< ciso
brief />
Tag Banner

All news with #microsoft tag

835 articles · page 36 of 42

Microsoft and Oracle Expand Oracle Database@Azure Reach

🚀 Microsoft and Oracle have expanded Oracle Database@Azure with broader regional coverage and support for Oracle Database 19c and 23ai, plus full support for Base Database, Exadata (Dedicated and Exascale), and Autonomous Database. The update introduces continuous zero-ETL mirroring into OneLake via Oracle GoldenGate and native integrations with Microsoft Fabric, enabling real-time analytics with Copilot Studio, Azure AI Foundry, and Power BI. Security and operational management are strengthened through Microsoft Defender, Microsoft Sentinel, Entra ID, and Azure Arc, while Azure Accelerate for Oracle and marketplace programs streamline migrations and partner engagement.
read more →

Windows 11 KB5066835 and KB5066793 October 2025 Updates

🔒 Microsoft has released cumulative updates KB5066835 and KB5066793 for Windows 11 versions 25H2/24H2 and 23H2 as part of the October 2025 Patch Tuesday. These mandatory updates move systems to Build 26200.6899 (25H2/24H2) and 226x1.6050 (23H2) and address recent security vulnerabilities plus several functional issues. Notable fixes include a Chromium print preview hang, PowerShell Remoting timeouts, Windows Hello USB IR camera setup failures, and a gaming sign-in input bug. The update also removes the ltmdm64.sys modem driver and rolls out new AI, accessibility, and File Explorer features gradually.
read more →

Microsoft launches ExCyTIn-Bench to benchmark AI security

🛡️ Microsoft released ExCyTIn-Bench, an open-source benchmarking tool to evaluate how well AI systems perform realistic cybersecurity investigations. It simulates a multistage Azure SOC using 57 Microsoft Sentinel log tables and measures multistep reasoning, tool usage, and evidence synthesis. The benchmark offers fine-grained, actionable metrics for CISOs, product owners, and researchers.
read more →

Microsoft: Windows 10 Reaches End of Support Oct 14, 2025

⚠️ Microsoft says Windows 10 reached end of support on October 14, 2025, and will no longer receive feature or security updates. Machines will continue to run but will be at greater risk of viruses and malware without patches. Microsoft advises customers to upgrade to Windows 11, migrate to Windows 365 in the cloud, enroll in Extended Security Updates (ESU), or use LTSC editions for specialized devices. ESU pricing and limited free enrollment options for home and EEA users are noted.
read more →

October 2025 Patch Tuesday: 172 CVEs, 3 Zero-Days, 8 Critical

🔒 Microsoft’s October 2025 Patch Tuesday addresses 172 vulnerabilities, including two publicly disclosed issues, three zero‑day flaws and eight Critical CVEs. The bulk of fixes target Windows (134 patches), Microsoft Office (18) and Azure (6), with elevation-of-privilege and remote code execution as the primary risks. Windows 10 reaches end of life on October 14, 2025; hosts must be on 22H2 to receive Extended Security Updates. CrowdStrike recommends prioritizing patches for actively exploited zero‑days and using Falcon Exposure Management dashboards to track and remediate affected systems.
read more →

Microsoft Advances Open Standards for Frontier AI Scale

🔧 Microsoft details OCP contributions to accelerate open-source infrastructure for frontier-scale AI, focusing on power, cooling, networking, security, and sustainability. It highlights innovations such as solid-state transformers, a power-stabilization paper with OpenAI and NVIDIA, and a next-generation HXU for liquid cooling. Networking efforts include ESUN and scale-up Ethernet workstreams, while security contributions introduce Caliptra 2.1, Adams Bridge 2.0, and L.O.C.K. The post also advances fleet lifecycle management, carbon accounting, and waste-heat reuse for globally deployable AI datacenters.
read more →

