< ciso
brief />
Tag Banner

All news with #microsoft tag

835 articles · page 35 of 42

ASP.NET Core Kestrel Flaw Earns 9.9 Severity Score Now

⚠️Microsoft patched a critical ASP.NET Core vulnerability in the built‑in Kestrel web server and assigned it a CVSS score of 9.9, the highest rating the vendor has ever issued. Tracked as CVE-2025-55315, the flaw enables authenticated attackers to use HTTP request smuggling to bypass security checks and could allow actions such as logging in as another user, bypassing CSRF protections, or performing injection attacks. Microsoft advises updating affected runtimes or rebuilding and redeploying self‑contained apps, while noting that reverse proxies or gateways may already mitigate exposure.
read more →

Microsoft Revokes 200+ Fraudulent Code-Signing Certificates

🔒 Microsoft disclosed it revoked more than 200 certificates after a threat actor tracked as Vanilla Tempest used them to fraudulently sign malicious binaries, including fake Microsoft Teams installers that delivered the Oyster backdoor and led to Rhysida ransomware deployments. The activity was detected in late September 2025 and disrupted earlier this month, and Microsoft has updated security solutions to flag the associated signatures. The actor abused SEO poisoning and bogus download domains impersonating Teams to distribute trojanized installers. Users are advised to download software only from verified sources and to avoid suspicious links or ads.
read more →

Windows 11 updates break localhost HTTP/2 (127.0.0.1)

⚠️ Microsoft’s October Windows 11 updates (notably KB5066835 and the September preview KB5065789) have disrupted HTTP/2 connections to localhost (127.0.0.1), preventing local services and developer tools from completing requests. Users report errors such as "ERR_CONNECTION_RESET" and "ERR_HTTP2_PROTOCOL_ERROR" when applications attempt to connect to the loopback interface. Affected software includes Visual Studio debugging, SSMS Entra ID authentication, and Duo Desktop; community workarounds include disabling HTTP/2 via Registry entries or uninstalling the problematic updates.
read more →

Microsoft Named Leader in 2025 Gartner SIEM Magic Quadrant

🔒 Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant for Security Information and Event Management (SIEM). The announcement highlights Microsoft Sentinel as a cloud- and AI-powered SIEM that centralizes security data via a purpose-built data lake and supports agentic AI through the Model Context Protocol (MCP) server. The platform emphasizes cost optimization, SOC automation, and integrated SOAR, UEBA, and threat intelligence to accelerate detection and response.
read more →

Microsoft Disrupts Rhysida Ransomware Targeting Teams

🔒 Microsoft disrupted a campaign by the financially motivated group Vanilla Tempest (also tracked as VICE SPIDER/Vice Society) after revoking over 200 code signing certificates used to sign malicious Microsoft Teams installers. The attackers used malvertising and SEO-poisoned domains mimicking Teams to distribute fake MSTeamsSetup.exe files that deployed the Oyster backdoor. The intervention curtailed a wave of Rhysida ransomware launches.
read more →

Microsoft: Office 2016 and 2019 Reach End of Support

⚠️ Microsoft has reminded customers that Office 2016 and Office 2019 reached the end of extended support on October 14, 2025. These releases will continue to operate but will no longer receive security updates, bug fixes, or technical support, increasing exposure to threats and compliance issues. Microsoft recommends migrating to Microsoft 365 Apps or newer perpetual releases such as Office 2024 or Office LTSC 2024, and notes that Visio, Project, and Skype for Business 2016/2019 are also out of support.
read more →

Microsoft Digital Defense Report 2025: Threat Trends

🔒 Microsoft's 2025 Digital Defense Report finds that most attacks aim to steal data for profit, with extortion and ransomware responsible for over 52% of incidents while espionage accounts for only about 4%. Covering July 2024–June 2025, the report highlights rising use of AI, automation, and off‑the‑shelf tools that enable scalable phishing, malware, and identity theft. Microsoft urges adoption of phishing‑resistant MFA, AI‑driven defenses, and strengthened cross‑sector collaboration to protect critical public services and build resilience.
read more →

Microsoft: 100 Trillion Signals Daily as AI Fuels Risk

🛡️ The Microsoft Digital Defense Report 2025 reveals Microsoft systems analyze more than 100 trillion security signals every day and warns that AI now underpins both defense and attack. The report describes adversaries using generative AI to automate phishing, scale social engineering and discover vulnerabilities faster, while autonomous malware adapts tactics in real time. Identity compromise is the leading vector—phishing and social engineering caused 28% of breaches—and although MFA blocks over 99% of unauthorized access attempts, adoption remains uneven. Microsoft urges board-level attention, phishing-resistant MFA, cloud workload mapping and monitoring, intelligence sharing and immediate AI and quantum risk planning.
read more →

Microsoft Adds Copilot Actions for Agentic Windows Tasks

⚙️ Microsoft is introducing Copilot Actions, a Windows 11 Copilot feature that allows AI agents to operate on local files and applications by clicking, typing, scrolling and using vision and advanced reasoning to complete multi-step tasks. The capability will roll out to Windows Insiders in Copilot Labs, extending earlier web-based actions introduced in May. Agents run in isolated Agent Workspaces tied to standard Windows accounts, are cryptographically signed, and the feature is off by default.
read more →

Microsoft adds Hey Copilot wake word to Windows 11 PCs

🤖 Microsoft has added the "Hey Copilot" wake word to Windows 11, letting users initiate conversations with the AI-powered Copilot assistant hands-free. The feature is opt-in and must be enabled in the Copilot app's Settings under Voice mode; when active a chime sounds and a microphone icon appears above the taskbar. Wake word detection uses an on-device 10-second audio buffer stored locally and never recorded, while request processing requires internet access. Copilot Vision can analyze screen content for troubleshooting and guidance, and optional connectors let Copilot generate Office documents and access third-party accounts.
read more →

