Security News

Microsoft said that it's currently tracking a "Low volume of exploit attempts" targeting the critical Spring4Shell remote code execution vulnerability across its cloud services. The Spring4Shell vulnerability impacts the Spring Framework, described as the "Most widely used lightweight open-source framework for Java.".

Microsoft has announced that Exchange, SharePoint, and Skype for Business on-premises are now part of the Applications and On-Premises Servers Bounty Program starting today. With the expansion of this bug bounty program, security researchers who find and report vulnerabilities affecting on-premises servers are eligible for awards ranging from $500 up to $26,000.

"In a future release of Windows 11 you're going to see significant security updates that add even more protection from the chip to the cloud by combining modern hardware and software," said David Weston, VP for Enterprise & OS Security. One of the new security features Microsoft is adding in Windows 11 is enhanced phishing protection against targeted phishing attacks with the help of Microsoft Defender SmartScreen, a cloud-based anti-phishing and anti-malware service.

Microsoft has unveiled new Windows 11 features at today's 'Windows Powers the Future of Hybrid Work' event, including a redesigned File Explorer, new accessibility features, Focus for Windows 11, and more. To help Windows users increase productivity, Microsoft has revealed new features and enhancements to Windows 11, including a revamped File Explorer, App Folder in the Start Menu, new Focus features, and the new Live Captions accessibility features.

It allows businesses to stream Windows 10 or Windows 11 Cloud PCs to end-users under Windows 365 Business or Windows 365 Enterprise subscriptions. Users will be able to quickly switch between their own desktop and the Cloud PC using the Windows Task Switcher once the cloud-based service gets upgraded with a new feature dubbed Windows 365 Switch.

Microsoft has resolved a newly acknowledged issue causing Windows apps that use WebView2 to render Internet content incorrectly outside their windows after installing the March optional preview cumulative updates. The WebView2 control allows developers to embed and render web content in native apps using the Microsoft Edge web browser, including JavaScript, HTML, and CSS. According to a new entry added to the Window Health dashboard, "Some apps might render content incorrectly or outside of the app's window" on systems where the March non-security preview releases have been installed.

Microsoft has removed a compatibility hold blocking Windows 11 upgrades for Windows 10 customers after fixing a known issue leading to problems importing Internet Explorer 11 data into Microsoft Edge. The only customers impacted by the now-fixed known issue were those who didn't import their IE11 information into Microsoft Edge before starting the Windows 11 upgrade process.

Microsoft now allows enterprise admins to re-enable the MSIX ms-appinstaller protocol handler disabled after Emotet abused it to deliver malicious Windows App Installer packages. App Installer allows users to install Windows applications directly from a web server using an MSIX package or App Installer file without first downloading the installers to their computer.

Microsoft has added a new safeguard hold blocking Windows 11 upgrades for Windows 10 customers who don't import their Internet Explorer 11 data into Microsoft Edge before trying to install the newest Windows version. "After upgrading to Windows 11, saved information and data from Internet Explorer 11 might not be accessible if you did not accept to import it into Microsoft Edge before the upgrade," Microsoft explained in the Windows health dashboard.

Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps code repositories.