Security News

Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities. While forty-five remote code execution bugs were fixed, Microsoft only rated twelve vulnerabilities as 'Critical,' all of which are RCE flaws.

Microsoft is planning to phase out VBScript in future Windows releases after 30 years of use, making it an on-demand feature until it is removed. With the July 2019 Patch Tuesday cumulative updates, Microsoft also disabled VBScript by default in Internet Explorer 11 on Windows 10.

In the wake of Google's announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods. "These Domain Name Service email authentication records verify that you are the legitimate sender of your email and prevent spoofing and phishing attacks," Microsoft noted.

Microsoft 365 email senders were warned by Microsoft this week to authenticate outbound messages, a move prompted by Google's recent announcement of stricter anti-spam rules for bulk senders. "By setting up email authentication for your domain, you can ensure that your messages are less likely to be rejected or marked as spam by email providers like Gmail, Yahoo, AOL, Outlook.com," the Microsoft Defender for Office 365 team said.

GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack. Validity...

Microsoft finally removed the Cortana standalone app from Windows 11 in the latest preview build for Insiders in the Canary Channel. "Support for Cortana in Teams mobile, Microsoft Teams display, and Microsoft Teams Rooms will end in the fall of 2023. Voice assistance in Outlook mobile and Microsoft 365 mobile will also end in the fall of 2023," Microsoft said at the time.

Microsoft OneDrive for Business has been redesigned and has a new upgrade roadmap, which includes the Copilot natural language AI assistant, Microsoft announced on October 3. New layout and features are now visible in Microsoft OneDrive for Business.

A new, redesigned, and faster Microsoft Teams application is generally available for all Windows and macOS users starting today. As revealed when the new Teams was made available as a preview release in March, the new client will launch three times faster, enabling users to switch between chats and channels up to 1.7 times faster than the Classic Teams app.

Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices. The threat BYOD presents is compounded by the steep rise in overall ransomware incidents this year; Microsoft says human-operated ransomware attacks are up by more than 200 percent since September 2022.

Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment.