Security News

You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks
2023-09-05 21:37

Qualys's method for ranking these security holes took into account several factors, we're told, including the number of attackers known to exploit the vulnerability. Finally, more mature exploit code and inclusion in the US government's CISA list of top-exploited vulnerabilities will also boost a bug's rank on Qualys' index.

Microsoft calls time on ancient TLS in Windows, breaking own stuff in the process
2023-09-04 14:15

Microsoft has reminded users that TLS 1.0 and 1.1 will soon be disabled by default in Windows. SQL Server 2008 R2 finally dropped out of Extended Security Updates in July, although Microsoft has published instructions for adding TLS 1.2 support.

Microsoft reminds users Windows will disable insecure TLS soon
2023-09-03 14:20

Microsoft reminded users that insecure Transport Layer Security 1.0 and 1.1 protocols will be disabled soon in future Windows releases. The original TLS 1.0 specification and its TLS 1.1 successor have been used for nearly two decades, with TLS 1.0 initially introduced in 1999 and TLS 1.1 in 2006).

Microsoft is killing WordPad in Windows after 28 years
2023-09-01 21:47

Microsoft announced today that it will deprecate WordPad with a future Windows update as it's no longer under active development, though the company did not specify the precise timing of this change. "We recommend Microsoft Word for rich text documents like.doc and.rtf and Windows Notepad for plain text documents like.txt."

Microsoft reminds of Windows 11 21H2 forced updates before end of service
2023-09-01 18:55

Microsoft has reminded customers that systems running Windows 11 21H2 will be force-updated before the end of servicing next month. Since Windows 11 21H2 devices will no longer receive security updates starting October 10, 2023, they will be updated to Windows 11 22H2 to continue receiving the latest updates, security updates, and improvements.

Microsoft retires Visual Studio for Mac, support ends in a year
2023-09-01 17:57

Microsoft has announced it is retiring Visual Studio for Mac and that support for the latest version, 17.6, will continue for another year, until August 31, 2024. NET Core, and the support for Android and iOS app writing through Xamarin made Visual Studio for Mac a versatile choice for developers.

Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware
2023-09-01 15:41

Threat actors are exploiting poorly secured Microsoft SQL servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. "The ransomware payload of choice appears to be a newer variant of Mimic ransomware called FreeWorld."

Microsoft ain't happy with Russia-led UN cybercrime treaty
2023-08-30 18:23

A controversial United Nations proposal has a new foe, Microsoft, which has joined the growing number of organizations warning delegates that the draft version of the UN cybercrime treaty only succeeds in justifying state surveillance - not stopping criminals, as originally intended. "The risk is that the treaty will not be a tool for prosecuting criminals but rather a weapon that allows for intrusive data access and surveillance instruments," she wrote in a LinkedIn post.

Microsoft adds HSTS support to Exchange Server 2016 and 2019
2023-08-29 16:19

Microsoft announced today that Exchange Server 2016 and 2019 now come with support for HTTP Strict Transport Security. Microsoft provides detailed information on configuring HSTS on Exchange Server 2016 and 2019 via PowerShell or the Internet Information Services Manager on its documentation website.

Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits
2023-08-29 16:07

According to the report, attackers favor Microsoft because of the potential to move laterally through an organization's Microsoft environments. If 4.31% seems like a small figure, Abnormal Security CISO Mike Britton pointed out that it is still four times the impersonation volume of the second most-spoofed brand, PayPal, which was impersonated in 1.05% of the attacks Abnormal tracked.