Security News

Four different Microsoft Azure services have been found vulnerable to server-side request forgery attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed by Microsoft.

Microsoft released advanced hunting queries and a PowerShell script to find and recover some of the Windows application shortcuts deleted Friday morning by a buggy Microsoft Defender ASR rule. Early morning on January 13th, Microsoft released a new Microsoft Defender signature update that included a change to the Attack Surface Reduction rule known as "Block Win32 API calls from Office macro" in Configuration Manager and "Win32 imports from Office macro code" in Intune.

Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they couldn't be used to launch the linked apps. The issue affected app shortcuts across onboarded devices after the Microsoft Defender for Endpoint attack surface reduction rule was triggered erroneously.

Techies are reporting that Microsoft Defender for Endpoint attack surface reduction rules have gone haywire and are removing icons and applications shortcuts from the Taskbar and Start Menu. "The ASR rule is removing icons on the taskbar and Start Menu and in some cases uninstalling Microsoft Office as well."

Microsoft has messed up a zero trust upgrade its service provider partners have been asked to implement for customers. The software giant has long given its partners delegated admin privileges that allow them to administer customers' services or subscriptions on their behalf.

Microsoft is testing a new diagnostic tool in Windows 11 that lets you create live kernel memory dumps without disrupting the operation of Windows. A live kernel dump is a snapshot of the kernel's memory at the time of the dump, which is then saved to a file.

Microsoft warned customers today that Exchange Server 2013 will reach its extended end-of-support date 90 days from now, on April 11, 2023. Exchange Server 2013 was released in January 2013 and has already reached the mainstream end date more than four years ago, in April 2018.

Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery vulnerability also exploited in Play ransomware attacks. Cloud computing provider Rackspace recently confirmed that Play ransomware used a zero-day exploit dubbed OWASSRF targeting this bug to compromise unpatched Microsoft Exchange servers on its network after bypassing ProxyNotShell URL rewrite mitigations.

Anti-analysis techniques are deployed by malware to evade analysis or render the file analysis much more complex and difficult for researchers and malware sandboxes. File enumeration is a critical operation for ransomware operators.

Glaringly obvious at the very top of the list are the names in the Product column of the first nine entries, dealing with an elevation-of-privilege patch denoted CVE-2013-21773 for Windows 7, Windows 8.1, and Windows RT 8.1. Windows 8.1, which is remembered more as a sort-of "Bug-fix" release for the unlamented and long-dropped Windows 8 than as a real Windows version in its own right, never really caught on.