Tag: microsoft
-
Patchday: Microsoft Office Updates (9. Dezember 2025)
Am 9. Dezember (zweiter Dienstag im Monat, Microsoft Patchday) hat Microsoft mehrere sicherheitsrelevante Updates für Microsoft Office veröffentlicht. Diesen Monat wurden gravierende Schwachstellen in Office geschlossen. Nachfolgend finden Sie eine Übersicht über die verfügbaren Updates. Eine Übersicht über die Updates … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/11/patchday-microsoft-office-updates-9-dezember-2025/
-
Microsoft Teams to warn of suspicious traffic with external domains
Tags: microsoftMicrosoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle potential security threats. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-to-warn-of-suspicious-traffic-with-external-domains/
-
Microsoft Releases New Guidance to Combat the Shai-Hulud 2.0 Supply Chain Threat
Tags: attack, cloud, credentials, cyber, exploit, microsoft, programming, software, supply-chain, threatMicrosoft has published comprehensive guidance addressing the Shai-Hulud 2.0 supply chain attack, one of the most significant cloud-native ecosystem compromises observed in recent months. The campaign represents a sophisticated threat that exploits the trust inherent in modern software development workflows by targeting developer environments, CI/CD pipelines, and cloud-connected workloads to harvest sensitive credentials and configuration…
-
Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data
Microsoft has officially addressed a new security vulnerability affecting the Windows Defender Firewall Service that could allow threat actors to access sensitive information on compromised systems. The flaw, identified as CVE-2025-62468, was disclosed as part of the company’s December 2025 security updates. This information disclosure vulnerability poses a risk to organizations that rely on standard…
-
Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data
Microsoft has officially addressed a new security vulnerability affecting the Windows Defender Firewall Service that could allow threat actors to access sensitive information on compromised systems. The flaw, identified as CVE-2025-62468, was disclosed as part of the company’s December 2025 security updates. This information disclosure vulnerability poses a risk to organizations that rely on standard…
-
Microsoft Outlook Flaw Lets Attackers Execute Malicious Code Remotely
Microsoft has disclosed a critical remote code execution vulnerability in Outlook that could allow attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-62562, was officially released on December 9, 2025, and poses a significant security risk to enterprise and personal users worldwide. The flaw stems from a use-after-free weakness in Outlook’s…
-
Microsoft Outlook Flaw Lets Attackers Execute Malicious Code Remotely
Microsoft has disclosed a critical remote code execution vulnerability in Outlook that could allow attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-62562, was officially released on December 9, 2025, and poses a significant security risk to enterprise and personal users worldwide. The flaw stems from a use-after-free weakness in Outlook’s…
-
Exchange Server Sicherheitsupdates Dezember 2025
Microsoft hat zum 9. Dezember 2025 das “Dezember 2025” Sicherheitsupdate für Exchange Server freigegeben. Das Sicherheitsupdate gilt Exchange Server 2016, Exchange Server 2019, und erstmals für Exchange Server Subscription Edition (SE). Exchange Online-Kunden sind bereits geschützt, die tangiert das Update … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/10/exchange-server-sicherheitsupdates-dezember-2025/
-
U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-6218 is a WinRAR directory traversal flaw (formerly…
-
Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day
Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Exchange Server, Azure, Copilot, PowerShell, and Windows Defender. Three vulnerabilities are rated Critical, while the rest are…
-
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the…
-
Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025
December’s Patch Tuesday sees the release of patches for over 50 CVEs including three zero-days First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-three-zerodays-patch/
-
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the…
-
Fehleinschätzungen in der Microsoft-365-Sicherheit – Konfigurationslücken und Privilegienexplosion in Microsoft 365
Tags: microsoftFirst seen on security-insider.de Jump to article: www.security-insider.de/microsoft-365-security-konfigurationsluecken-core-view-report-a-865b579d83921f7712bdc95a8cb6ab8f/
-
Microsoft Patchday Dezember 2025 – Codeausführung, Privilegieneskalation und aktive Angriffe
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-patchday-dezember-2025-patches-updates-a-4390ecd5666a94d3e64d399464e5e5e6/
-
Tools, um MCP-Server abzusichern
Tags: ai, api, authentication, cloud, compliance, data-breach, detection, framework, identity, incident response, injection, least-privilege, microsoft, monitoring, network, open-source, risk, saas, service, startup, threat, tool, vmware, zero-trustUnabhängig davon, welche MCP-Server Unternehmen wofür einsetzen “Unsicherheiten” sollten dabei außenvorbleiben.Model Context Protocol (MCP) verbindet KI-Agenten mit Datenquellen und erfreut sich im Unternehmensumfeld wachsender Beliebtheit. Allerdings ist auch MCP nicht frei von Sicherheitslücken, wie entsprechende Entdeckungen, etwa beim SaaS-Anbieter Asana oder dem IT-Riesen Atlassian gezeigt haben. Inzwischen hat sich jedoch einiges in Sachen MCP-Sicherheit getan.…
