All news with #microsoft tag

Hardening Microsoft Exchange SE for 2026 and Beyond

🔒 The article by Stan Kaminsky summarizes practical hardening steps for on-premises Microsoft Exchange, emphasizing that Exchange Server Subscription Edition (Exchange SE) will be the only supported on-premises option in 2026 following the end of support for Exchange Server 2019. It outlines common attacker techniques — from password spraying and web shells to mail-flow rule abuse — and highlights immediate actions like migrating to Exchange SE or obtaining Extended Security Updates, applying regular Cumulative Updates, and enabling the Emergency Mitigation service. Recommendations also cover baseline configuration, EDR/EPP deployment, modern authentication, Kerberos adoption, TLS and HSTS, administrative access controls, PowerShell stream signing and protections for forged mail headers.

Microsoft: FIDO2 Security Keys May Require PIN on Windows

🔒 Microsoft warned that FIDO2 security keys may prompt users to create or enter a PIN after Windows updates beginning with the September 29, 2025 KB5065789 preview. This behavior affects devices running Windows 11 24H2 or 25H2 when a Relying Party or identity provider requests User Verification set to preferred. Microsoft says the change is intentional to align with the WebAuthn specification, which requires PIN setup when authenticators support user verification. Organizations that want to avoid PIN prompts can set user verification to discouraged in their WebAuthn settings.

Microsoft hardens Entra ID sign-ins against script injection

🔒 Microsoft will strengthen the Entra ID browser sign-in experience starting mid-to-late October 2026 by enforcing a stricter Content Security Policy that permits scripts only from Microsoft-trusted CDN domains and approved inline sources. The change applies to sign-ins at login.microsoftonline.com; Microsoft Entra External ID is not affected. Administrators should test sign-in flows, remove code-injecting extensions and review developer-console violations to identify and address dependencies before the rollout.

Gemini 3 Reframes Enterprise Perimeter and Protection

🚧 Gemini 3’s release on 18 November 2025 signals a structural shift: beyond headline performance gains, it accelerates embedding large multimodal assistants directly into enterprise workflows and infrastructure. That continuation of a trend already visible with Microsoft Copilot effectively makes AI assistants a new enterprise perimeter — changing where corporate data, identities, and controls must be enforced. Security, compliance, and IT teams need to update policies, telemetry, and incident response to this expanded boundary.

HashJack: Indirect Prompt Injection Targets AI Browsers

⚠️Security researchers at Cato Networks disclosed HashJack, a novel indirect prompt-injection vulnerability that abuses URL fragments (the text after '#') to deliver hidden instructions to AI browsers. Because fragments never leave the client, servers and network defenses cannot see them, allowing attackers to weaponize legitimate websites without altering visible content. Affected agents included Comet, Copilot for Edge and Gemini for Chrome, with some vendors already rolling fixes.

Human and AI Collaboration in the GenAI-Powered SOC

🛡️ Microsoft Defender Experts outlines how autonomous AI agents are transforming Security Operations Centers by automating repetitive triage and amplifying analyst impact. Built with expert-defined guardrails, curated test sets, and human-in-the-loop validation, these agents already process about 75% of phishing and malware cases and help resolve incidents nearly 72% faster. The program emphasizes human governance, auditability, and iterative rollout through dark-mode evaluation and pilot partnerships.

Exchange Online outage prevents classic Outlook access

⚠️ Microsoft is investigating an Exchange Online outage (incident EX1189820) preventing customers from accessing mailboxes via the classic Outlook desktop client, with reports of server connection and login failures. The company says impact is specific to users in Asia Pacific and North America and has classified the event as an incident in the admin center. As a workaround, affected users are advised to use Outlook on the Web while Microsoft analyzes the issue.

Microsoft adds Teams call handler to speed Windows client

⚡Microsoft will introduce a new Teams call handler, ms-teams_modulehost.exe, that runs as a child process to manage the calling stack separately from the main ms-teams.exe application, improving startup times and in-meeting performance. The change is transparent to end users and requires no retraining. Administrators should allowlist the new process in security and endpoint protection systems and notify helpdesk staff to avoid false positives during the rollout.

Claude Opus 4.5 Brings Agentic AI to Microsoft Foundry

🚀 Claude Opus 4.5 is now available in public preview in Microsoft Foundry, aiming to shift models from assistants to agentic collaborators that execute multi-tool workflows and support complex engineering tasks. Anthropic and Microsoft highlight Opus 4.5’s strengthened coding, vision, and reasoning capabilities alongside improved safety and prompt-injection robustness. Foundry adds developer features like Programmatic Tool Calling, Tool Search, Effort Parameter (Beta), and Compaction Control to help teams build deterministic, long-running agents while keeping centralized governance and observability.

Microsoft Tests File Explorer Preloading for Speed

⚡ Microsoft is testing an optional background preload for File Explorer on Windows 11 to reduce launch times and improve responsiveness. When enabled, the app loads automatically with no visible UI change; users can disable it by unchecking "Enable window preloading for faster launch times" in File Explorer's Folder Options under the View tab. The feature is rolling out to Windows Insiders on 25H2 in the Dev and Beta channels with preview build 26220.7271 (KB5070307). Microsoft also reorganized File Explorer's context menu into grouped flyouts to reduce clutter and has requested feedback via the Feedback Hub.

