Security News

Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks. Microsoft hasn't disclosed any information regarding the two security flaws so far and is yet to assign a CVE ID to track them.

Microsoft has finally re-added a link to the Task Manager to the taskbar's contextual menu in the latest Windows 11 Insider preview build. "Based on your feedback, we've added a link to Task Manager when right-clicking on the taskbar," Microsoft's Amanda Langowski and Brandon LeBlanc said.

Microsoft says the North Korean-sponsored Lazarus threat group is trojanizing legitimate open-source software and using it to backdoor organizations in many industry sectors, such as technology, defense, and media entertainment. The list of open-source software weaponized by Lazarus state hackers to deploy the BLINDINGCAN backdoor includes PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer.

Microsoft next month will start phasing out Client Access Rules in Exchange Online - and will do away with this means for controlling access altogether within a year. CARs are being replaced with Continuous Access Evaluation for Azure Active Directory, which can apparently in "Near-real time" pick up changes to access controls, user accounts, and the network environment and enforce the latest rules and policies as needed, according to a notice this week from Microsoft's Exchange Team.

A common question we are asked by clients after deploying is, "Are attack paths in Active Directory this bad for everyone?". What does often cheer them up is learning that many of those attack paths can be fixed quickly and easily, now that the security team knows they exist.

Microsoft announced today that it will retire Client Access Rules in Exchange Online within a year, by September 2023. CARs are sets of conditions, exceptions, actions, and priority values that allow Microsoft 365 admins to filter client access to Exchange Online based on many factors.

In the latest version of Windows 11, Microsoft is introducing a feature in its Microsoft Defender SmartScreen tool designed to keep passwords safer. The enhanced phishing protection automatically detects when a user types their password into an app or website and knows immediately whether the app or site has a secure connection to a trusted website.

Microsoft has announced this week that Azure Virtual Desktop support for passwordless authentication has now entered public preview. "Today we're announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices," said David Bélanger, a Senior Program Manager for Azure Virtual Desktop at Microsoft.

As it rolled out a laundry list of features in the latest version of Windows 11, namely version 22H2, this month, Microsoft has also detailed some of the added security mechanisms. Included among the features is Kernel Mode Hardware Enforced Stack Protection, with Rick Munck, cloud security solution architect at Microsoft, stressing its dependency on hypervisor-protected code integrity.

The changes in the latest release of the security configuration baseline touch on a range of areas, including hardware - which Microsoft has increasingly emphasized in recent years - drivers and printers as well as protections against credential theft and account lookout. The feature is part of a larger push Microsoft has been making for several years to more tightly integrate hardware and software security capabilities.