Security News
Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. "An authenticated attacker can bypass Server-Side Request Forgery protection in Microsoft Copilot Studio to leak sensitive information over a network," Microsoft said in an advisory released on August 6, 2024.
Microsoft has launched a new unified Teams application that allows Windows and Mac users to switch between personal, work, and education accounts without installing multiple apps. [...]
Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Microsoft apps for macOS. The flaws - CVE-2024-41138, CVE-2024-41145, CVE-2024-41159, CVE-2024-42004, CVE-2024-41165, CVE-2024-43106, CVE-2024-39804 and CVE-2024-42220 - have been found in Microsoft Teams, OneNote, Outlook, Word, Excel and Powerpoint for macOS. They allow attackers to inject specially crafted libraries so they can assume the vulnerable apps' entitlements and the permissions they've been granted by users.
Cisco Talos says eight vulnerabilities in Microsoft's macOS apps could be abused by nefarious types to record video and sound from a user's device, access sensitive data, log user input, and escalate privileges. For users familiar with macOS, it's what's responsible for requesting your permission to run new apps, and displays prompts when those apps want to access sensitive stores such as contacts, photos, webcams, etc.
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked...
Microsoft has shared a workaround for a known issue affecting Microsoft 365 customers and causing classic Outlook to crash after opening or when starting up in Safe mode. [...]
Microsoft warned Entra global admins on Thursday to enable multi-factor authentication (MFA) for their tenants until October 15 to ensure users don't lose access to admin portals. [...]
Microsoft is improving Copilot integration in the Edge browser with AI-powered smart keywords. This will allow the AI to generate important keywords from the PDF and then help you analyze each topic. [...]
Microsoft removed today an arbitrary 32GB size limit for FAT32 partitions in the latest Windows 11 Canary build, now allowing for a maximum size of 2TB. [...]
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. [...]