Fortinet, Chrome 0-days and Supply-Chain Attacks Recap

⚠️ This week’s recap spotlights multiple actively exploited vulnerabilities, supply‑chain compromises, and a record cloud DDoS that forced rapid vendor responses. Fortinet disclosed a FortiWeb OS command injection (CVE-2025-58034) that was observed chained with a recent critical fix, raising concerns about silent patching and disclosure timing. Google patched an actively exploited Chrome V8 0‑day (CVE-2025-13223), and attackers continued to abuse browser notifications, malicious updates, and SaaS integrations to phish and persist. The incidents underscore urgent priorities: patch quickly, scrutinize integrations, and strengthen monitoring and response.

Microsoft to Remove WINS Support After Windows Server 2025

⚠️ Microsoft announced that WINS support will be removed from Windows Server releases after Windows Server 2025, with standard support for that final LTSC build continuing through November 2034. The legacy NetBIOS name registration and resolution service was deprecated in Windows Server 2022. Microsoft said WINS components, management snap-ins and automation APIs will be removed, and urged administrators to audit dependencies and migrate to DNS-based solutions to avoid disruptions.

Windows 11 24H2 Bug Crashes Explorer and Start Menu

⚠️ Microsoft confirmed a Windows 11, version 24H2 bug in cumulative updates released since July 2025 that causes XAML dependency packages not to register in time, leading Explorer, StartMenuExperienceHost, ShellHost.exe and other shell components to crash or fail to initialize. Microsoft provided three PowerShell Add-AppxPackage commands as a temporary workaround and says a restart is required after running them. Organizations using non-persistent VDI should run a logon script to provision the packages before Explorer launches; a permanent fix is in development with no timeline.

ShadowPad Delivered via WSUS Exploits CVE-2025-59287

🛡️ A recently patched WSUS deserialization flaw, CVE-2025-59287, has been weaponized to install the ShadowPad backdoor on Windows servers. AhnLab's ASEC reports attackers used PowerCat to spawn a CMD shell and then leveraged certutil and curl to retrieve payloads from 149.28.78.189:42306. ShadowPad was deployed via DLL side-loading of ETDApix.dll by ETDCtrlHelper.exe and runs as an in-memory loader with plugin support, anti-detection, and persistence.

China-linked APT31 Targets Russian IT with Stealth

🛡️ Positive Technologies links a prolonged 2024–2025 intrusion campaign in the Russian IT sector to China-linked APT31, reporting extended dwell times and stealthy command-and-control. The group relied on legitimate cloud platforms — notably Yandex Cloud and Microsoft OneDrive — and concealed encrypted payloads in social media profiles to blend with normal traffic. Observed techniques include spear-phishing RAR attachments containing LNK loaders that deploy the Cobalt Strike-based CloudyLoader, DLL side-loading, scheduled tasks that mimic legitimate apps, and a broad mix of public and custom tools to harvest credentials and exfiltrate data.

Nvidia issues hotfix driver for Windows October update

🔧 Nvidia released the GeForce Hotfix Display Driver 581.94 to address gaming performance regressions reported after the October 2025 Windows update (KB5066835 [5561605]) affecting Windows 11 24H2 and 25H2 systems. The company notes this is a beta hotfix with an abbreviated QA cycle and is provided as-is to deliver targeted fixes more quickly. The driver is available from Nvidia Customer Care for Windows 10 x64 and Windows 11 x64 PCs.

Microsoft fixes Windows 11 hotpatch reinstall loop

🔁 Microsoft released the KB5072753 out-of-band cumulative update to resolve a known issue that caused the November 2025 hotpatch KB5068966 to repeatedly reinstall on Windows 11, version 25H2 systems. The update is rolling out via Windows Update and supersedes earlier hotpatches, so administrators should deploy KB5072753 instead of KB5068966 if they have not yet applied the November update. Microsoft said the reinstall behavior did not affect system functionality and was mainly noticeable in update-history timestamps.

Microsoft Named Leader in Gartner Access Management

🔒 Microsoft has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Access Management for the ninth consecutive year. The post highlights Microsoft Entra as a unified IAM and CIAM solution that consolidates controls, telemetry, and administration while integrating generative AI in the Entra admin center to streamline workflows and threat response. Microsoft calls out rising threats—nation-state actors and organized cybercrime using generative AI—and stresses that multifactor authentication and agent identity controls are essential to protect both human and non-human identities.

Amazon RDS for SQL Server Adds Resource Governor Support

🔧 Amazon RDS for SQL Server now supports resource governor, enabling customers to manage CPU, memory, and I/O allocation across workloads on Enterprise Edition instances. RDS exposes stored procedures for configuring resource pools, workload groups, and classifier functions so administrators can isolate resource‑intensive queries and maintain predictable performance. This feature is available in all AWS Regions where RDS for SQL Server is offered.

Turn Windows 11 Migration into a Security Opportunity

🔒 Organizations should treat the Windows 11 migration as a strategic security opportunity rather than a routine OS update. While some users resist moving from Windows 10 or explore alternatives like Linux or legacy releases, those choices can introduce operational headaches and security gaps, especially as Microsoft phases out support. Use the transition to validate backups, recovery objectives, and patch posture to reduce exposure to unpatched vulnerabilities that increasingly target MSPs and their clients.