Security News

Microsoft is working on a fix for ongoing sign-in issues affecting some Outlook for Microsoft 365 customers and preventing them from accessing their accounts. While Microsoft says that the Outlook Team is working on a solution for this known issue, an official workaround is available for those who want to access their accounts until a fix rolls out.

Microsoft says Windows domain join processes may fail with "0xaac" errors after applying this month's security updates. The issue stems from hardening changes introduced when addressing the CVE-2022-38042 elevation of privilege vulnerability in the Active Directory Domain Services that would allow attackers to gain domain administrator privileges.

Microsoft is investigating a known issue causing OneDrive and OneDrive for Business crashes on Windows 10 systems where customers have installed updates released earlier this month. "After installing KB5018410 or later updates, OneDrive might unexpectedly close," the company explained in a Windows health dashboard update.

The Cranefly hacking group, aka UNC3524, uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services web server logs. Like any web server, when a remote user accesses a webpage, IIS will log the request to log files that contain the timestamp, source IP addresses, the requested URL, HTTP status codes, and more.

Microsoft says a threat group tracked as DEV-0950 used Clop ransomware to encrypt the network of a victim previously infected with the Raspberry Robin worm. "Beginning on September 19, 2022, Microsoft identified Raspberry Robin worm infections deploying IcedID and-later at other victims-Bumblebee and TrueBot payloads," Microsoft Security Threat Intelligence analysts said.

Microsoft appears to have woken up and realized it may have left certain Windows Server and Windows 10 systems exposed to exploitable drivers for years. This month it emerged the list of vulnerable drivers HVCI was supposed to be blocking was wildly out of date on machines running certain pre-Windows 11 operating systems, such as some Windows 10 and Windows Server builds.

Windows 10 and Server systems unprotected since 2019 Microsoft appears to have finally fixed a driver issue that left some Windows Server and 10 systems exposed to vulnerable drivers.…

Microsoft has addressed a known issue that triggers SSL/TLS handshake failures on client and server platforms with the release of the KB5018496 preview cumulative update. [...]

Microsoft warns that a newly acknowledged issue can lead to data loss when resetting virtual disks using the Server Manager management console. [...]

Microsoft says it addressed an issue preventing its vulnerable driver blocklist from being synced to systems running older Windows versions. This blocklist is designed to block threat actors from dropping legitimate but vulnerable drivers on targets' systems in Bring Your Own Vulnerable Driver attacks on HVCI-enabled Windows machines or those running Windows in S Mode.