Security News

Dell won't include Microsoft's Pluton technology in most of its commercial PCs, telling The Register: "Pluton does not align with Dell's approach to hardware security and our most secure commercial PC requirements." Microsoft launched to much fanfare its Pluton security layer for PCs in 2020 after developing it with Intel, AMD, and Qualcomm.

Microsoft has addressed 71 security flaws, including three critical remote code execution vulnerabilities, in its monthly Patch Tuesday update. Yes, an attacker needs to be authenticated, though Sophos Lab threat researcher Christopher Budd noted: "Given what we've seen recently around attacks against Exchange vulnerabilities, the critical severity rating and the nature of the vulnerability makes this an issue that should be patched as soon as possible."

Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday update - only three of which are rated critical in severity. Three of the bugs are listed as publicly known zero-days, but none of them are listed as having been exploited in the wild.

Microsoft marks March 2022 Patch Tuesday with patches for 71 CVE-numbered vulnerabilities, including three previously unknown "Critical" ones and three "Important" ones that were already public. "If an attacker can lure an affected RDP client to connect to their RDP server, the attacker could trigger code execution on the targeted client," says Dustin Childs, with Trend Micro's Zero Day Initiative.

Today is Microsoft's March 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 71 flaws. Microsoft has fixed 71 vulnerabilities with today's update, with three classified as Critical as they allow remote code execution.

Details have been disclosed about a now-addressed critical vulnerability in Microsoft's Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control. The Azure Automation service allows for process automation, configuration management, and handling operating system updates within a defined maintenance window across Azure and non-Azure environments.

Microsoft has addressed a vulnerability in the Azure Automation service that could have allowed attackers to take complete control over other Azure customers' data.Microsoft Azure Automation Service provides process automation, configuration management, and update management features, with each scheduled job running inside isolated sandboxes for each Azure customer.

Microsoft announced it will stop all new sales of services and products in Russia in response to Russia's "Unjustified, unprovoked and unlawful invasion" of Ukraine. "We are announcing today that we will suspend all new sales of Microsoft products and services in Russia," Microsoft President and Vice-Chair Brad Smith said.

Microsoft reminded enterprise customers this week that App Assure engineers are ready to help resolve any app compatibility issues encountered after upgrading to Windows 11. The Chief Product Officer for Windows and Devices, Panos Panay, added that customers are switching to the latest Windows version at twice the rate of Windows 10 adoption, and Windows 11 has "The highest quality scores and product satisfaction" of any version ever shipped.

Microsoft's attempt to put its homegrown Pluton security processor architecture into third-party Windows 11 PCs is right now more work-in-progress than the slam dunk its publicity would have you believe. Pluton is the software giant's move to define a level of security that should be baked into microprocessors that run its Windows OS. Pluton implementations are supposed to securely store and safeguard encryption keys, credentials, and other sensitive information, such as biometric data, within the processor package, making it difficult for miscreants to extract this info.