Tag: microsoft
-
Microsoft to Block Exchange Online Access from Outdated Devices
Microsoft has announced a significant update to its device connectivity policies for Exchange Online, aimed at enhancing security and ensuring users are on modern protocols. Starting March 1, 2026, mobile devices running Exchange ActiveSync (EAS) versions older than 16.1 will no longer be able to connect to Exchange Online mailboxes. Exchange ActiveSync version 16.1 was originally…
-
Microsoft asks admins to reach out for Windows IIS failures fix
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-asks-it-admins-to-reach-out-for-windows-iis-failures-fix/
-
Microsoft security updates breaks MSMQ on older Win systems
Folder permission changes cause queue failures and misleading error messages, no real fix yet First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/microsoft_admits_that_message_queuing/
-
Microsoft asks IT admins to reach out for Windows IIS failures fix
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-asks-it-admins-to-reach-out-for-windows-iis-failures-fix/
-
Microsoft asks IT admins to reach out for Windows IIS failures fix
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-asks-it-admins-to-reach-out-for-windows-iis-failures-fix/
-
Microsoft Will Finally Kill an Encryption Cipher That Enabled a Decade of Windows Hacks
The weak RC4 for administrative authentication has been a hacker holy grail for decades. First seen on wired.com Jump to article: www.wired.com/story/microsoft-will-finally-kill-an-encryption-cipher-that-enabled-a-decade-of-windows-hacks/
-
BlindEagle Targets Colombian Government Agency with Caminho and DCRAT
Tags: access, attack, authentication, cloud, communications, control, cybercrime, defense, detection, dkim, dmarc, dns, email, encryption, flaw, government, group, infrastructure, injection, Internet, malicious, malware, microsoft, open-source, phishing, powershell, rat, service, spear-phishing, startup, tactics, threat, tool, update, usa, windowsIntroductionIn early September 2025, Zscaler ThreatLabz discovered a new spear phishing campaign attributed to BlindEagle, a threat actor who operates in South America and targets users in Spanish-speaking countries, such as Colombia. In this campaign, BlindEagle targeted a government agency under the control of the Ministry of Commerce, Industry and Tourism (MCIT) in Colombia using…
-
Microsoft to Kill RC4 in Kerberos by 2026
Kerberos Overhaul Will Disable RC4 by Default in Windows. Microsoft will disable RC4 by default in Windows Kerberos, pushing organizations to uncover and eliminate longstanding cryptographic weaknesses hidden in legacy authentication systems – particularly within large domains where fallback to RC4 has quietly persisted for decades. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/microsoft-to-kill-rc4-in-kerberos-by-2026-a-30304
-
Azure CLI Trust Abused in ConsentFix Account Takeovers
ConsentFix abuses trusted Azure CLI OAuth flows to hijack Microsoft accounts without passwords or MFA. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/azure-cli-trust-abused-in-consentfix-account-takeovers/
-
Microsoft Outlines Mitigation for React2Shell RCE Vulnerability in React Server Components
Tags: authentication, cve, cvss, cyber, malicious, microsoft, mitigation, rce, remote-code-execution, risk, vulnerabilityMicrosoft has released comprehensive guidance on CVE-2025-55182, a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and the Next.js framework. Assigned a maximum CVSS score of 10.0, this vulnerability enables attackers to execute arbitrary code on vulnerable servers through a single malicious HTTP request, representing an unprecedented risk to modern React-based web…
-
LG Copilot-Zwangsinstallation: Update kapert Smart-TVs mit Microsoft-KI
Zwangsinstallation von Microsoft Copilot auf LG-Fernsehern: Ein Update bringt unlöschbare KI auf Smart-TVs und entfacht Kritik. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/entertainment/lg-copilot-zwangsinstallation-update-kapert-smart-tvs-mit-microsoft-ki-324273.html
-
LG Copilot-Zwangsinstallation: Update kapert Smart-TVs mit Microsoft-KI
Zwangsinstallation von Microsoft Copilot auf LG-Fernsehern: Ein Update bringt unlöschbare KI auf Smart-TVs und entfacht Kritik. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/entertainment/lg-copilot-zwangsinstallation-update-kapert-smart-tvs-mit-microsoft-ki-324273.html
-
Chrome Extension with 6M+ Users Found Collecting AI Chatbot Inputs
A popular browser extension promoted as a free and secure VPN has been discovered secretly capturing user conversations across multiple AI chatbot platforms including ChatGPT, Claude, Gemini, and Microsoft Copilot raising fresh concerns over privacy and data exploitation in the age of generative AI. Researchers using the Wings agentic”‘AI risk engine uncovered that Urban VPN…
-
Microsoft will finally kill obsolete cipher that has wreaked decades of havoc
The weak RC4 for administrative authentication has been a hacker holy grail for decades. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/12/microsoft-will-finally-kill-obsolete-cipher-that-has-wreaked-decades-of-havoc/
-
Microsoft December 2025 Security Updates Disrupt MSMQ Functionality on IIS
Microsoft’s December 2025 security update has introduced a significant compatibility issue affecting Message Queuing (MSMQ) functionality across Windows Server and client environments. The problematic update, identified as KB5071546 (OS Build 19045.6691), was released on December 9, 2025, and has already impacted organizations relying on MSMQ for inter-application communication, particularly in Internet Information Services (IIS) deployments.…
-
