Security News

For its part, Microsoft announced a five-step election protection strategy it'll roll out in the coming months "In the United States and other countries where critical elections will take place in 2024," Microsoft president Brad Smith and VP technology for fundamental rights Teresa Hutson said in a blog post. Microsoft's first initiative is the Content Credentials service, where Redmond will roll out digital watermarking metadata for images and videos as designed by the Coalition for Content Provenance and Authenticity, of which Microsoft is a member.

Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious push notifications triggered by attackers. In early May, Microsoft added the number matching feature for Microsoft Authenticator push notifications to boost account security and stymie attackers relying on multi-factor authentication fatigue.

Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. Published with the name Ledger Live Web3, the fake application appears to have been present in the Microsoft Store since October 19 but the cryptocurrency theft started being reported just a couple of days ago.

It mandates privileged admin accounts to complete MFA when accessing Microsoft admin portals such as Azure, Microsoft 365 admin center, and Exchange admin center. Admins can choose to opt out of the policy despite the warning, but Microsoft said in the future it will place an increasing number of MFA requirements on specific interactions regardless.

In a Monday advisory, Microsoft warned Outlook.com users about issues they might encounter when sending emails containing attachments. Outlook.com users impacted by this known issue are seeing "Error code 550 5.7.520 Message blocked" errors when trying to send emails.

Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage. Microsoft Authenticator is an app that provides multi-factor authentication, password auto-fill, and password-less sign-in to Microsoft accounts.

As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID to increase the use of multifactor authentication for enterprise accounts. Microsoft Entra Conditional Access policies are built with the current threat landscape in mind and with the objective to "Automatically protect tenants based on risk signals, licensing, and usage."

Microsoft will roll out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365,...

Microsoft has made fresh commitments to harden the security of its software and cloud services after a year in which numerous members of the global infosec community criticized the company's tech defenses. The long and short of it is that Microsoft is pushing the big AI button a few more times, more deeply embedding the tech throughout its security operations and products.

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. ZDI-23-1578 - A remote code execution flaw in the 'ChainedSerializationBinder' class, where user data isn't adequately validated, allowing attackers to deserialize untrusted data.