Security News

Microsoft announced the launch of Microsoft Office Long Term Servicing Channel and Office 2021 later this year for clients who don't want to get an Office 365 cloud subscription service. These are the company's next perpetual and one-time purchase Office releases, respectively, both of them to get a five-year support lifecycle after Microsoft reduced Office LTSC and Windows 10 LTSC lifecycles from 10 to 5 years.

Microsoft is shortening the support lifecycle of Windows 10 Enterprise Long Term Servicing Channel releases from 10 years down to only five years. Microsoft advises users who want to keep their devices on the same Windows version for years to switch to Windows 10 IoT Enterprise LTSC releases, which will remain on the current 10-year support lifecycle.

Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company's internal systems or products to attack other victims. "We have now completed our internal investigation into the activity of the actor which confirms that we found no evidence of access to production services or customer data," the company said in a blog post on its Microsoft Security Response Center published Thursday.

Microsoft has completed its internal investigation about the Solorigate security incident, and has discovered that the attackers were very interested in the code of various Microsoft solutions. The attackers viewed some files here and there, but they also managed to download source code from a "Small number of repositories," and this includes the code for some important Microsoft Azure components.

Microsoft said on Thursday that it has completed its internal investigation into the activities conducted by the hackers that breached Texas-based IT management firm SolarWinds. The tech giant previously admitted that the hackers had managed to access some internal source code, but said they did not compromise or modify its software.

Microsoft has admitted that as a result of installing backdoored SolarWinds tools in some parts of its corporate network, portions of its source code was obtained and exfiltrated by parties unknown. "There was no case where all repositories related to any single product or service was accessed," the update advises, adding: "There was no access to the vast majority of source code. For nearly all of code repositories accessed, only a few individual files were viewed as a result of a repository search."

Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure builds upon an earlier update on December 31, 2020, that uncovered a compromise of its own network to view source code related to its products and services.

New details have emerged about an unpatched security vulnerability in Microsoft's Internet Explorer that was recently used in a complex campaign against security researchers. In early February, cybersecurity researchers at South Korean consultancy ENKI identified a zero-day exploit that it said was used in the researcher attack.

Microsoft announced today that the SolarWinds hackers gained access to source code for a limited number of Azure, Intune, and Exchange components. After internal investigations of their use of the SolarWinds platform, Microsoft announced in December that they were affected by the attack and that hackers could gain access to a limited amount of source code repositories.

Microsoft announced today that the SolarWinds hackers gained access to source code for a limited number of Azure, Intune, and Exchange components. After internal investigations of their use of the SolarWinds platform, Microsoft announced in December that they were affected by the attack and that hackers could gain access to a limited amount of source code repositories.