Security News

Microsoft says some Samsung Galaxy devices will be marked as non-compliant with the organization's security requirements in Microsoft Intune's management interface after automatic restarts or after installing managed updates. Microsoft Intune is a cloud service that allows admins to manage Windows, macOS, iOS/iPadOS, and Android applications and devices in their enterprise environment.

Microsoft has seen a surge in malware campaigns using HTML smuggling to distribute banking malware and remote access trojans. While HTML smuggling is not a new technique, Microsoft is seeing it increasingly used by threat actors to evade detection, including the Nobelium hacking group behind the SolarWinds attacks.

Microsoft has started rolling out Windows 11's new Microsoft Store to Windows 10, allowing users a greater option of apps for users to install. With Windows 11, Microsoft introduced a redesigned Microsoft Store with a modern design and a more open ecosystem.

Microsoft says users might experience authentication issues on Domain Controllers running Windows Server. These authentication issues impact systems running Windows Server 2019 and lower versions with certain Kerberos delegation scenarios.

During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors. Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.

Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system. The most critical of the flaws are CVE-2021-42321 and CVE-2021-42292, each concerning a post-authentication remote code execution flaw in Microsoft Exchange Server and a security bypass vulnerability impacting Microsoft Excel versions 2013-2021 respectively.

Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system. The most critical of the flaws are CVE-2021-42321 and CVE-2021-42292, each concerning a post-authentication remote code execution flaw in Microsoft Exchange Server and a security bypass vulnerability impacting Microsoft Excel versions 2013-2021 respectively.

Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. Still, as always, this Patch Tuesday delivers high-priority fixes, the most urgent of which being the duo that are under attack.

As the US season of giving thanks and turkey carnage approaches, let us reflect upon Microsoft's November Patch Tuesday, which has bestowed 55 CVEs and the promise of continued employment for the IT admins who have to clean up the recurring mess of software. "Historically speaking, 55 patches in November is a relatively low number," mused Zero-Day Initiative's Dustin Childs in a review of the bundle.

Microsoft has reminded users today that all editions of Windows 10, version 2004 and Windows Server, version 2004, will reach end of servicing on December 14, 2021. Customers still using end of service software are advised to upgrade to the latest version of Windows 10 or to Windows 11 as soon as possible to keep their systems secure and bug-free.