-
Tools, um MCP-Server abzusichern
Tags: ai, api, authentication, cloud, compliance, data-breach, detection, framework, identity, incident response, injection, least-privilege, microsoft, monitoring, network, open-source, risk, saas, service, startup, threat, tool, vmware, zero-trustUnabhängig davon, welche MCP-Server Unternehmen wofür einsetzen “Unsicherheiten” sollten dabei außenvorbleiben.Model Context Protocol (MCP) verbindet KI-Agenten mit Datenquellen und erfreut sich im Unternehmensumfeld wachsender Beliebtheit. Allerdings ist auch MCP nicht frei von Sicherheitslücken, wie entsprechende Entdeckungen, etwa beim SaaS-Anbieter Asana oder dem IT-Riesen Atlassian gezeigt haben. Inzwischen hat sich jedoch einiges in Sachen MCP-Sicherheit getan.…
-
Tools, um MCP-Server abzusichern
Tags: ai, api, authentication, cloud, compliance, data-breach, detection, framework, identity, incident response, injection, least-privilege, microsoft, monitoring, network, open-source, risk, saas, service, startup, threat, tool, vmware, zero-trustUnabhängig davon, welche MCP-Server Unternehmen wofür einsetzen “Unsicherheiten” sollten dabei außenvorbleiben.Model Context Protocol (MCP) verbindet KI-Agenten mit Datenquellen und erfreut sich im Unternehmensumfeld wachsender Beliebtheit. Allerdings ist auch MCP nicht frei von Sicherheitslücken, wie entsprechende Entdeckungen, etwa beim SaaS-Anbieter Asana oder dem IT-Riesen Atlassian gezeigt haben. Inzwischen hat sich jedoch einiges in Sachen MCP-Sicherheit getan.…
-
Microsoft December 2025 Patch Tuesday Fixes 56 Vulnerabilities Fixed and 3 Zero-days
Microsoft’s final Patch Tuesday of 2025 has been released, addressing 56 vulnerabilities across its product suite. The December update includes patches for three zero-day vulnerabilities, one of which is confirmed to be actively exploited in the wild. Among the resolved flaws, two are rated as >>Critical,>Important
-
Microsoft December 2025 Patch Tuesday Fixes 56 Vulnerabilities Fixed and 3 Zero-days
Microsoft’s final Patch Tuesday of 2025 has been released, addressing 56 vulnerabilities across its product suite. The December update includes patches for three zero-day vulnerabilities, one of which is confirmed to be actively exploited in the wild. Among the resolved flaws, two are rated as >>Critical,>Important
-
Threat Actors Poison SEO to Spread Fake Microsoft Teams Installer
The Chinese advanced persistent threat (APT) group Silver Fox (also known as Void Arachne) has launched a sophisticated search engine optimization (SEO) poisoning campaign targeting Chinese-speaking employees at organizations worldwide. The campaign distributes a counterfeit Microsoft Teams installer laced with ValleyRAT malware, while employing Cyrillic characters and Russian-language elements as deliberate false flags to mislead…
-
Threat Actors Poison SEO to Spread Fake Microsoft Teams Installer
The Chinese advanced persistent threat (APT) group Silver Fox (also known as Void Arachne) has launched a sophisticated search engine optimization (SEO) poisoning campaign targeting Chinese-speaking employees at organizations worldwide. The campaign distributes a counterfeit Microsoft Teams installer laced with ValleyRAT malware, while employing Cyrillic characters and Russian-language elements as deliberate false flags to mislead…
-
Threat Actors Poison SEO to Spread Fake Microsoft Teams Installer
The Chinese advanced persistent threat (APT) group Silver Fox (also known as Void Arachne) has launched a sophisticated search engine optimization (SEO) poisoning campaign targeting Chinese-speaking employees at organizations worldwide. The campaign distributes a counterfeit Microsoft Teams installer laced with ValleyRAT malware, while employing Cyrillic characters and Russian-language elements as deliberate false flags to mislead…
-
Threat Actors Poison SEO to Spread Fake Microsoft Teams Installer
The Chinese advanced persistent threat (APT) group Silver Fox (also known as Void Arachne) has launched a sophisticated search engine optimization (SEO) poisoning campaign targeting Chinese-speaking employees at organizations worldwide. The campaign distributes a counterfeit Microsoft Teams installer laced with ValleyRAT malware, while employing Cyrillic characters and Russian-language elements as deliberate false flags to mislead…
-
Microsoft Copilot Outage Disrupts UK and Europe With Access Failures and Broken Features
Microsoft Copilot, the AI tool many businesses use daily, is facing significant problems today. Users in the United Kingdom and parts of Europe are reporting that they cannot access the service. Others say that even if they can log in, many features are broken or not working correctly. Microsoft has confirmed the problem. On their…
-
Microsoft Copilot Outage Disrupts UK and Europe With Access Failures and Broken Features
Microsoft Copilot, the AI tool many businesses use daily, is facing significant problems today. Users in the United Kingdom and parts of Europe are reporting that they cannot access the service. Others say that even if they can log in, many features are broken or not working correctly. Microsoft has confirmed the problem. On their…
-
Microsoft Copilot Outage Disrupts UK and Europe With Access Failures and Broken Features
Microsoft Copilot, the AI tool many businesses use daily, is facing significant problems today. Users in the United Kingdom and parts of Europe are reporting that they cannot access the service. Others say that even if they can log in, many features are broken or not working correctly. Microsoft has confirmed the problem. On their…