Security News

Microsoft has acknowledged an issue triggered by a Windows 10, version 21H2 security update released during the December 2021 Patch Tuesday that leads to search issues in Outlook for Microsoft 365. "After you install update KB5008212, recent emails may not appear in search results," Microsoft explained in a recently published Office support document.

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access."The particular danger with Owowa is that an attacker can use the module to passively steal credentials from users who are legitimately accessing web services," he explained.

A new phishing campaign analyzed by email security provider Avanan exploits a key feature in Microsoft Outlook. To use Outlook against its users, hackers simply start by devising a phishing email that appears to be sent from an actual person.

Microsoft has shared a solution for Outlook users who have been experiencing search issues after upgrading to Windows 11. "This issue will happen with any account where the emails and other items are stored locally in PST or OST files such as POP and IMAP accounts," Microsoft says on its list of recent issues impacting Outlook for PC. "For Exchange and Microsoft 365 hosted accounts, this issue will affect offline search for the data in the locally stored OST files."

Microsoft has released the optional KB5005611 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes bugs in Microsoft Outlook and makes it easier to mitigate the PrintNightmare vulnerability. This cumulative update is part of Microsoft's September 2021 monthly "C" update, allowing Windows users to test the upcoming fixes before they are automatically deployed in the forthcoming October 2021 Patch Tuesday.

" Guess what? iOS 12 wasn't dead, it was just resting. Researchers rediscover an Outlook data leakage issue.

Guardicore security researcher Amit Serper has discovered a severe design bug in MIcrosoft Exchange's autodiscover - a protocol that lets users easily configure applications such as Microsoft Outlook with just email addresses and passwords. The flaw has caused the Autodiscover service to leak nearly 100,000 unique login names and passwords for Windows domains worldwide, Serper said in a technical report released this week.

Microsoft's autodiscover process can include numerous different steps, as explained in its own Autodiscover documentation, and different apps may use slightly different variants on the Microsoft's central theme. The researchers claim that over the next four months, they collected more than 1,000,000 unsolicited and unexpected autodiscover requests, of which a significant minority included authentication tokens or plaintext passwords that could, in theory, give access to the leaked accounts.

Microsoft is investigating several issues impacting Outlook customers and leading to problems related to security keys, search results, and more. "Adding a Gmail account to Outlook while using a security key for 2-step verification causes this error: This browser does not support security keys," Microsoft revealed on its list of recent issues in Outlook for PC. Redmond is also looking for a fix to address reports of search results for Outlook Suggested Searches being inaccurate, incomplete, or missing.

SAP announced its financial results for the second quarter ended June 30, 2021. "We're seeing strong adoption of our cloud portfolio as customers select SAP for their business transformation. Our strategy is working; This is the third straight quarter of strong execution, and we continue to deliver unparalleled customer value through the strength of our platform and applications," said Christian Klein, CEO. "This has been another strong quarter with accelerating growth for SAP's cloud portfolio. We saw excellent customer momentum and adoption and are raising our outlook for revenue and profit," said Luka Mucic, CFO. Business update second quarter 2021.