Security News

Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses.

Microsoft says that Windows Autopatch, an enterprise service that automatically keeps Windows and Microsoft 365 software up to date, is generally available starting today.Windows Autopatch was first announced in April when Microsoft said it would be available for free to Microsoft customers with a Windows 10/11 Enterprise E3 license or greater starting July 2022.

Microsoft is investigating an issue causing Outlook search not to display recent emails in desktop apps running on Windows 11 systems. "When searching in Outlook Desktop on Windows 11 you might not see the most recent emails in the search results," Microsoft explains.

Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities. The infections involve a worm that propagates over removable USB devices containing malicious a.LNK file and leverages compromised QNAP network-attached storage devices for command-and-control.

Microsoft has released an update for the Windows Subsystem for Android, allowing all Windows 11 Insiders to use their VPN's IP address with Android apps. In May, Microsoft introduced a new 'Advanced Networking' feature to Windows 11 builds on the Dev channel, which made the Windows Subsystem for Android virtual machine and host share the same IP address.

A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The Linux encryptor is created to target VMware ESXi servers, with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files.

Microsoft has confirmed it fixed a previously disclosed 'ShadowCoerce' vulnerability as part of the June 2022 updates that enabled attackers to target Windows servers in NTLM relay attacks. This NTLM relay attack method can be used by threat actors to force unpatched servers to authenticate against servers under the attacker's control, leading to a takeover of the Windows domain.

Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors. Cybersecurity firm Sekoia also observed it using QNAP NAS devices as command and control servers servers in early November [PDF], while Microsoft said it found malicious artifacts linked to this worm created in 2019.

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory certificate authentication issues caused by Microsoft's May 2022 updates. The flaw is an actively exploited Windows LSA spoofing vulnerability tracked as CVE-2022-26925 and confirmed to be a new PetitPotam Windows NTLM Relay attack vector.

Microsoft has reminded customers that Windows Server 2012/2012 R2 will reach its extended end-of-support date next year, on October 10, 2023. Released in October 2012, Windows Server 2012 has entered its tenth year of service and has already reached the mainstream end date over three years ago, on October 9, 2018.