Security News

Today is Microsoft's November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws. This month's Patch Tuesday fixes six actively exploited zero-day vulnerabilities, with one being publicly disclosed.

Microsoft is now promoting some of its products in the sign-out flyout menu that shows up when clicking the user icon in the Windows 11 start menu. Redmond has pushed ads within the user interface of Microsoft Office apps or other Windows apps before.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

At its Ignite 2022 event last month, Microsoft announced general availability of Azure Active Director certificate-based authentication, addressing a component the Biden Administration's executive order last year to strengthen the US's cybersecurity. Microsoft is now offering a public preview of Azure AD CBA on devices running Apple's iOS and Android that uses certificates on Yubico's YubiKey hardware security key.

Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities. China's 2021 law required organizations to report security vulnerabilities to local authorities before disclosing them to any other entity.

Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub's Copilot violates the terms of open-source licenses and infringes the rights of programmers. GitHub Copilot, released in June 2022, is an AI-based programming aid that uses OpenAI Codex to generate real-time source code and function recommendations in Visual Studio.

Microsoft is warning of an uptick in the nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has "Observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it imperative that organizations patch such exploits in a timely manner.

Attackers are abusing Microsoft Dynamics 365 Customer Voice to evade email filters and deliver phishing emails into Microsoft users' inboxes, Avanan researchers are warning.Microsoft Dynamics 365 is a suite of enterprise resource planning and customer relationship management applications.

Microsoft is rolling out a fix for a known issue affecting Outlook for Microsoft 365 users and preventing them from scheduling Teams meetings because the option is no longer available on the app's ribbon menu. The Teams Meeting add-in can be found in the Calendar view, and it helps Outlook users to create Teams meetings from Outlook.

Microsoft has significantly reduced latency for Windows and Mac users of the Teams desktop client in some critical scenarios when interacting with the application. Jeff Chen, a Microsoft Principal Group Program Manager for Microsoft Teams, said today that the app is now more than 30% faster when switching between chat and channel threads.