Security News

An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in plain text that are being transferred over the wire," Guardicore's Amit Serper said in a technical report.

Microsoft has moved Windows 11 to the Windows Insider 'Release' channel in anticipation of its upcoming launch on October 5th. Until today, the Windows Insider Release channel has been offering users Windows 10 21H2, which is expected to be released next month. Starting today, Microsoft is now offering Windows 11 as an optional download within Windows Update for users with compatible hardware, as shown below.

Microsoft has opened the lid on a large-scale phishing-as-a-service operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. "With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today," Microsoft 365 Defender Threat Intelligence Team said in a Tuesday report.

Surface Duo 2 is based on the original Surface Duo, but this new model pushes the boundaries of what a mobile device could be. With Surface Duo 2, Microsoft is introducing a new camera and gaming experience, and editing controls for creators.

A flaw in Microsoft's Autodiscover protocol, used to configure Exchange clients like Outlook, can cause user credentials to leak to miscreants in certain circumstances. If the client doesn't receive any response from these URLs - which would happen if Exchange was improperly configured or was somehow prevented from accessing the designated resources - the Autodiscover protocol tries a "Back-off" algorithm that uses Autodiscover with a TLD as a hostname.

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide.In a new report by Amit Serper, Guardicore's AVP of Security Research, the researcher reveals how the incorrect implementation of the Autodiscover protocol, rather than a bug in Microsoft Exchange, is causing Windows credentials to be sent to third-party untrusted websites.

Microsoft has released an updated PC Health Check tool that provides detailed information about whether a device's hardware is compatible with Windows 11. "Based on the feedback so far, we acknowledge that it was not fully prepared to share the level of detail or accuracy you expected from us on why a Windows 10 PC doesn't meet upgrade requirements," explained Microsoft in a blog post.

A recent AtlasVPN report highlights the companies that have amassed the most security vulnerabilities through the first half of 2021. In the first six months of 2021, Google and Microsoft have "Accumulated the most vulnerabilities," according to Atlas VPN findings based on a recent Telefonica Tech report.

One bad configuration setting in a popular cloud platform can have far-reaching consequences, allowing threat actors to access an abundance of valuable, personal information and use it to their advantage. Whilst organizations have rushed to adopt cloud platforms, expertise in these platforms has lagged, often resulting in misconfiguration, and leading to many of the cases of data exposure that have been seen.

Microsoft is investigating several issues impacting Outlook customers and leading to problems related to security keys, search results, and more. "Adding a Gmail account to Outlook while using a security key for 2-step verification causes this error: This browser does not support security keys," Microsoft revealed on its list of recent issues in Outlook for PC. Redmond is also looking for a fix to address reports of search results for Outlook Suggested Searches being inaccurate, incomplete, or missing.