Security News

Microsoft is bringing Azure Active Directory Identity Protection alerts to Microsoft 365 Defender to seemingly help IT folks thwart criminals infiltrating corporate networks via compromised users. For one thing, this means that if you want to find out the role an Azure AD identity played in an intrusion, you can now do so from one place, Microsoft 365 Defender, saving you from having to check your Azure portal, according to Microsoftie Idan Pelleg.

A threat group known as Vice Society has been switching ransomware payloads in attacks targeting the education sector across the United States and worldwide. As Microsoft Security Threat Intelligence analysts shared in a report published today, Vice Society has been swapping between BlackCat, QuantumLocker, Zeppelin, and a Vice Society-branded variant of Zeppelin ransomware.

Microsoft has fixed a known issue blocking the Windows 11 2022 Update from being offered on systems with printers using Universal Print Class or Microsoft IPP Class drivers because of compatibility issues. In late September, Redmond added a compatibility hold to block Windows 11 22H2 on affected systems because some installed printers might only allow customers to use the default settings with features like color, 2-sided printing, or higher resolutions.

Microsoft is developing a Windows system optimization program called 'PC Manager' that combines existing Windows tools into one interface. If you are a Windows user, you have likely run into various Windows system cleaners or system optimization programs that promise to increase the speed of your computer by deleting unnecessary files and Registry keys.

"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.

Microsoft has confirmed a data leak linked to a misconfigured server for a cloud storage service but is disputing the extent of the problem.In a revelation this week, Microsoft's Security Response Center said the cloud provider was notified by threat intelligence firm SOCRadar on September 24 about the misconfigured endpoint that exposed business transaction data related to interactions between Microsoft and customers.

Microsoft says the latest Windows 11 preview build improves update management for IT administrators and fixes several issues leading to app crashes. The focus of this build's update improvements is to help admins make system restarts after Windows updates are installed more predictable.

Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," the company revealed.

Microsoft announced today the availability of Azure DDoS IP Protection in public preview, a new and fully managed DDoS Protection pay-per-protected IP model tailored to small and midsize businesses.Unlike the enterprise offering, DDoS IP Protection does not have support for DDoS rapid response support, cost protection, and discounts on WAF. "With the DDoS IP Protection SKU, customers now have the flexibility to enable DDoS protection on individual public IP addresses," Microsoft Senior Product Manager for Azure Networking Amir Dahan said.

Attackers could exploit a now-patched spoofing vulnerability in Service Fabric Explorer to gain admin privileges and hijack Azure Service Fabric clusters.Service Fabric is a platform for business-critical applications that hosts over 1 million apps and powers many Microsoft products, including but not limited to Microsoft Intune, Dynamics 365, Skype for Business, Cortana, Microsoft Power BI, and multiple core Azure services.