All news with #security misconfiguration tag

🔒 Cybernews reports researchers found an unsecured 16 TB MongoDB instance exposing roughly 4.3 billion personal and professional records. The dataset included names, emails, phone numbers, LinkedIn profile details, employment history, education, social accounts and profile images — data consistent with large-scale LinkedIn scraping. The operator secured the database two days after discovery on 25 November 2025, but ownership and the full exposure window remain unknown.

⚠️ Microsoft warns a December security update (KB5071546) can cause MSMQ to become inactive in enterprise and clustered environments, disrupting applications that rely on queued messaging. Reported symptoms include IIS failures with resource errors, applications unable to write to queues, and misleading log entries about disk space. Microsoft says a workaround exists but directs admins to contact Support for Business; community responders have recommended temporarily granting write access to C:\Windows\System32\msmq or rolling back the update until an official fix is issued. Affected systems include Windows Server 2012/2012 R2/2016/2019 and several Windows 10 builds.

⚠ Microsoft has asked enterprise customers to contact support for guidance after a Message Queuing (MSMQ) change in recent December 2025 updates caused applications and IIS sites to fail. The bug, affecting Windows 10 22H2, Windows Server 2019, and 2016 systems with KB5071546/KB5071544/KB5071543 installed, alters NTFS permissions on C:\Windows\System32\MSMQ\storage, requiring write access and causing resource errors. Microsoft is investigating and advising businesses to seek tailored mitigations or consider rolling back updates.

🔒 Users accessing SoundCloud through many VPN services are currently blocked and receive a 403 'forbidden' server response. The problem has persisted for four days and was independently confirmed after multiple Reddit reports. SoundCloud's senior director of communications said configuration changes caused temporary connectivity issues and the company is working on a fix with no timeline given. Some VPN providers or server locations continue to work for certain users.

🔧 Microsoft warns that recent Windows 11 updates, starting with the KB5067036 October 28, 2025 non-security update and including later releases such as KB5072033, can break VPN networking for enterprise users running WSL with mirrored mode enabled. Affected users report "No route to host" errors inside WSL because some third-party VPN virtual interfaces (for example OpenVPN and Cisco Secure Client) do not respond to ARP requests and so fail to resolve IP-to-MAC mappings. Microsoft is investigating the issue but has not provided a workaround or ETA for a fix.

⚠️ Microsoft has confirmed that its December 2025 security updates are breaking Message Queuing (MSMQ) on affected systems. Machines with KB5071546, KB5071544, or KB5071543 installed — including Windows 10 22H2, Windows Server 2019, and Windows Server 2016 — can experience inactive queues, IIS sites failing with 'insufficient resources', and applications unable to write to queues. Microsoft attributes the failures to security model and NTFS permission changes that require MSMQ users to have write access to C:\Windows\System32\MSMQ\storage; a timeline for a fix has not been provided.

🔒 UpGuard's analysis found thousands of publicly accessible Streamlit applications exposing PII and confidential business data due to default public hosting and common misconfiguration. Using internet scans in October 2025, researchers identified nearly 15,000 IPs running Streamlit and more than ten thousand self-hosted apps reachable without authentication, while Community Cloud counts were substantially larger. The report warns that shadow AI—unsanctioned, persistent apps—can massively expand the attack surface and recommends inventory, access controls, authentication by default, and continuous monitoring.

⚠️ On December 5, 2025 a configuration change to Cloudflare’s Web Application Firewall (WAF) triggered an error in a subset of proxies, causing HTTP 500 responses for affected customers. The change — increasing WAF request-body buffering to mitigate CVE-2025-55182 — was rolled out gradually, but a separate global configuration update disabled an internal tool and propagated immediately. That global change caused a Lua runtime nil lookup in the older FL1 proxy when a killswitch skipped an execute action in a ruleset; the change was reverted within 25 minutes and the incident was not caused by malicious activity.

🔒 Microsoft warned that updates to Windows 11 released since August may make the password sign‑in icon invisible on the lock screen for systems with multiple sign‑in options. The button remains functional — hovering over the blank space reveals the password control. The issue is tied to the non‑security preview KB5064081 and later releases on 24H2/25H2. Microsoft has provided no timeline for a fix and offers no workaround beyond the hover action.

⚠️ Festo has disclosed two critical vulnerabilities affecting multiple Compact Vision System, control block, controller, and operator unit products, with CVSS ratings up to 9.8. One issue stems from an insecure default that allows remote, unauthenticated access if passwords are not enabled; the other permits an authenticated attacker to read or modify configuration files. Festo and CERT@VDE recommend enabling password protection, using online user management where applicable, and minimizing network exposure of affected devices.

