Security News

One flaw exists in Microsoft's Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. The other is in the Microsoft Windows Codecs Library; the codecs module provides stream and file interfaces for transcoding data in Windows programs. According to Microsoft, one "Important" severity flaw stems from the way that Microsoft Windows Codecs Library handles objects in memory.

Microsoft has released two out-of-band security updates designed to address remote code execution bugs found to affect the Microsoft Windows Codecs Library and Visual Studio Code. Microsoft patched two similar RCE bugs in June, leading to user confusion because of the ways the security updates were being delivered - via the Microsoft Store instead of the normal Windows Update channel.

Microsoft announced today that Azure Defender for IoT, its agentless security solution for networked IoT and Operational Technology devices, has entered public preview. Azure Defender for IoT is an IoT/OT device threat protection solution that integrates with Microsoft's Azure Sentinel and third-party solutions to provide continuous threat monitoring and vulnerability management.

Over the years, Microsoft has extended DLP to more of Office, covering Exchange, SharePoint, Teams, OneDrive for Business and Office apps like Word, PowerPoint, Excel and Outlook, as well as third-party applications that incorporate the MIP SDK. Now it's integrated into Windows 10 and the new Edge browser, without needing an additional agent. You use the new Microsoft 365 compliance center to start managing devices - although you can onboard devices using Group Policy, Microsoft Endpoint Configuration Manager, MDM or a local script.

Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution flaws in Windows TCP/IP stack and Microsoft Outlook. Another critical RCE vulnerability in Windows Hyper-V exists due to improper validation of input from an authenticated user on a guest operating system.

Microsoft says that customers can now disable JScript execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates. "Blocking Jscript helps protect against malicious actors targeting the JScript scripting engine while maintaining user productivity as core services continue to function as usual," Microsoft explains.

Microsoft is continuing its push to move all Windows 10 configuration options into their modern Settings feature. This year, Microsoft has been making a push to migrate all of the Windows 10 settings into the Settings app.

The new configuration file pushed on Sept. 22 told all systems infected with Trickbot that their new malware control server had the address 127.0.0.1, which is a "Localhost" address that is not reachable over the public Internet, according to an analysis by cyber intelligence firm Intel 471. U.S. Cyber Command's campaign against the Trickbot botnet, an army of at least 1 million hijacked computers run by Russian-speaking criminals, is not expected to permanently dismantle the network, said four U.S. officials, who spoke on the condition of anonymity because of the matter's sensitivity.

NET Core is crawling closer to its November launch with. NET Core, Microsoft is calling the upcoming release plain.

Saviynt announced new and expanded integration with Microsoft Azure Active Directory to provide additional advanced governance scenarios for enterprise customers. The new integration with Azure AD brings additional identity governance capabilities for Microsoft 365 and Azure IaaS using the Saviynt Cloud PAM solution.