription service with roughly 850 members. Microsoft says the service, launched July 2024, enabled the theft of thousands of Microsoft365 credentials, included tools to bypass MFA, and recently promoted an AI-powered feature to scale attacks.

🔒 Microsoft and Cloudflare coordinated a court-ordered disruption that seized 338 domains used by RaccoonO365, a phishing-as-a-service accused of harvesting over 5,000 Microsoft 365 credentials across 94 countries since July 2024. The takedown, executed between September 2–8, 2025, removed malicious Workers scripts, placed interstitial phish warnings, and suspended accounts to cut criminal access. RaccoonO365 was marketed by subscription and used legitimate services like Cloudflare Turnstile and Workers to harden phishing pages and evade detection.

🔒 Microsoft announced Purview innovations for Fabric at FabCon to unify discovery, protection, and governance across Azure, Microsoft 365, and Microsoft Fabric. New generally available controls include Information Protection policies for Fabric items, DLP for structured data in OneLake, and Insider Risk Management for Fabric. Preview features add DSPM data risk assessments and enhanced Copilot controls, while the Unified Catalog gains finer metadata, tagging, and data‑quality workflows to improve discoverability and trust.

📢 At FabCon Vienna, Microsoft unveiled a broad set of Microsoft Fabric enhancements to accelerate data-rich agents and enterprise adoption. Key updates include expanded OneLake shortcuts and mirroring (preview for Oracle and BigQuery), a preview Graph database and Maps for geospatial context, developer tooling (MCP, Extensibility Toolkit, CI/CD) and strengthened security controls like Azure Private Link and customer-managed keys. These features focus on zero-copy data access, governance, and operational scalability for mission-critical workloads.

🔒 Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft for its continued use of the RC4 encryption algorithm. The letter highlights a technique called Kerberoasting, which exploits Kerberos ticket encryption to extract service account credentials. The complaint raises concerns about lingering support for weak ciphers in enterprise authentication.

⚠️ Microsoft has warned that Exchange Server 2016 and Exchange Server 2019 will reach end of extended support on October 14, 2025. After that date Microsoft will stop providing technical support, including bug fixes, time zone updates, and security patches, which could increase exposure to vulnerabilities. Administrators are advised to migrate to Exchange Online or upgrade to Exchange Server Subscription Edition, with documented migration and upgrade paths available.

📥 Microsoft will automatically install the Microsoft 365 Copilot app on Windows devices that already have Microsoft 365 desktop apps beginning in early October, with rollout completing by mid-November 2025. The app will be placed in the Start menu and enabled by default, but administrators can opt out via the Apps Admin Center. Systems in the EEA are excluded, and Microsoft advises IT to notify helpdesk teams and users beforehand to reduce confusion and support requests.

🔧 Microsoft has removed a safeguard hold that blocked upgrades to Windows 11 24H2 on devices running Dirac audio enhancement software after reports that the component cridspapo.dll caused integrated speakers and Bluetooth audio devices to stop working. A new driver is available via Windows Update and Microsoft recommends installing the latest security update; restarting the device may speed the offering. The safeguard hold was lifted on September 11, 2025, but other upgrade blocks remain for unrelated driver and software incompatibilities.

⚠️Microsoft confirmed that the September 2025 Windows security updates can break connections to SMBv1 shares when NetBIOS over TCP/IP (NetBT) is used. The issue affects client releases (Windows 11 24H2/23H2/22H2, Windows 10 22H2/21H2) and server releases (Windows Server 2025, 2022) and may occur if either the SMB client or server has the update. As a temporary workaround, administrators are advised to allow SMB traffic on TCP port 445 so Windows can switch from NetBT to TCP. Microsoft is investigating and developing a fix.

⚠️ Microsoft reminded customers that Windows 10 will reach end of servicing on October 14, 2025, with the October monthly update being the last security release for affected versions. After that date, Microsoft will no longer provide bug fixes or technical assistance for security, stability, or usability issues. Customers are advised to upgrade eligible devices to Windows 11, migrate to Windows 365 in the cloud, enroll in Extended Security Updates (ESU), or consider LTSC/LTSC alternatives for specialized devices.

⚠️ Microsoft is investigating an ongoing Exchange Online outage across North America that is preventing users from accessing mailboxes via any Exchange Online connection method. Customers have reported issues for more than six hours on DownDetector, with sign-in and server connection failures affecting Teams, Outlook, and Hotmail. Microsoft says it is reviewing telemetry and applying changes to optimize affected mailbox infrastructure while the root cause is still under investigation.

🚨 U.S. Senator Ron Wyden requested that the FTC investigate Microsoft for what he describes as “gross cybersecurity negligence” after product weaknesses tied to Kerberos and legacy RC4 usage contributed to ransomware incidents, including the May 2024 Ascension Health breach that exposed data for 5.6 million patients. Wyden says his office alerted Microsoft in July 2024 and urged setting stronger ciphers like AES as defaults; he criticized an October Microsoft blog as too technical to warn corporate decision-makers. Microsoft replied that RC4 accounts for under 0.1% of traffic, that full removal risks breaking legacy systems, and that deprecation is on its roadmap.

🔔 Microsoft Teams will display warnings on private messages that contain URLs flagged as spam, phishing, or malware for customers using Microsoft Defender for Office 365 and enterprise Teams. The feature enters public preview for desktop, Android, web, and iOS in September 2025 and is slated for general availability in November 2025. Admins can enable the preview via the Teams Admin Center messaging settings; warnings will be enabled by default at GA and can be managed through the Teams Admin Center or PowerShell.

🛡️ US Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft following the 2024 ransomware attack on healthcare operator Ascension, which exposed data for 5.6 million patients after a contractor clicked a malicious Bing search result. Wyden says default Microsoft settings and support for the outdated RC4 standard enabled a Kerberoasting technique that granted administrative access. He notes Microsoft was warned in July 2024 and posted a blog in October announcing a planned update, but nearly a year later no update has been issued nor direct customer outreach made. The letter frames Microsoft’s control over default configurations as a systemic national security risk.