Security News

Microsoft will introduce improved protection against phishing attacks pushing malware via malicious Microsoft OneNote files.To thwart phishing attacks using malicious Microsoft OneNote attachments, you can set up secure mail gateways or mail servers to automatically block OneNote documents with.

Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document - a known high-risk phishing file type. "Users will receive a notification when the files seem dangerous to improve the file protection experience in OneNote on Windows," the company said.

Microsoft's Security Intelligence team recently investigated a business email compromise attack and found that attackers move rapidly, with some steps taking mere minutes. BEC attacks are a type of cyberattack where the attacker gains access to an email account of the target organization through phishing, social engineering, or buying account credentials on the dark web.

Microsoft says the latest Windows 11 build rolling out to Insiders in the Canary channel will enable Local Security Authority protection by default. LSA protection is crucial for safeguarding against the theft of sensitive information or login credentials by blocking untrusted code injection into the LSA process and blocking process memory dumping.

Microsoft has released a new Windows 11 preview build with new features such as File Explorer access keys, a new VPN status indicator, and a new way to copy two-factor authentication codes from text messages. The new Access Keys features in File Explorer will enable users to execute any command in the context menu using keyboard strokes.

Microsoft says the Excel spreadsheet software is now blocking untrusted XLL add-ins by default in Microsoft 365 tenants worldwide. "We are introducing a default change for Excel Windows desktop apps that run XLL add-ins: XLL add-ins from untrusted locations will now be blocked by default," Microsoft said in a new Microsoft 365 message center post.

Microsoft has shared a fix for Outlook sign-in errors that iOS and Android users may encounter with mailboxes in some Exchange environments. "The error occurs in a hybrid Exchange environment, for mailboxes in on-premises Microsoft Exchange Server or Exchange Online," the company said in a support document released on Tuesday.

Microsoft says its Outlook for Mac email and calendar client is now available for free, and it will no longer require an Office license or a Microsoft 365 subscription to be used. Outlook for Mac comes with support for Microsoft 365, Outlook.com, Gmail, Yahoo Mail, iCloud, IMAP, and POP accounts, according to its Mac App Store page.

A proof-of-concept for CVE-2023-21716, a critical vulnerability in Microsoft Word that allows remote code execution, has been published over the weekend. Tweet-sized PoC. Security researcher Joshua Drake last year discovered the vulnerability in Microsoft Office's "Wwlib.dll" and sent Microsoft a technical advisory containing proof-of-concept code showing the issue is exploitable.

Microsoft is adding a new Canary channel to its nine-year-old Windows Insider Program to let the most fearless users test what it describes as "Hot off the presses" features. Windows builds released through the Canary Channel will have higher numbers than the ones in the Dev, Beta, and Release Preview channels, starting with 25000 series builds.