Security News
Microsoft is having a rough week with troubles including an Outlook.com bug that prevented some email users from searching their messages for several hours on Thursday, and a Teams flaw that allows people to send phishing emails and malware to other Teams users. While the Outlook.com bug borking users' email was certainly an annoying inconvenience, perhaps a bigger problem is the Teams weakness.
Microsoft is investigating an ongoing issue preventing Outlook.com users from searching their emails and triggering 401 exception errors. "Our initial review of Outlook.com server logs, in parallel with HTTP Archive format logs captured during an internal reproduction of impact, indicates 401 errors are occurring due to an exception when users attempt to perform the search," Microsoft says on the service health portal.
Microsoft is again pushing a Defender Antivirus update that fixes a known issue triggering Windows Security warnings that Local Security Authority Protection is off. Microsoft acknowledged this issue impacts Windows 11 21H2 and 22H2 systems after numerous user reports about "Local Security Authority protection is off. Your device may be vulnerable." warnings, although LSA Protection was already enabled.
A member of U.S. Navy's red team has published a tool called TeamsPhisher that leverages an unresolved security issue in Microsoft Teams to bypass restrictions for incoming files from users outside of a targeted organization, the so-called external tenants. The tool exploits a problem highlighted last month by Max Corbridge and Tom Ellson of UK-based security services company Jumpsec, who explained how an attacker could easily go around Microsoft Teams' file-sending restraints to deliver malware from an external account.
Microsoft has denied the claims of the so-called hacktivists "Anonymous Sudan" that they breached the company's servers and stole credentials for 30 million customer accounts.Yesterday, the hacktivists alleged that they had "Successfully hacked Microsoft" and "Accessed a large database containing more than 30 million Microsoft accounts, emails, and passwords."
Microsoft's Edge browser has recently enhanced its 'Edge Secure Network' feature, which now offers 5GB of data, significantly increasing from the previously offered 1GB. The Edge Secure Network uses Cloudflare's routing to encrypt your internet connection and secure your data against online threats, such as hacking attempts.Importantly, Microsoft ensures the user's Microsoft account identity is not shared with the service provider during a Secure Network connection.
Microsoft offers different Word document security solutions. Microsoft Word offers several ways to secure a document so that other people can't view or edit it.
Microsoft announced today that an early preview of its AI-powered Windows Copilot personal assistant is rolling out to Insiders in the Windows 11 Dev Channel. "Once open, the Windows Copilot side bar stays consistent across your apps, programs and windows, always available to act as your personal assistant", said Panos Panay, Microsoft's head of Windows and Devices, in May. "It makes every user a power user, helping you take action, customize your settings and seamlessly connect across your favorite apps."
Microsoft has addressed a bug causing Windows Search and the Start Menu to become unresponsive and some Windows applications to no longer open. "The Start menu, Windows search, and Universal Windows Platform apps might not work as expected or might have issues opening," Microsoft says on the Windows health dashboard.
Microsoft has released Sysmon 15, converting it into a protected process and adding the new 'FileExecutableDetected' option to log when executable files are created. Users can find the complete list of directives in the Sysmon schema, which can be viewed by running the sysmon -s command at the command line.