Microsoft Tops Brand Phishing Impersonations in Q3 2025

🔍 Cyber criminals continue to favor familiar brands, with Microsoft used in 40% of all brand impersonation attempts in Q3 2025, according to Check Point Research’s Brand Phishing Report. Google represented 9% and Apple 6%, and together these tech giants comprised more than half of brand-related phishing activity. The findings highlight persistent targeting of the technology sector and underscore the need for stronger defenses and user awareness.
read more →

Hardening Customer Support Tools to Prevent Lateral Attacks

🔐 Microsoft Deputy CISO Raji Dani outlines the importance of hardening customer support tools and identities to reduce the risk of lateral movement and data exposure. The post recommends dedicated, isolated support identities protected by Privileged Role MFA and strict device controls. It advocates case-based RBAC with just-in-time and just-enough access, minimizing service-to-service trust, and deploying robust telemetry to speed detection and response. These layered controls apply to in-house teams and third-party providers.
read more →

September 2025 Windows Server Updates Break AD Sync

⚠️ Microsoft confirmed that the September 2025 security updates are causing Active Directory synchronization problems on Windows Server 2025, affecting applications that use the DirSync control such as Microsoft Entra Connect Sync. The issue can result in incomplete synchronization of large AD security groups exceeding 10,000 members. Microsoft recommends a registry workaround (DWORD 2362988687 = 0) while engineers work on a fix, and warns about risks of editing the registry.
read more →

Microsoft October Patch Tuesday addresses 172 bugs

🔒 Microsoft’s October Patch Tuesday delivers updates for 172 vulnerabilities, including six classed as zero-days. Three of those zero-days are being actively exploited, affecting the Windows Remote Access Connection Manager (CVE-2025-59230), an Agere modem kernel driver, and a secure-boot bypass in IGEL OS (CVE-2025-47827). Microsoft has removed the legacy Agere driver rather than patch it, citing risks in modifying unsupported code. This release also marks the final free Patch Tuesday for Windows 10; continued updates will require the Extended Security Updates (ESU) program.
read more →

Microsoft Patches 183 Flaws; Two Windows Zero-Days

🔒 Microsoft released updates addressing 183 vulnerabilities across its products, including three flaws now known to be exploited in the wild. Two Windows zero-days — CVE-2025-24990 (Agere modem driver, ltmdm64.sys) and CVE-2025-59230 (RasMan) — can grant local elevation of privilege; Microsoft plans to remove the legacy Agere driver rather than patch it. A third exploited issue bypasses Secure Boot in IGEL OS (CVE-2025-47827). With Windows 10 support ending unless enrolled in ESU, organizations should prioritize these fixes; CISA has added the three to its KEV catalog and set a federal remediation deadline.
read more →

October 2025 Patch Tuesday: Critical WSUS and Modem Fixes

🔒 Microsoft’s October Patch Tuesday addresses 167 vulnerabilities, including seven rated critical that require immediate CISO attention. Notable fixes include a 9.8 RCE in Windows Server Update Service (WSUS) (CVE-2025-59287) and two Office RCEs exploitable via the Preview Pane. Two legacy Agere modem driver flaws include an in-the-wild zero day and a prior public disclosure, prompting Microsoft to remove ltmdm64.sys from Windows. Administrators should prioritize internet-facing services, kernel-mode drivers, and review WSUS exposure and patch management architecture.
read more →

Patch Tuesday Oct 2025: 172 Flaws, End of Windows 10

⚠️ Microsoft’s October 2025 updates close 172 security holes and include at least two actively exploited zero‑days. The company removed a decades-old Agere modem driver to mitigate CVE-2025-24990 and patched an elevation-of-privilege zero-day in RasMan (CVE-2025-59230). A critical unauthenticated RCE in WSUS (CVE-2025-59287) carries a 9.8 threat score and should be prioritized. This release also marks the end of security updates for Windows 10, prompting ESU enrollment or migration options.
read more →

Microsoft releases final Windows 10 Patch Tuesday update

🔔 Microsoft has issued the final cumulative update for Windows 10, KB5066791, as the OS reaches end of support on October 14, 2025. The mandatory update delivers Microsoft's October 2025 Patch Tuesday fixes, closing six zero-day vulnerabilities and addressing 172 additional flaws. After installation, Windows 10 22H2 and 21H2 are updated to builds 19045.6456 and 19044.6456; users can install via Windows Update or the Microsoft Update Catalog and may schedule restarts to complete the process.
read more →

Microsoft: Exchange Server 2016 and 2019 End of Support

⚠️ Microsoft notified administrators that Exchange Server 2016 and Exchange Server 2019 reached end of support on October 14, 2025, and will no longer receive security patches or time zone updates after the October 2025 security releases. The company strongly advises migrating to Exchange Online or upgrading to Exchange Server Subscription Edition (SE). In-place upgrades from Exchange 2019 to SE follow the same process as installing a Cumulative Update. Customers still on Exchange 2016 or 2013 should upgrade to SE or first move to Exchange 2019.
read more →

Microsoft October 2025 Patch Tuesday: 6 Zero-Days Fixed

🔒 Microsoft released its October 2025 Patch Tuesday, addressing 172 vulnerabilities including six zero‑day flaws and eight Critical issues. The updates include five remote code execution and three elevation‑of‑privilege critical bugs, along with numerous information disclosure, denial‑of‑service and security feature bypass fixes. Notable actions include the removal of an Agere modem driver and patches for exploited elevation‑of‑privilege and SMB/SQL Server issues. Windows 10 reaches end of support with this release; Extended Security Updates remain available for organizations and consumers.
read more →