Security News

Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. The two vulnerabilities that have come under active attack include a Microsoft Outlook privilege escalation flaw and a Windows SmartScreen security feature bypass.

"The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client," Microsoft explained. While Microsoft doesn't provide any details about what kind of nefarious deeds attackers are doing after exploiting the bug - or how widespread attacks are - Zero Day Initiative's Dustin Childs advises: "Definitely test and deploy this fix quickly."

Microsoft has patched an Outlook zero-day vulnerability exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. Microsoft shared this info in a private threat analytics report seen by BleepingComputer and available to customers with Microsoft 365 Defender, Microsoft Defender for Business, or Microsoft Defender for Endpoint Plan 2 subscriptions.

It's March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild by different threat actors. "CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share on a threat actor-controlled server. No user interaction is required," Microsoft explained.

Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google's Threat Analysis Group. Redmond has patched the Windows-Office vulnerability, tracked as CVE-2023-24880, today in its monthly Patch Tuesday event.

Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red...

Today is Microsoft's March 2023 Patch Tuesday, and security updates fix two actively exploited zero-day vulnerabilities and a total of 83 flaws. This month's Patch Tuesday fixes two zero-day vulnerabilities actively exploited in attacks.

An open source adversary-in-the-middle phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. DEV-1101, per the tech giant, is said to be the party behind several phishing kits that can be purchased or rented by other criminal actors, thereby reducing the effort and resources required to launch a phishing campaign.

Microsoft will soon fast-track multi-factor authentication adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client. The company says in a new Microsoft 365 roadmap entry that users will be able to complete MFA requests for Microsoft 365 apps directly in the Outlook app via a new feature dubbed Authenticator Lite.

Microsoft has finally addressed a known issue causing significant performance hits when copying large files over SMB after installing the Windows 11 2022 update. The fix comes after Microsoft's Ned Pyle explained in October that "There is a performance reduction in 22H2 when copying larger files from a remote computer down to a Windows 11 computer or when copying files on a local drive."