Security News

Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," the company revealed.

Microsoft announced today the availability of Azure DDoS IP Protection in public preview, a new and fully managed DDoS Protection pay-per-protected IP model tailored to small and midsize businesses.Unlike the enterprise offering, DDoS IP Protection does not have support for DDoS rapid response support, cost protection, and discounts on WAF. "With the DDoS IP Protection SKU, customers now have the flexibility to enable DDoS protection on individual public IP addresses," Microsoft Senior Product Manager for Azure Networking Amir Dahan said.

Attackers could exploit a now-patched spoofing vulnerability in Service Fabric Explorer to gain admin privileges and hijack Azure Service Fabric clusters.Service Fabric is a platform for business-critical applications that hosts over 1 million apps and powers many Microsoft products, including but not limited to Microsoft Intune, Dynamics 365, Skype for Business, Cortana, Microsoft Power BI, and multiple core Azure services.

Orca Security disclosed the bug, and older versions remain vulnerable A proof-of-concept exploit has been published detailing a spoofing vulnerability in Microsoft Azure Service Fabric. The flaw...

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Microsoft has released the long-awaited Windows 11 tabbed File Explorer, Suggested Actions, Taskbar Overflow features, and Task Manager quick-access features in a new preview cumulative update. Last month, Microsoft released Windows 11 22H2 with various new features.

Microsoft has issued an out-of-band non-security update to address an issue triggering SSL/TLS handshake failures on client and server platforms. "We address an issue that might affect some types of Secure Sockets Layer and Transport Layer Security connections. These connections might have handshake failures," Microsoft explains.

New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. Office 365 Message Encryption is a security mechanism used to send and receive encrypted email messages between users inside and outside an organization without revealing anything about the communications themselves.

Microsoft Office 365 Message Encryption claims to offer a way "To send and receive encrypted email messages between people inside and outside your organization." Office 365 Message Encryption relies on a strong cipher, AES, but WithSecure says that's irrelevant because ECB is weak and vulnerable to cryptanalysis regardless of the cipher used.

Microsoft says new Prestige ransomware is being used to target transportation and logistics organizations in Ukraine and Poland in ongoing attacks. "This activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks. The Prestige ransomware had not been observed by Microsoft prior to this deployment," MSTIC added.