Security News

Microsoft this week published a reminder for organizations that a February 9 security update will kick off the second phase of patching for the Zerologon vulnerability. Tracked as CVE-2020-1472 and addressed on August 2020 Patch Tuesday, the critical vulnerability was identified in the Microsoft Windows Netlogon Remote Protocol and can be abused to compromise Active Directory domain controllers and gain admin access.

Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month. "DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device."

Contentsquare is now partnering with Microsoft Azure's cloud computing platform to accelerate its growth, drive peak performance and underpin successful innovation. Leveraging the Microsoft Azure cloud to accelerate growth.

Microsoft has resolved a known issue that caused the Windows 10 "Reset this PC" feature to fail in some cases, on both client and server platforms. The 'Reset this PC' feature allows Windows 10 customers to reinstall the operating system using either a local recovery image or the latest Windows 10 version available on Microsoft's servers.

Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled. "An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software," Microsoft explains.

Skype users are currently experiencing issues around the world, with users reporting that they are getting signed out of their Skype account automatically. When attempting to access Skype website, users are given "We're unable to complete your request" errors or other messages stating that the company is aware of the problem and are working on restoring access.

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Microsoft recently stopped providing a great deal of detail in their vulnerability advisories, so it's not entirely clear how this is being exploited.

Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 Exchange. The company didn't elaborate on what type of certificate was compromised, but Mimecast offers seven different digital certificates based on the geographical location that must be uploaded to M365 to create a server Connection in Mimecast.

Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. The most serious bug is a flaw in Microsoft's Defender anti-malware software that allows remote attackers to infect targeted systems with executable code.

Microsoft has plugged 83 CVEs, including a Microsoft Defender zero-day. One of the latter - a zero-day RCE affecting Microsoft Defender antivirus - is being exploited in the wild, but Microsoft didn't reveal more about these attacks.