Security News

Microsoft: Windows 11 22H2 reaches end of support in 60 days
2024-08-10 15:27

Microsoft has reminded customers that multiple editions of Windows 11 21H2 and 22H2 will reach the end of servicing in 60 days, on October 8, 2024. [...]

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure
2024-08-10 05:35

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200, has been described as a spoofing flaw that affects the following versions of Office -.

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
2024-08-09 18:18

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution and local privilege escalation. CVE-2024-27459 - A stack overflow vulnerability leading to a Denial-of-service and LPE in Windows.

Microsoft discloses unpatched Office flaw that exposes NTLM hashes
2024-08-09 16:14

​Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. [...]

Microsoft discloses Office zero-day, still working on a patch
2024-08-09 16:14

​Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. [...]

Microsoft: Exchange 2016 reaches extended end of support in October
2024-08-08 20:45

​Microsoft reminded today that Exchange 2016 will reach the end of extended support next year on October 14 and shared guidance for admins who need to decommission outdated servers. [...]

Microsoft 365 anti-phishing alert “erased” with one simple trick
2024-08-08 12:47

Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited emails "Disappear". The alert can be made invisible by changing its background and text colors to white, through CSS style tags.

Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware
2024-08-08 01:58

Black Hat State-sponsored cyber spies and criminals are increasingly using legitimate cloud services to attack their victims, according to Symantec's threat hunters who have spotted three such operations over recent months, plus new data theft and other malware tools in development by these goons. This piece of malware used Microsoft's Graph API to communicate with the attacker's command and control server, hosted on Microsoft OneDrive.

Microsoft 365 anti-phishing feature can be bypassed with CSS
2024-08-07 05:00

Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` [...]

Microsoft punches back at Delta Air Lines and its legal threats
2024-08-07 01:50

Microsoft has labelled Delta Air Lines' accusations it's partly to blame for the outages caused by CrowdStrike's buggy software "False" and "Misleading" - and insulted the state of the carrier's IT infrastructure. Delta, which has hired a law firm and threatened to sue Microsoft and CrowdStrike over the July 19 meltdown, previously claimed recovering from the BSOD blitz cost it $500 million.