Security News

Microsoft has announced today the general availability of Microsoft Defender for Individuals, the company's new security solution for personal phones and computers. This new cross-device security solution is available for all Microsoft 365 customers with Personal or Family subscriptions starting today.

Microsoft has announced today the general availability of Microsoft Defender for Individuals, the company's new security solution for personal phones and computers. Defender for Individuals also provides safety alerts and recommendations, including real-time warnings about device security changes and suggestions on keeping data and devices secure.

Security researchers are warning that threat actors could hijack Office 365 accounts to encrypt for a ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management and storage. A ransomware attack targeting files on these services could have severe consequences if backups aren't available, rendering important data inaccessible to owners and working groups.

Microsoft has incorporated additional improvements to address the recently disclosed SynLapse security vulnerability in order to meet comprehensive tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines. The high-severity issue, tracked as CVE-2022-29972 and disclosed early last month, could have allowed an attacker to perform remote command execution and gain access to another Azure client's cloud environment.

Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Tracked as CVE-2022-30190, the zero-day bug relates to a remote code execution vulnerability affecting the Windows Support Diagnostic Tool when it's invoked using the "Ms-msdt:" URI protocol scheme from an application such as Word.

Microsoft confirmed today that a future Windows update will permanently disable the Internet Explorer web browser on users' systems."Users will still see the Internet Explorer icon on their devices but if they click to open Internet Explorer, Microsoft Edge will open instead with easy access to IE mode," said the General Manager for Microsoft Edge Enterprise Sean Lyndersay today.

Microsoft has opened its wallet once more to pick up New York-based cyber-threat analyst Miburo. The team is to be folded into Microsoft's Customer Security and Trust organization and the work of its analysts is to be fed into the Windows giants' threat detection and analysis capabilities.

Microsoft says that some applications might fail to backup data using Volume Shadow Copy Service after applying the June 2022 Patch Tuesday Windows updates."After you install the June 14, 2022 or a later Windows update, operations related to shadow copies on an Application Server running VSS aware Server Applications that store data on remote SMB 3.0 or later file shares may fail for SMB shares hosted on a File Server," Microsoft explains.

Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities. Criminals and snoops can abuse the remote code execution bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware.

June 2022 Patch Tuesday has been marked by Microsoft with the release of fixes for 55 new CVEs, as well as security updates that fix Follina, the Microsoft Windows Support Diagnostic Tool RCE that is being widely exploited by attackers. "The update for is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action," the company noted.