Security News

Microsoft fixes bug letting hackers take over Azure containers
2021-09-09 15:08

Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform.An adversary exploiting Azurescape could execute commands in the other users' containers and gain access to all their data deployed to the platform, the researchers say.

Microsoft fixes flaw that could leak data between users of Azure container services
2021-09-09 02:56

Microsoft today revealed it fixed a vulnerability in its Azure Container Instances services that could have been exploited by a malicious user "To access other customers' information." Azure Container Instances is a serverless container environment.

Microsoft warns of attacks targeting Office documents
2021-09-08 15:40

Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents. Microsoft has raised alarm bells over a new cyberattack that's actively targeting Windows users by exploiting a security flaw through malicious Office documents.

Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows
2021-09-08 12:24

Both Microsoft and federal cybersecurity officials are urging organizations to use mitigations to combat a zero-day remote control execution vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents. Microsoft has not revealed much about the MSHTML bug, tracked as CVE-2021-40444, beyond that it is "Aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," according to an advisory released Tuesday.

Miscreants fling booby-trapped Office files at victims, no patch yet, says Microsoft
2021-09-07 22:20

In an advisory issued on Tuesday, Microsoft said some of its users were targeted by poisoned Office documents that exploit an unpatched flaw to hijack their Windows machines. Miscreants are seemingly placing a malicious ActiveX control in an Office document and convincing victims to open or view it, potentially achieving remote code execution.

New 0-Day Attack Targeting Windows Users With Microsoft Office Documents
2021-09-07 21:55

Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," the company said.

Microsoft shares temp fix for ongoing Office 365 zero-day attacks
2021-09-07 19:36

Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10. Microsoft is aware of targeted attacks that try to exploit the vulnerability by sending specially-crafted Microsoft Office documents to potential victims, the company says in an advisory today.

Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack
2021-09-06 03:12

Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "High confidence" to a threat actor operating out of China. "The Serv-U SSH server is subject to a pre-auth remote code execution vulnerability that can be easily and reliably exploited in the default configuration," Microsoft Offensive Research and Security Engineering team said in a detailed write-up describing the exploit.

Microsoft breaks Windows 11 Start Menu, Taskbar with Teams promo
2021-09-03 18:20

Microsoft accidentally broke the Start menu and taskbar on systems of Windows Insiders after pushing a Teams promo to the desktops of users running Windows 11 preview builds. While the company didn't explain the reason behind Dev and Beta Channel Insiders experiencing Start menu and taskbar unresponsive and having issues accessing other OS areas, including Settings, developer Daniel Aleksandersen discovered that a buggy promo deployment caused the problem.

Microsoft releases Windows 11 feature update for enterprise testing
2021-09-03 13:03

Microsoft has released Windows 11 and Windows 10, version 21H2 feature updates for enterprise testing before their general release later this year. "Organizations enrolled in the Windows Insider Program for Business can access these builds through all standard channels, including Windows Update, Windows Server Update Services, Azure Marketplace, and the Windows Insider Program ISO download page," Microsoft said.