Microsoft restricts IE mode in Edge after zero-day attacks

🔒 Microsoft is restricting access to Internet Explorer mode in Edge after discovering attackers leveraged an unpatched zero-day in the Chakra JavaScript engine combined with social engineering to achieve remote code execution and privilege escalation. The company removed quick UI triggers (toolbar button, context menu, hamburger items) so IE mode now requires explicit configuration under Settings > Default Browser. Commercial, policy-managed deployments remain unaffected.
read more →

Amazon RDS Adds Latest CU and GDR Updates for SQL Server

🛡️Amazon Relational Database Service (Amazon RDS) now supports the latest General Distribution Release (GDR) and Cumulative Update packages for Microsoft SQL Server, including SQL Server 2016 SP3+GDR (KB5065226), 2017 CU31+GDR (KB5065225), 2019 CU32+GDR (KB5065222) and 2022 CU21 (KB5065865). These updates address multiple security vulnerabilities tracked as CVE-2025-47997, CVE-2025-55227 and CVE-2024-21907. AWS recommends that customers upgrade their RDS SQL Server instances using the Amazon RDS Management Console, AWS SDKs or the AWS CLI and follow the RDS SQL Server upgrade guidance.
read more →

Building a Lasting Security Culture at Microsoft Initiative

🔐 Microsoft frames security culture as a company-wide movement driven by people and operationalized through the Secure Future Initiative (SFI). The company overhauled employee education—launching the Microsoft Security Academy, refreshing the Security Foundations series, and requiring three annual sessions (90 minutes total)—to address AI-enabled attacks, deepfakes, and identity threats. Leadership mandates, linked compensation, measurable training outcomes (99% completion; rising satisfaction and relevancy scores), new identity and AI guides, Deputy CISOs in engineering, and embedded DevSecOps are highlighted as evidence of measurable cultural change.
read more →

Microsoft Investigates Microsoft 365 Access Outage

⚠️ Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications. The issue has been tagged as an incident in the admin center while Redmond reviews telemetry and recent service changes to identify the root cause. Microsoft first acknowledged the problem at 05:06 AM UTC and said it continued analysis nearly four hours later to develop a fix. Impact appears limited to users served by the affected infrastructure.
read more →

Windows 11 Media Creation Tool Fails on Windows 10

⚠️ Microsoft says the Windows 11 Media Creation Tool (MCT) version 26100.6584 released on September 29, 2025, may close unexpectedly on Windows 10 22H2 devices without showing an error. The company is working on a fix and recommends downloading a Disk Image (ISO) for x64 systems as a temporary workaround. Microsoft also notes the MCT is not supported on Windows 10 ARM64 machines, following earlier ARM64 compatibility problems after the Windows 11 25H2 rollout.
read more →

Microsoft Restricts Edge IE Mode After Active Exploits

🔒 Microsoft has tightened access to Internet Explorer mode in Edge after credible reports in August 2025 that unknown actors abused the legacy compatibility feature to compromise devices. Attackers used social engineering to coerce users into reloading pages in IE mode and then chained unpatched Chakra JavaScript engine exploits to gain remote code execution and elevate privileges. Microsoft removed the IE mode toolbar button, context-menu and hamburger-menu entries; IE mode must now be enabled explicitly via Edge settings and sites must be added to an IE mode pages list.
read more →

Windows 11 23H2 Home and Pro reach end of support soon

⚠ Microsoft warned that devices running Windows 11 23H2 Home and Pro editions will stop receiving security updates after November 11, 2025. The November 2025 monthly security update will be the final update for those editions. Users should upgrade to Windows 11 24H2 or later to remain protected; note that some PCs may be prevented from upgrading by a safeguard for SenseShield code-obfuscation drivers.
read more →

