Security News

Microsoft announced today that it added device isolation support to Microsoft Defender for Endpoint on onboarded Linux devices. Enterprise admins can manually isolate Linux machines enrolled as part of a public preview using the Microsoft 365 Defender portal or via API requests.

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads."Attackers looking to exploit unpatched Exchange servers are not going to go away," the tech giant's Exchange Team said in a post.

Microsoft is urging organizations to protect their Exchange servers from cyberattacks by keeping them updated and hardened, since online criminals are still going after valuable data in the email system. Enterprises need to make sure to install the latest Cumulative Updates and Security Updates on the Exchange servers - and occasionally on Exchange Management Tools workstations - and to run manual tasks like enabling Extended Protection and certificate signing of PowerShell serialization payloads, according to the vendor's Exchange Team.

Microsoft says this week's five-hour-long Microsoft 365 worldwide outage was caused by a router IP address change that led to packet forwarding issues between all other routers in its Wide Area Network. Redmond said at the time that the outage resulted from DNS and WAN networking configuration issues caused by a WAN update and that users across all regions serviced by the impacted infrastructure were having problems accessing the affected Microsoft 365 services.

KQL is an interesting hybrid of scripting and query tools, so it's familiar to anyone who's used Python for data science or SQL for working with databases. It's designed to work against tables of data, with the ability to create variables and constants that can help control the flow of a set of KQL statements.

Microsoft has addressed a known issue causing the Remote Desktop app to freeze on Windows 11 systems after installing the Windows 11 2022 Update. "After installing Windows 11, version 22H2, the Windows Remote Desktop application might stop responding when connecting via a Remote Desktop gateway or Remote Desktop Connection Broker," Redmond explains on the Windows health dashboard entry published in November.

Microsoft has started the forced rollout of Windows 11 22H2 to systems running Windows 11 21H2 that are approaching their end-of-support date on October 10, 2023. The automated feature update rollout phase comes after Windows 11 22H2 has also become available for broad deployment today to users with eligible devices via Windows Update.

Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update to have them always ready to deploy an emergency security update. "To defend your Exchange servers against attacks that exploit known vulnerabilities, you must install the latest supported CU and the latest SU," The Exchange Team said.

IoT hardware is at the heart of much modern operational technology, the systems that support businesses, the systems that mix modern IoT hardware with legacy control and data collection devices. So how can we protect our devices, networks and businesses, especially when we already have a large estate of deployed hardware? Microsoft's Defender for IoT is one option, adding network sensors and firmware analysis tools to help spot compromised and at-risk hardware and working in conjunction with Microsoft Sentinel to use machine learning to identify threats early.

Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center and patched by Microsoft last year, according to Akamai's researchers. The bug isn't a remote code execution flaw; it's a vulnerability that allows someone to pretend to be another to an application or operating system, in the context of identity and certificate cryptography checks on Windows.