Security News

Microsoft wants to take the decision of which multi-factor authentication method to use out of the users' hands and into its own. The software maker this week is rolling out what it calls system-preferred authentication for MFA, which will present individuals signing in with the most secure method and then alternatives if that method is unavailable.

Microsoft has pulled a recent Microsoft Defender update that was supposed to fix a known issue triggering persistent restart alerts and Windows Security warnings that Local Security Authority Protection is off. Microsoft acknowledged the issue on March 21, after widespread user reports regarding Windows 11 systems warning that LSA protection was off.

Cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times. According to Check Point, whose analysts discovered the malicious extensions and reported them to Microsoft, the malware enabled the threat actors to steal credentials, system information, and establish a remote shell on the victim's machine.

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections.

Microsoft is investigating major speed issues affecting L2TP/IPsec VPN connections after installing recent Windows 11 updates. Based on reports seen by BleepinComputer since the updates have been available, both updates are triggering the L2TP/IPsec VPN speed issues after deployment.

Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkitFor May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug and a Secure Boot bypass flaw exploited by attackers in the wild. MSI's firmware, Intel Boot Guard private keys leakedThe cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company's private code signing keys on their dark web site.

If a miscreant carefully crafted a mail with that sound path set to a remote SMB server, when Outlook fetched and processed the message, and automatically followed the path to the file server, it would hand over the user's Net-NTLMv2 hash in an attempt to log in. The patch from a couple of months ago made Outlook use the Windows function MapUrlToZone to inspect where a notification sound path was really pointing, and if it was out to the internet, it would be ignored and the default sound would play.

Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service tool called Greatness, created to phish Microsoft 365 users. The Greatness PaaS. Greatness is a PaaS tool/service specifically designed to compromise Microsoft 365 credentials.

Microsoft fixed a security vulnerability this week that could be used by remote attackers to bypass recent patches for a critical Outlook zero-day security flaw abused in the wild. "All Windows versions are affected by the vulnerability. As a result, all Outlook client versions on Windows are exploitable," Barnea explained.

Although you'll get the patch if you perform a full Patch Tuesday download and let the update complete. The full patch involves updating Microsoft's bootup code in your hard disk's startup partition, and then telling your motherboard not to trust the old, insecure bootup code any more.