Microsoft: 'Payroll Pirates' Hijack HR SaaS Accounts

🔒 Microsoft warns that a financially motivated group tracked as Storm-2657 is hijacking employee accounts to redirect payroll by altering profiles in third-party HR SaaS platforms such as Workday. Attacks rely on AitM phishing, MFA gaps and SSO abuse rather than software vulnerabilities. Observed tactics include creating inbox rules to delete warning notifications and enrolling attacker-controlled phone numbers for persistent access. Microsoft reported compromises at multiple U.S. universities and recommends phishing-resistant, passwordless MFA such as FIDO2 keys, and reviews of MFA devices and mailbox rules to detect takeover.
read more →

Microsoft Releases Enterprise Windows Backup for Orgs

🔒 Microsoft has made Windows Backup for Organizations generally available, offering an enterprise-grade, opt-in solution to preserve Windows settings, user preferences, and Microsoft Store-installed apps. The capability is available after installing the September 2025 Windows Monthly Cumulative Update on Entra-joined devices and must be enabled by administrators through Intune or backup and restore policy settings. Backups are stored in Exchange Online in the tenant's selected Country/Region, are protected by encryption, and are accessible to Microsoft personnel only under strict oversight for troubleshooting or legal compliance, helping streamline migrations to Windows 11 during device setup.
read more →

ThreatsDay: Teams Abuse, MFA Hijack, $2B Crypto Heist

🛡️ Microsoft and researchers report threat actors abusing Microsoft Teams for extortion, social engineering, and financial theft after hijacking MFA with social engineering resets. Separate campaigns use malicious .LNK files to deliver PowerShell droppers and DLL implants that establish persistent command-and-control. Analysts also link over $2 billion in 2025 crypto thefts to North Korean‑linked groups and identify AI-driven disinformation, IoT flaws, and cloud misconfigurations as multiplying risk. Defenders are urged to harden identity, secure endpoints and apps, patch exposed services, and limit long-lived cloud credentials.
read more →

Microsoft 365 Outage Disrupts Teams, Exchange, and MFA

⚠️ Microsoft is addressing an ongoing outage that is preventing users from accessing Microsoft 365 services, including Teams, Exchange Online, and the Microsoft 365 admin center. The incident is being tracked on the Service Health Dashboard and Microsoft is publishing updates on its Service Health Status page. The outage is also affecting Microsoft Entra single sign-on and Multi-Factor Authentication, with some users unable to receive MFA prompts or authenticate.
read more →

Microsoft Enables Default Auto-Archiving in Exchange Online

📥 Microsoft is enabling threshold-based auto-archiving by default for Exchange Online, moving the oldest items to users' archive mailboxes when primary mailbox usage approaches 90%, provided an archive is provisioned and has available space. The Managed Folder Assistant will continuously monitor mailbox sizes and archive until usage drops below the threshold. Rollout begins this month for public clouds and is scheduled for government clouds in November; users can tag items with the Never Move to Archive flag to prevent them from being archived. The change complements recent Defender for Office 365 updates that detect email bombing attacks.
read more →

Disrupting Threats Targeting Microsoft Teams Environments

🛡️ Microsoft Threat Intelligence details how adversaries exploit Microsoft Teams collaboration capabilities—chat, calls, meetings, and screen sharing—at multiple stages of the attack chain. The post chronicles 2024–2025 campaigns and toolsets (phishing, malvertising, deepfakes, device code phishing, and red‑team tool reuse) that enable initial access, persistence, and exfiltration. It emphasizes layered defenses across identity, endpoints, apps, data, and network controls, and provides detection guidance, hunting queries, and product-specific recommendations to help defenders disrupt these operations.
read more →

Microsoft SFI Patterns and Practices: New Security Guides

🔐 Microsoft published a second installment of the Secure Future Initiative (SFI) patterns and practices, delivering six practical, practitioner-built guides that address network isolation, tenant hardening, Entra ID app security, Zero Trust for source code access, software supply chain protection, and centralized log collection. Each article outlines the problem, Microsoft’s internal solution, actionable customer guidance, and trade-offs to help teams apply scalable controls across complex, multi-cloud environments.
read more →