Security News

Thankfully, there are complimentary Microsoft 365 security training modules. Improve your cloud security posture with Microsoft Defender for Cloud.

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or...

Patch Tuesday Microsoft on Tuesday issued more than 100 security updates to fix flaws in its products, including two bugs that are already under active attack, as well as addressing an HTTP/2 weakness that has also been exploited in the wild. CVE-2023-36563 is an information disclosure bug in Microsoft WordPad that can be exploited to steal NTLM hashes.

Microsoft warned customers this week of incorrect BitLocker drive encryption errors being shown in some managed Windows environments. The issue also only impacts environments where drive encryption is enforced for OS and fixed drives.

The Exchange Team asked admins to deploy a new and "Better" patch for a critical Microsoft Exchange Server vulnerability initially addressed in August. Tracked as CVE-2023-21709 and patched during August 2023 Patch Tuesday, the security flaw enables unauthenticated attackers to escalate privileges on unpatched Exchange servers in low-complexity attacks that don't require user interaction.

On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities. CVE-2023-36563, discovered by Microsoft Threat Intelligence, is a WordPad vulnerability that could allow attackers to grab NTLM hashes.

Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities. While forty-five remote code execution bugs were fixed, Microsoft only rated twelve vulnerabilities as 'Critical,' all of which are RCE flaws.

Microsoft is planning to phase out VBScript in future Windows releases after 30 years of use, making it an on-demand feature until it is removed. With the July 2019 Patch Tuesday cumulative updates, Microsoft also disabled VBScript by default in Internet Explorer 11 on Windows 10.

In the wake of Google's announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods. "These Domain Name Service email authentication records verify that you are the legitimate sender of your email and prevent spoofing and phishing attacks," Microsoft noted.

Microsoft 365 email senders were warned by Microsoft this week to authenticate outbound messages, a move prompted by Google's recent announcement of stricter anti-spam rules for bulk senders. "By setting up email authentication for your domain, you can ensure that your messages are less likely to be rejected or marked as spam by email providers like Gmail, Yahoo, AOL, Outlook.com," the Microsoft Defender for Office 365 team said.