< ciso
brief />
Tag Banner

All news with #microsoft tag

835 articles · page 5 of 42

Microsoft attributes unexpected driver updates to caching error

🔧 Microsoft acknowledged and fixed an issue where a Windows Update caching misconfiguration caused some devices to install driver updates despite policies preventing auto-updates. The company said the caching service temporarily dropped device enrollment information, causing driver-approval controls to be bypassed. Microsoft updated the service cache and enrollment status, confirmed remediation, and is investigating root causes to prevent recurrence.
read more →

Microsoft 365 Android token-sharing vulnerability patched

🔒 A development flag left enabled in production builds of several Microsoft 365 Android apps bypassed the check that limits account-token sharing to trusted Microsoft apps. Any app on the same device could request the signed‑in user's FOCI token and access email, files, calendar, and messages without a password or prompt. Microsoft has released updates for affected apps; users and administrators should update or push fixes immediately.
read more →

One-click GitHub.dev attack exposes OAuth tokens

🔒 Security researchers disclosed a one-click attack targeting GitHub.dev in the browser-hosted VS Code environment that can steal a user's GitHub OAuth token. The exploit abuses message passing between the main VS Code window and untrusted webviews to simulate keypresses, open the Command Palette, and install malicious extensions. By leveraging local workspace extensions and configurable keybindings, attackers can bypass trust prompts and extract tokens with access to private repositories. Microsoft has acknowledged the issue and is working on a fix; the vulnerability does not affect VS Code Desktop.
read more →

Microsoft unveils containment for agentic AI security

🔒 Microsoft announced new controls to contain agentic AI workloads, including the Microsoft Execution Container (MXC) runtime and enhancements to the multi-agent vulnerability research system MDASH. MXC is a policy-driven sandbox for specifying and enforcing access to files, networks, credentials, and resources at runtime across Windows, Linux, and macOS. The company also highlighted Agent 365 SDK, Windows 365 for Agents, and two open-source standards—ASSERT and Agent Control Specifications—to govern agent behavior across platforms.
read more →

Microsoft brings Linux coreutils natively to Windows

🐧 Microsoft unveiled Coreutils for Windows at Build 2026, delivering many familiar Linux command-line utilities as native Windows applications. Based on the open-source uutils project (a Rust rewrite of GNU coreutils), the release aims to let developers use the same commands across Linux, macOS, Windows, and WSL without changing workflows. The package is available on GitHub and via WinGet as a single coreutils.exe binary that exposes individual command names through NTFS hardlinks. Microsoft notes some command conflicts, POSIX limitations, and behavioral differences on Windows.
read more →

AI-built ransomware toolkit automates EDR evasion

🛡️ A threat actor used an AI-assisted ransomware toolkit to automate Active Directory discovery and iterate EDR evasion techniques. Researchers found Cursor and Claude Opus agents used for coding, analysis, testing, and checking public research for bypass methods, with some malware tested against Sophos, CrowdStrike, and Microsoft EDR products. Sophos determined the workflow was human-directed, while AI accelerated development, producing numerous payload modules and mapping techniques to MITRE ATT&CK.
read more →

Building an Agentic Enterprise System for AI

🧭 Microsoft outlines a shift from isolated AI tools to a unified, enterprise-grade agent platform that runs real work. The post emphasizes a single integrated system spanning Azure, GitHub, Microsoft IQ, Foundry, Agent 365, and Microsoft 365 to build, contextualize, run, govern, and improve agents. It stresses secure-by-design governance, model choice, continuous improvement through feedback and tuning, and production-grade runtimes. The approach centers developers and enterprise context to make agents trustworthy and scalable.
read more →

Microsoft Discovery GA and App Preview for R&D

🧭 Microsoft announces the general availability of Microsoft Discovery, a platform for building and governing agentic AI workflows tailored to scientific and engineering R&D. The release includes a preview of the Microsoft Discovery app, a local desktop experience for researchers and small teams to explore hypotheses, literature, and iterative experimentation. The platform emphasizes evidence preservation, traceability, governance, and integration with existing tools and institutional data to support repeatable, transparent scientific workflows.
read more →

Microsoft Build 2026: Securing Code, Agents, Models

🔒 At Microsoft Build 2026, Microsoft announced new security capabilities to integrate protection across the development lifecycle, addressing insecure code, agent proliferation, and model risk. The expanded preview of the multi-model agentic scanning harness (codename MDASH) integrates with Microsoft Defender to orchestrate hundreds of AI agents for exploit discovery. New tools such as Agent 365, MXC SDK, and Purview enhancements provide runtime controls, data protection, and governance to help developers and security teams act earlier and with consistent oversight.
read more →

Microsoft Exchange Online outage delays emails

📧 Microsoft is addressing a widespread service issue impacting the mail flow pipeline for Exchange Online customers in North America and Germany. Users reported SMTP deferral errors and abrupt connection closures, causing significant delays or failures when sending and receiving email. Engineers are investigating incident EX1331830 to identify root causes and restore normal service.
read more →

