Security News

Microsoft has successfully disrupted attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking down seven domains used as attack infrastructure. Strontium, linked to Russia's military intelligence service GRU, used these domains to target multiple Ukrainian institutions, including media organizations.

While there are some malicious drivers that are deliberately crafted to compromise PCs, the most problems come from a small number of legitimate drivers with accidental flaws in, said David Weston, VP of Enterprise and OS Security at Microsoft. "Think about some of the driver cases recently where a certificate leaked from a giant vendor. If we revoke that, everyone's devices may stop working. We need more of a precision mechanism to do blocking while we work towards the longer approach of revocation. The Vulnerable Driver Block List allows the user to do that with a very precise list that Microsoft has validated. We look at things like how many devices would stop working? Have we worked with a vendor to have a fix? We think the list is a good balance for folks who want security, but also want the confidence that Microsoft has done the telemetry and analysis."

NET Framework versions signed using the insecure Secure Hash Algorithm 1 will reach their end of life this month. NET. "On April 26, 2022, the.NET Framework 4.5.2, 4.6, and 4.6.1 will reach end of support, and after this date, Microsoft will no longer provide updates including security fixes and technical support for these versions," Microsoft said in a Windows message center update.

Bug hunters that discover and report high-impact security vulnerabilities in on-premises Exchange, SharePoint and Skype for Business may earn as much as $26,000 per eligible submission, Microsoft has announced. The highest awards will go to those who discover vulnerabilities that have the highest potential impact to customer security.

Microsoft said that it's currently tracking a "Low volume of exploit attempts" targeting the critical Spring4Shell remote code execution vulnerability across its cloud services. The Spring4Shell vulnerability impacts the Spring Framework, described as the "Most widely used lightweight open-source framework for Java.".

Microsoft has announced that Exchange, SharePoint, and Skype for Business on-premises are now part of the Applications and On-Premises Servers Bounty Program starting today. With the expansion of this bug bounty program, security researchers who find and report vulnerabilities affecting on-premises servers are eligible for awards ranging from $500 up to $26,000.

"In a future release of Windows 11 you're going to see significant security updates that add even more protection from the chip to the cloud by combining modern hardware and software," said David Weston, VP for Enterprise & OS Security. One of the new security features Microsoft is adding in Windows 11 is enhanced phishing protection against targeted phishing attacks with the help of Microsoft Defender SmartScreen, a cloud-based anti-phishing and anti-malware service.

Microsoft has unveiled new Windows 11 features at today's 'Windows Powers the Future of Hybrid Work' event, including a redesigned File Explorer, new accessibility features, Focus for Windows 11, and more. To help Windows users increase productivity, Microsoft has revealed new features and enhancements to Windows 11, including a revamped File Explorer, App Folder in the Start Menu, new Focus features, and the new Live Captions accessibility features.

It allows businesses to stream Windows 10 or Windows 11 Cloud PCs to end-users under Windows 365 Business or Windows 365 Enterprise subscriptions. Users will be able to quickly switch between their own desktop and the Cloud PC using the Windows Task Switcher once the cloud-based service gets upgraded with a new feature dubbed Windows 365 Switch.

Microsoft has resolved a newly acknowledged issue causing Windows apps that use WebView2 to render Internet content incorrectly outside their windows after installing the March optional preview cumulative updates. The WebView2 control allows developers to embed and render web content in native apps using the Microsoft Edge web browser, including JavaScript, HTML, and CSS. According to a new entry added to the Window Health dashboard, "Some apps might render content incorrectly or outside of the app's window" on systems where the March non-security preview releases have been installed.