Security News

Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday update - only three of which are rated critical in severity. Three of the bugs are listed as publicly known zero-days, but none of them are listed as having been exploited in the wild.

Microsoft marks March 2022 Patch Tuesday with patches for 71 CVE-numbered vulnerabilities, including three previously unknown "Critical" ones and three "Important" ones that were already public. "If an attacker can lure an affected RDP client to connect to their RDP server, the attacker could trigger code execution on the targeted client," says Dustin Childs, with Trend Micro's Zero Day Initiative.

Today is Microsoft's March 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 71 flaws. Microsoft has fixed 71 vulnerabilities with today's update, with three classified as Critical as they allow remote code execution.

Details have been disclosed about a now-addressed critical vulnerability in Microsoft's Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control. The Azure Automation service allows for process automation, configuration management, and handling operating system updates within a defined maintenance window across Azure and non-Azure environments.

Microsoft has addressed a vulnerability in the Azure Automation service that could have allowed attackers to take complete control over other Azure customers' data.Microsoft Azure Automation Service provides process automation, configuration management, and update management features, with each scheduled job running inside isolated sandboxes for each Azure customer.

Microsoft announced it will stop all new sales of services and products in Russia in response to Russia's "Unjustified, unprovoked and unlawful invasion" of Ukraine. "We are announcing today that we will suspend all new sales of Microsoft products and services in Russia," Microsoft President and Vice-Chair Brad Smith said.

Microsoft reminded enterprise customers this week that App Assure engineers are ready to help resolve any app compatibility issues encountered after upgrading to Windows 11. The Chief Product Officer for Windows and Devices, Panos Panay, added that customers are switching to the latest Windows version at twice the rate of Windows 10 adoption, and Windows 11 has "The highest quality scores and product satisfaction" of any version ever shipped.

Microsoft's attempt to put its homegrown Pluton security processor architecture into third-party Windows 11 PCs is right now more work-in-progress than the slam dunk its publicity would have you believe. Pluton is the software giant's move to define a level of security that should be baked into microprocessors that run its Windows OS. Pluton implementations are supposed to securely store and safeguard encryption keys, credentials, and other sensitive information, such as biometric data, within the processor package, making it difficult for miscreants to extract this info.

Microsoft says its new endpoint security solution for small and medium-sized businesses known as Microsoft Defender for Business has hit general availability. It has started rolling out to new and existing Microsoft 365 Business Premium customers worldwide starting today, March 1st. Microsoft Defender for Business helps companies with up to 300 employees defend against cybersecurity threats, including malware, phishing, and ransomware in environments with Windows, macOS, iOS, and Android devices.

Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant's Threat Intelligence Center, noting that it added new signatures to its Defender anti-malware service to detect the exploit within three hours of the discovery.