Security News

Microsoft has resolved a known issue causing significant delays for Microsoft 365 customers when saving attachments in Outlook Desktop. The bug is known to impact Outlook users trying to save an attachment to a network share, according to a support document published by Redmond when the bug was first acknowledged in July.

A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a "Shift in the persistent actor's tactics."

Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. After picking their targets following initial contact on LinkedIn, the BlueNoroff hackers backdoor their systems by deploying malware hidden in malicious documents pushed via private messages on various social networks.

SysAid has patched a zero-day vulnerability that could allow attackers to exfiltrate data and launch ransomware. The vulnerability was exploited by the threat group Lace Tempest, which distributes the Clop malware, Microsoft Threat Intelligence said on Nov. 8 on X. The Microsoft security experts wrote, in part, "Lace Tempest will likely use their access to exfiltrate data and deploy Clop ransomware."

Microsoft provides three more years of Windows Server 2012 Extended Security Updates (ESUs) until October 2026, allowing administrators more time to upgrade or migrate to Azure. [...]

Microsoft publicly acknowledged a known issue causing Windows Server 2022 virtual machine blue screens and boot failures on VMware ESXi hosts. "Affected VMs will receive an error with a blue screen and Stop code : PNP DETECTED FATAL ERROR," Microsoft said in an update to the Windows release health dashboard.

Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware. [...]

Windows 11 will no longer add SMB1 Windows Defender Firewall rules when creating new SMB shares starting with today's Canary Channel Insider Preview Build 25992 build. Before this change and since Windows XP SP2, creating SMB shares set up firewall rules automatically within the "File and Printer Sharing" group for the specified firewall profiles.

For its part, Microsoft announced a five-step election protection strategy it'll roll out in the coming months "In the United States and other countries where critical elections will take place in 2024," Microsoft president Brad Smith and VP technology for fundamental rights Teresa Hutson said in a blog post. Microsoft's first initiative is the Content Credentials service, where Redmond will roll out digital watermarking metadata for images and videos as designed by the Coalition for Content Provenance and Authenticity, of which Microsoft is a member.

Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious push notifications triggered by attackers. In early May, Microsoft added the number matching feature for Microsoft Authenticator push notifications to boost account security and stymie attackers relying on multi-factor authentication fatigue.