Microsoft Build 2026: Agentic Apps with Fabric

🧭 Microsoft highlights how AI-driven agentic workflows demand a shared data context. Microsoft Fabric is presented as a unified data and AI platform that enables developers and agents to build production-ready apps by providing consistent organizational context. New announcements include the open-source Rayfin SDK/CLI for rapid backend deployment and Azure HorizonDB (PostgreSQL-compatible) in public preview, optimized for AI workloads.
read more →

Azure Cobalt 200 VMs Boost Arm AI Workload Performance

🚀 Microsoft announced early access preview of Azure Cobalt 200 Arm-based VMs at Build 2026, delivering up to 50% generational performance improvements over Cobalt 100 for agentic AI and cloud-native Linux workloads. The Cobalt 200 SoC, built on Arm Neoverse V3 and TSMC 3nm, features chiplets, custom accelerators, and enhanced memory and security capabilities. New VM families (including high-memory and dense local storage) expand deployment choices and are available in selected preview regions.
read more →

Managing models, cost, and quality in Foundry

🛠️ Microsoft Foundry presents a unified platform to select, evaluate, optimize, and operate AI models across the full application lifecycle. The post emphasizes that production systems require continuous model selection, validation on real data, cost and latency management, and governance rather than simply picking the most capable model. Foundry adds new model families and Fireworks AI for production-grade open model inference via a single Azure endpoint with enterprise SLAs. It provides model routing, benchmarking with custom datasets, continuous evaluation, and operational controls like versioning, observability, and rollout strategies.
read more →

Foundry IQ: Unified knowledge and serverless retrieval

🔎 Foundry IQ streamlines bringing enterprise and external knowledge into agent workflows by unifying content, improving ingestion, and offering a serverless model for retrieval. The service provides a Model Context Protocol (MCP) server, integrates Microsoft Web IQ for low-latency external context, and includes GA security and compliance features. Serverless Developer tier is in public preview with CU-based billing estimates and scale-to-zero capacity.
read more →

Microsoft threatens researcher after Windows exploits

🔒 An anonymous researcher known as “Nightmare Eclipse” has published several significant exploits targeting Microsoft Windows, including a vulnerability that defeats BitLocker. Microsoft has responded with threats of legal action, prompting public debate and recriminations between the company and security community. The situation has raised concerns about disclosure practices, researcher protections, and the balance between security research and corporate legal responses.
read more →

AI-assisted toolkit used to evade EDR defenses

🔍 Sophos X-Ops uncovered a lab where a threat actor used AI coding tools to develop and test malware aimed at evading EDR products. The files and Git repository showed Python scripts—many partially AI-generated—used to build and iterate evasion modules against vendors including Sophos, CrowdStrike and Microsoft. Humans retained control of the workflow, using AI to accelerate building, testing and refinement while operating inside an AI-native environment.
read more →

Microsoft investigates Office and Teams file access outage

📂 Microsoft is investigating an ongoing incident that prevents some users from opening files in Office for the web and Microsoft Teams. Impacted apps include Excel and PowerPoint for the web, with affected users seeing an error stating "Office Online services aren't available right now." The company is analyzing service telemetry and has identified a potential cross-service issue while it works toward remediation.
read more →

Critical Windows Netlogon RCE Flaw Now Exploited

🔒 The Centre for Cybersecurity Belgium (CCB) warned that threat actors are exploiting a recently patched critical Windows Netlogon vulnerability (CVE-2026-41089). Microsoft patched the stack-based buffer overflow during May 2026 Patch Tuesday, which can allow unauthenticated remote code execution on domain controllers. The CCB urged administrators to apply updates immediately, noting a CVSS score of 9.8, while Microsoft has not yet confirmed active exploitation.
read more →

Microsoft resolves outage impacting MFA setup access

🔧 Microsoft confirmed and mitigated an incident that prevented some users from setting up multi-factor authentication and accessing the My Sign-Ins site, where affected users encountered 504 Gateway Timeout errors. The company failed over to alternate infrastructure and monitored telemetry while evaluating further mitigations. Microsoft later restored the service, attributing the outage to a cache configuration change that caused high CPU and memory load during an EU traffic peak.
read more →

Microsoft fixes Windows 11 KB5089549 install failures

🔧 Microsoft has fixed a known issue that caused installation failures and 0x800f0922 errors for the May 2026 Windows 11 security update (KB5089549). The failures were triggered by insufficient free space on the EFI System Partition (ESP), causing updates to rollback during reboot at roughly 35–36% completion. The fix is included in the May 26, 2026 preview cumulative update (KB5089573) and will be made available broadly in the June Patch Tuesday updates, with mitigation options for enterprises via Known Issue Rollback or Group Policy.
read more →