Security News

Microsoft is killing the Windows Paint 3D app after 8 years
2024-08-12 19:18

Microsoft announced that the Paint 3D graphics app will be discontinued later this year and removed from the Microsoft Store in November. [...]

Microsoft shares Outlook workaround for Gmail sign-in issues
2024-08-12 16:55

​​Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from signing in or adding Gmail accounts using classic Outlook. [...]

Microsoft: Windows 11 22H2 reaches end of support in 60 days
2024-08-10 15:27

Microsoft has reminded customers that multiple editions of Windows 11 21H2 and 22H2 will reach the end of servicing in 60 days, on October 8, 2024. [...]

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure
2024-08-10 05:35

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200, has been described as a spoofing flaw that affects the following versions of Office -.

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
2024-08-09 18:18

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution and local privilege escalation. CVE-2024-27459 - A stack overflow vulnerability leading to a Denial-of-service and LPE in Windows.

Microsoft discloses unpatched Office flaw that exposes NTLM hashes
2024-08-09 16:14

​Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. [...]

Microsoft discloses Office zero-day, still working on a patch
2024-08-09 16:14

​Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. [...]

Microsoft: Exchange 2016 reaches extended end of support in October
2024-08-08 20:45

​Microsoft reminded today that Exchange 2016 will reach the end of extended support next year on October 14 and shared guidance for admins who need to decommission outdated servers. [...]

Microsoft 365 anti-phishing alert “erased” with one simple trick
2024-08-08 12:47

Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited emails "Disappear". The alert can be made invisible by changing its background and text colors to white, through CSS style tags.

Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware
2024-08-08 01:58

Black Hat State-sponsored cyber spies and criminals are increasingly using legitimate cloud services to attack their victims, according to Symantec's threat hunters who have spotted three such operations over recent months, plus new data theft and other malware tools in development by these goons. This piece of malware used Microsoft's Graph API to communicate with the attacker's command and control server, hosted on Microsoft OneDrive.