Security News

End users can find more information on the next steps after macros are blocked in a downloaded Office document on the A potentially dangerous macro has been blocked support page. IT admins can find dedicated documentation on the Macros from the Internet will be blocked by default in Office page.

LinkedIn and Microsoft are the most impersonated brands in phishing attacks. LinkedIn and Microsoft took top spots as the most exploited brands in phishing attacks last quarter, Check Point Research reported on Tuesday.

Admins were also told that they could find more information regarding these ongoing problems in the admin center under EX401976 and OL401977. While Redmond did not reveal the scale of the issue, thousands of reports have been submitted in the past 24 hours on DownDetector by Outlook and Exchange Online users who have either been unable or experienced difficulties when trying to log in or email.

Complaints over Microsoft's latest patch Tuesday have intensified after some Windows 11 users found their systems worse for wear following installation. The July 12 patch, KB5015814, was a relatively straightforward one that dealt with a number of what Microsoft delicately termed "Security issues" in its summary.

Microsoft is investigating user reports that MS Access runtime applications stop opening after installing this month's Patch Tuesday Office/Access security updates. According to customers' complaints on Microsoft's official community website and Reddit, July's cumulative updates trigger this issue for MS Access 2016 and MS Access 2013 are KB5002112 and KB5002121, respectively.

"An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads," Jonathan Bar Or of the Microsoft 365 Defender Research Team said in a write-up. While Apple's App Sandbox is designed to tightly regulate a third-party app's access to system resources and user data, the vulnerability makes it possible to bypass these restrictions and compromise the machine.

For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries.Researchers at Microsoft Threat Intelligence Center are tracking the Holy Ghost ransomware gang as DEV-0530.

Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication. The intrusions entailed setting up adversary-in-the-middle phishing sites, wherein the adversary deploys a proxy server between a potential victim and the targeted website so that recipients of a phishing email are redirected to lookalike landing pages designed to capture credentials and MFA information.

Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.

Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.