Security News

Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks."

"The Microsoft Pluton is a security processor, pioneered in Xbox and Azure Sphere, designed to store sensitive data, like encryption keys, securely within the Pluton hardware, which is integrated into the die of a device's CPU and is therefore more difficult for attackers to access, even if they have physical possession of a device," explained David Weston, Director of Enterprise and OS Security at Microsoft. In November 2020, Microsoft announced it would integrate its Pluton security processor into Intel, AMD, and Qualcomm CPUs as an on-die chip to reduce the available attack surface on Windows PCs. First introduced with the XBOX One and Azure Sphere, Pluton emulates a Trusted Platform Module to protect the boot process, encryption keys, and credentials directly on the CPU with the end goal of blocking threat actors from gaining access to such sensitive data.

New Skype users report frustration after being presented with a captcha that requires them to solve a complex puzzle ten times before signing up for the service. Tests by BleepingComputer confirmed the problematic captcha required when signing up for a Microsoft account via Skype-even after verifying your email address.

New Skype users report frustration after being presented with a captcha that requires them to solve a complex puzzle ten times before signing up for the service. Tests by BleepingComputer confirmed the problematic captcha required when signing up for a Microsoft account via Skype-even after verifying your email address.

Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. The Windows maker said the issue impacted on-premises versions of Exchange Server 2016 and Exchange Server 2019 but didn't specify how widespread the impact was.

Microsoft has released an emergency fix for a year 2022 bug that is breaking email delivery on on-premise Microsoft Exchange servers. These errors are caused by Microsoft Exchange checking the version of the FIP-FS antivirus scanning engine and attempting to store the date in a signed int32 variable.

Microsoft Exchange on-premise servers cannot deliver email starting on January 1st, 2022, due to a "Year 2022" bug in the FIP-FS anti-malware scanning engine. Starting with Exchange Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to protect users from malicious email.

Microsoft Defender for Endpoint is currently showing "Sensor tampering" alerts linked to the company's newly deployed Microsoft 365 Defender scanner for Log4j processes. The alerts are reportedly mainly shown on Windows Server 2016 systems and warn of "Possible sensor tampering in memory was detected by Microsoft Defender for Endpoint" created by an OpenHandleCollector.

A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. "The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always mitigate the actions of a motivated and sufficiently skilled attacker," SophosLabs researchers Andrew Brandt and Stephen Ormandy said in a new report published Tuesday.

Microsoft has confirmed a new issue impacting devices running Windows 11, version 21H2, where apps using Win32 APIs to render colors on some high dynamic range displays may not work as expected. HDR displays come with a notably increased range of color because they support a wider color gamut, resulting in more vivid colors than standard dynamic range ones, a well as more precise colors due to added support for more color shades.