⚠️ Microsoft confirmed a Windows 11, version 24H2 bug in cumulative updates released since July 2025 that causes XAML dependency packages not to register in time, leading Explorer, StartMenuExperienceHost, ShellHost.exe and other shell components to crash or fail to initialize. Microsoft provided three PowerShell Add-AppxPackage commands as a temporary workaround and says a restart is required after running them. Organizations using non-persistent VDI should run a logon script to provision the packages before Explorer launches; a permanent fix is in development with no timeline.

🔒 AWS Organizations Tag Policies introduces Reporting for Required Tags, a validation check that ensures IaC deployments include mandatory tags. You define a tag policy specifying required keys and enable validation for CloudFormation, Terraform, or Pulumi workflows. Validation is implemented by activating the AWS::TagPolicies::TaggingComplianceValidator Hook in CloudFormation, adding plan-time checks in Terraform, or enabling the aws-organizations-tag-policies policy pack in Pulumi. The feature is available via the AWS Management Console, AWS CLI, and AWS SDK in supported Regions.

🔒 Enterprises continue to struggle with cloud misconfigurations that expose sensitive data, according to recent industry reporting and a Qualys study. The report cites a 28% breach rate tied to cloud or SaaS services over the past year and high misconfiguration rates across AWS (45%), GCP (63%) and Azure (70%). Experts blame permissive provider defaults, shadow IT and rapid business-driven deployments, and recommend controls such as MFA everywhere, private networking, encryption, least-privilege and infrastructure-as-code.

🔒 Microsoft confirmed that Microsoft Defender Application Guard (MDAG) for Office will be removed from enterprise Office builds, with phased removal beginning in 2026 and final cut-offs through 2027. MDAG used Hyper‑V sandboxing to isolate malicious Office documents but incurred slower load times and carried sandbox escape risks. Microsoft advises enabling Attack Surface Reduction (ASR) rules and Windows Defender Application Control (WDAC), and reviewing any automation, workflows, or SIEM integrations that depended on MDAG’s isolation logs.

🏛 Thieves brazenly used a furniture elevator to access a second‑floor window and stole historic jewels worth about €88 million from display cases at the Louvre in October 2025. French authorities say the alarms on the affected window and cases functioned as intended, but the theft prompted a comprehensive security review and urgent recommendations for new governance, extra perimeter cameras, and updated protocols. Confidential audits cited by Libération document chronic IT weaknesses since 2014 — systems running Windows 2000 and weak password hygiene, including a video server reportedly protected by the password "LOUVRE".

⚠️Microsoft says installing the October 2025 updates can cause some Windows 10 systems with active coverage to display an incorrect "Your version of Windows has reached the end of support" message in Windows Update settings. The cosmetic issue affects Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, and Windows 10 22H2 devices enrolled in ESU. Microsoft has deployed a cloud configuration update to correct the message automatically, but devices that are offline or block dynamic updates may not receive it. Administrators can use Known Issue Rollback (KIR) by setting the KB5066791 251020_20401 value to Disabled to remove the alert on managed systems until a permanent fix ships in a future Windows update.

🏛 The Louvre has struggled for more than a decade with outdated software and unsupported Windows systems that control critical security infrastructure, French reports say. Audits in 2014 and 2017 found workstations running Windows 2000 and Windows XP, along with a video server still on Windows Server 2003 and weak, hard-coded passwords on surveillance applications. Procurement records also list multiple Thales systems as "software that cannot be updated." Authorities ordered governance and security reforms after a recent jewelry theft, though there is no indication the IT issues directly enabled that burglary.

🔒 Microsoft has updated File Explorer to disable the preview pane by default for files downloaded from the Internet or marked with the Mark of the Web. The change, included in Windows security updates released on and after October 14, 2025, is designed to block exploits that can leak NTLM hashes when previewed documents reference external resources. When preview is blocked, File Explorer shows a warning and users can manually unblock trusted files via Properties > Unblock or add the location to Trusted sites/Local intranet; a sign-out may be required for the change to take effect.

⚠ After installing the October 14, 2025 security update KB5066835, USB-wired mice and keyboards do not function in the Windows Recovery Environment (WinRE), Microsoft confirmed. The devices continue to operate normally inside the Windows OS, but WinRE navigation is blocked, affecting Windows 11 (24H2, 25H2) and Windows Server 2025. Microsoft is working on a fix expected in the coming days; meanwhile users can rely on Bluetooth peripherals or legacy PS/2 input devices as a workaround.

🔍 Matt Kiely of Huntress Labs urges Microsoft 365 administrators to audit OAuth applications across their tenants and provides a pragmatic starting tool, Cazadora. The research shows both abused legitimate apps (Traitorware) and bespoke malicious apps (Stealthware) can persist for years and that Azure’s default user-consent model enables these abuses. Operators should check Enterprise Applications and Application Registrations for suspicious names, anomalous reply URLs (notably a localhost loopback with port 7823), and other anomalous attributes, then take remediation steps.