Security News

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. ZDI-23-1578 - A remote code execution flaw in the 'ChainedSerializationBinder' class, where user data isn't adequately validated, allowing attackers to deserialize untrusted data.

Nearly 22 years after Bill Gates announced a concerted Microsoft-wide push to deliver Trustworthy Computing, the company is launching the Secure Future Initiative, to boost the overall security of Microsoft's products and its customers and users. "In recent months, we've concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response," says Brad Smith, Vice Chair and President of Microsoft.

Microsoft announced today the 'Secure Future Initiative,' pledging to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats. "In recent months, we've concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response," said Microsoft President Brad Smith.

Microsoft says a new known issue is causing desktop icons to behave erratically on systems with multiple displays when using the Windows Copilot AI-powered digital assistant. "Windows devices using more than one monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows," Microsoft explains.

Microsoft released Windows 11 23H2, the Windows 11 2023 Update, today, and you can now download an ISO image for the new version to put aside for emergencies or clean installs. Windows 11 23H2 was expected to be a feature-rich update, but all of the expected features were already released as part of a recent Windows 11 22H2 'Moment 4' update.

Windows 11 23H2 started rolling out in September to Insiders enrolled in the Release Preview Channel for enterprise testing, and it has the same servicing branch and code base as Windows 11 22H2. "As Windows 11, version 23H2 shares the same code base and servicing branch as Windows 11, version 22H2, we will deliver this feature update using servicing technology, providing a fast installation experience," said John Cable, Microsoft VP for Windows Servicing and Delivery.Windows 11 23H2 was expected to ship with numerous new features, but Microsoft decided to instead release them as part of the Windows 11 22H2 'Moment 4' update.

Over its journey from Windows 9x to Windows 11, Microsoft has implemented multiple security overhauls, each addressing the challenges of its time and setting the stage for future developments. In this Help Net Security interview, we feature security researcher Alex Ionescu, the co-author of Windows Internals, one of the founding employees of CrowdStrike, now running his consulting company, Winsider Seminars & Solutions, where he continues to do security research focusing on platform security.

Microsoft exposes Octo Tempest, an English-speaking threat actor that runs extortion, encryption and destruction campaigns at a wide variety of industries. A new report from Microsoft Incident Response and Microsoft Threat Intelligence teams exposed the activities and constant evolution of a financially oriented threat actor named Octo Tempest, who deploys advanced social engineering techniques to target companies, steal data and run ransomware campaigns.

Microsoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong ' sign-in errors and making desktop applications unusable for many customers. The login issues affect those using Excel, Word, Outlook, and PowerPoint for Microsoft 365, Microsoft 365 Apps for business, and Office apps for iOS and Android.

The "Unique" native English-speaking group is tracked by Microsoft as Octo Tempest and in the space of a year has demonstrated a consistent and rapid evolution to become one of the most well-equipped cybercrime groups in existence. After initially exploring ransomware as part of its toolset, Octo Tempest originally conducted attacks without dropping an encryption payload, sticking with the data extortion tactics it had adopted starting in late 2022.