Security News

Microsoft on Friday released alternative mitigation measures for organizations who have not been able to immediately apply emergency out-of-band patches released earlier this week that address vulnerabilities being exploited to siphon e-mail data from corporate Microsoft Exchange servers. "These mitigations are not a remediation if your Exchange servers have already been compromised, nor are they full protection against attack," Microsoft warned in a blog post.

Microsoft has announced a new deployment service for drivers and firmware that will make it easier for IT admins to select the right drivers for devices on their enterprise network. Once the new service is available, admins will be able to choose the drivers to be offered via Windows Update in their environment out of a selection of matching options and schedule them for deployment.

At least 30,000 organizations across the United States - including a significant number of small businesses, towns, cities and local governments - have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that's focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

Due to the critical nature of recently issued Microsoft Exchange security updates, admins need to know that the updates may have installation issues on servers where User Account Control is enabled. Microsoft has added these warnings to all Exchange security updates released throughout the last few years.

CoreView announced a new add-on tool to get even deeper insight into Microsoft Teams. "The Teams Advanced add-on for CoreSuite collects and organizes all available Teams data and presents usage and quality insights. CoreView enables IT professionals to understand and optimize their organization's productivity through this massive change."

IOTech announced the launch and availability of Edge XRT, its time-critical edge platform for Microsoft Azure Sphere. Designed and optimized for resource-constrained environments, Edge XRT delivers out-of-the-box device connectivity and edge intelligence for microcontroller units, gateways and smart sensors at the IoT edge.

Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive warning of "Active exploitation" of the vulnerabilities. The alert comes on the heels of Microsoft's disclosure that China-based hackers were exploiting unknown software bugs in Exchange server to steal sensitive data from select targets, marking the second time in four months that the U.S. has scrambled to address a widespread hacking campaign believed to be the work of foreign threat actors.

Researchers have uncovered more custom malware that is being used by the threat group behind the SolarWinds attack. Researchers with Microsoft and FireEye identified three new pieces of malware that the companies said are being used in late-stage activity by the threat actor.

Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads. The company now tracks the "Sophisticated attacker" who used the Sunburst backdoor and Teardrop malware during the SolarWinds supply-chain attack as Nobelium.

Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. EDITED TO ADD (3/12): Exchange Online is not affected.