Security News

Last November, Rajesh Ramamurthy, director of product management for Azure DevOps, announced plans to phase out support for TLS 1.0/1.1 because of the risk of protocol downgrade attacks and other TLS vulnerabilities outside Microsoft's control. TLS downgrade attacks aim to turn strong, more recent versions of TLS into weaker, earlier versions of the protocol to facilitate further exploitation.

Microsoft has begun testing promotions for some of its other products in the File Explorer app on devices running its latest Windows 11 Insider build. The new Windows 11 "Feature" was discovered by a Windows user and Insider MVP who shared a screenshot of an advertisement notification displayed above the listing of folders and files to the File Explorer, the Windows default file manager.

Microsoft has removed the last Windows 11 safeguard hold after Oracle addressed a known VirtualBox issue causing errors and virtual machine start failures when Hyper-V or the Windows Hypervisor were installed. Safeguard holds prevent users from upgrading to Windows 11 to protect their systems against potential upgrade issues, in this case, software instability caused by compatibility issues between Windows and VirtualBox.

Microsoft has confirmed a new known issue causing Microsoft Intune enrollment problems on some Android devices after upgrading from Android 11 to Android 12. "Currently, this includes some OPPO, OnePlus, and Realme devices enrolled as Android Enterprise personally-owned work profile," the Intune Support Team explained.

It's worth pointing out that Microsoft separately addressed 21 flaws in the Chromium-based Microsoft Edge browser earlier this month. All the three critical vulnerabilities remediated this month are remote code execution flaws impacting HEVC Video Extensions, Microsoft Exchange Server, and VP9 Video Extensions.

Microsoft has announced that the company's new cloud-based Microsoft Defender security solution has entered preview for home customers in the United States. While Microsoft paints a pretty picture of Microsoft Defender Preview's capabilities, in reality, the application is in its very early stages.

Dell won't include Microsoft's Pluton technology in most of its commercial PCs, telling The Register: "Pluton does not align with Dell's approach to hardware security and our most secure commercial PC requirements." Microsoft launched to much fanfare its Pluton security layer for PCs in 2020 after developing it with Intel, AMD, and Qualcomm.

Microsoft has addressed 71 security flaws, including three critical remote code execution vulnerabilities, in its monthly Patch Tuesday update. Yes, an attacker needs to be authenticated, though Sophos Lab threat researcher Christopher Budd noted: "Given what we've seen recently around attacks against Exchange vulnerabilities, the critical severity rating and the nature of the vulnerability makes this an issue that should be patched as soon as possible."

Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday update - only three of which are rated critical in severity. Three of the bugs are listed as publicly known zero-days, but none of them are listed as having been exploited in the wild.

Microsoft marks March 2022 Patch Tuesday with patches for 71 CVE-numbered vulnerabilities, including three previously unknown "Critical" ones and three "Important" ones that were already public. "If an attacker can lure an affected RDP client to connect to their RDP server, the attacker could trigger code execution on the targeted client," says Dustin Childs, with Trend Micro's Zero Day Initiative.