Security News

We're not quite sure what to call it right now, so we referred to it in the headline by the hybrid name Microsoft Office 365. The web-based versions of the Office tools don't have the same feature set as the full apps, so any results we might obtain are unlikely to align with how most business users of Office, ah, 365 have configured Word, Excel, Outlook and friends on their Windows laptops.

Microsoft has improved the Microsoft Edge efficiency mode feature in the latest stable release to increase battery life when the device is unplugged or on low battery. Efficiency mode is a cross-platform feature that works on Windows, macOS, and Linux, follows Battery Saver mode on Windows, turning on at 20% battery on macOS, and requires enabling on Linux devices since it's off by default.

WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption that could be exploited by attackers to obtain sensitive information. OME, which is used by organizations to send encrypted emails internally and externally, utilizes the Electronic Codebook implementation - a mode of operation known to leak certain structural information about messages.

Security researchers at WithSecure, previously F-Secure Business, found that it is possible to partially or fully infer the contents of encrypted messages sent through Microsoft Office 365 due to the use of a weak block cipher mode of operation. Organizations use Office 365 Message Encryption to send or receive emails, both external and internal, to ensure confidentiality of the content from destination to source.

Microsoft has begun to kill off the Microsoft Office brand, with plans to rebrand its Office.com and Office cloud-based apps to Microsoft 365 in the near future. In 2020, Microsoft rebranded Office 365 to Microsoft 365 and started to heavily push the subscription-based productivity suite to both the enterprise and consumers.

Microsoft has now made it possible to receive notifications about new security updates through a new RSS feed for the Security Update Guide. Typically, Microsoft discloses new vulnerabilities twice a month, the bulk being the monthly Patch Tuesday and when Microsoft fixes vulnerabilities in Microsoft Edge.

Microsoft has added command-and-control traffic detection capabilities to its Microsoft Defender for Endpoint enterprise endpoint security platform.The C2 connections are detected by the Defender for Endpoint's Network Protection agent by mapping the outbound connection's IP address, port, hostname, and other values with data from Microsoft Cloud.

Microsoft is rolling out its usual host of cloud security features and services at this week's Ignite 2022 conference, with the focus on what's happening in and outside the firewall. Protecting against sensitive information being shared by teams is also a theme, according to the show briefing, although some of the newly-announced security features have been previewed with Redmond Microsoft 365 E5 license users.

Microsoft reminded customers that all editions of Windows 10, version 21H1, would reach the end of servicing on December 13, 2022. Microsoft said in an update to the Windows health dashboard that systems running Windows 10 21H1 will no longer receive security updates.

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs,...