Microsoft December 2025 Security Updates Disrupt MSMQ Functionality on IIS
Microsoft’s December 2025 security update has introduced a significant compatibility issue affecting Message Queuing (MSMQ) functionality across Windows Server and client environments. The problematic update, identified as KB5071546 (OS Build 19045.6691), was released on December 9, 2025, and has already impacted organizations relying on MSMQ for inter-application communication, particularly in Internet Information Services (IIS) deployments.…
-
xHunt APT Exploits Microsoft Exchange and IIS to Deploy Custom Backdoors
xHunt, a sophisticated cyber-espionage group with a laser focus on organizations in Kuwait, has continued to demonstrate advanced capabilities in infiltrating critical infrastructure. The group’s persistent, multi-year campaigns targeting the shipping, transportation, and government sectors underscore the evolving threat landscape facing Middle Eastern enterprises. Since its first documented operations in July 2018, xHunt has refined…
-
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats
A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity.The extension in question is Urban VPN Proxy, which has a 4.7 rating…
-
Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed
Tags: access, ai, attack, awareness, business, chatgpt, china, cloud, compliance, control, corporate, cybersecurity, data, data-breach, defense, detection, endpoint, governance, guide, infrastructure, injection, leak, LLM, malicious, microsoft, mitigation, monitoring, network, open-source, openai, privacy, RedTeam, risk, saas, service, strategy, threat, tool, training, vulnerabilityYour employees are using AI whether you’ve sanctioned it or not. And even if you’ve carefully vetted and approved an enterprise-grade AI platform, you’re still at risk of attacks and data leakage. Key takeaways: Security teams face three key risks as AI usage becomes widespread at work: Shadow AI, the challenge of safely sanctioning tools,…
-
Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed
Tags: access, ai, attack, awareness, business, chatgpt, china, cloud, compliance, control, corporate, cybersecurity, data, data-breach, defense, detection, endpoint, governance, guide, infrastructure, injection, leak, LLM, malicious, microsoft, mitigation, monitoring, network, open-source, openai, privacy, RedTeam, risk, saas, service, strategy, threat, tool, training, vulnerabilityYour employees are using AI whether you’ve sanctioned it or not. And even if you’ve carefully vetted and approved an enterprise-grade AI platform, you’re still at risk of attacks and data leakage. Key takeaways: Security teams face three key risks as AI usage becomes widespread at work: Shadow AI, the challenge of safely sanctioning tools,…
-
Recent Windows updates break VPN access for WSL users
Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-recent-windows-updates-cause-wsl-networking-issues/
-
Recent Windows updates break VPN access for WSL users
Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-recent-windows-updates-cause-wsl-networking-issues/
-
Microsoft stellt neue Sicherheitsstrategie vor
Tags: ai, bug-bounty, cloud, cyberattack, governance, hacking, microsoft, open-source, phishing, RedTeam, risk, saas, service, strategy, tool, vulnerabilityMicrosoft hat angekündigt, dass sein Bug-Bounty-Programm ausgeweitet werden soll.Cyberangriffe beschränken sich heutzutage nicht auf bestimmte Unternehmen, Produkte oder Dienstleistungen sie finden dort statt, wo die Schwachstellen sind. Zudem werden die Attacken mit Hilfe von KI-Tools immer ausgefeilter. Vor diesem Hintergrund hat Microsoft seinen neuen Security-Ansatz ‘In Scope by Default” auf der Black Hat Europe angekündigt.Demnach…
-
Support-Ende von Windows 10 – Verbraucherschützer wollen klare Regeln für Support-Zeiträume
Microsofts Kommunikation rund um das Windows-10-Support-Ende war teils konfus. Verbraucherschützer fordern nun verbindliche Regeln. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/support-ende-von-windows-10-verbraucherschuetzer-wollen-klare-regeln-fuer-support-zeitraeume.95455
-
Microsoft stellt neue Sicherheitsstrategie vor
Tags: ai, bug-bounty, cloud, cyberattack, governance, hacking, microsoft, open-source, phishing, RedTeam, risk, saas, service, strategy, tool, vulnerabilityMicrosoft hat angekündigt, dass sein Bug-Bounty-Programm ausgeweitet werden soll.Cyberangriffe beschränken sich heutzutage nicht auf bestimmte Unternehmen, Produkte oder Dienstleistungen sie finden dort statt, wo die Schwachstellen sind. Zudem werden die Attacken mit Hilfe von KI-Tools immer ausgefeilter. Vor diesem Hintergrund hat Microsoft seinen neuen Security-Ansatz ‘In Scope by Default” auf der Black Hat Europe angekündigt.Demnach…
-
Support-Ende von Windows 10 – Verbraucherschützer wollen klare Regeln für Support-Zeiträume
Microsofts Kommunikation rund um das Windows-10-Support-Ende war teils konfus. Verbraucherschützer fordern nun verbindliche Regeln. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/support-ende-von-windows-10-verbraucherschuetzer-wollen-klare-regeln-fuer-support-zeitraeume.95455
-
Kein Patch von Microsoft: Zero-Day-Lücke betrifft gängige Windows-Versionen
Forscher warnen vor einer Zero-Day-Lücke unter Windows. Richtig gefährlich wird diese in Kombination mit einer bereits bekannten Lücke. First seen on golem.de Jump to article: www.golem.de/news/kein-patch-von-microsoft-zero-day-luecke-gefaehrdet-alle-gaengigen-windows-versionen-2512-203266.html
-
Kein Patch von Microsoft: Zero-Day-Lücke gefährdet alle gängigen Windows-Versionen
Forscher warnen vor einer Zero-Day-Lücke unter Windows. Richtig gefährlich wird diese in Kombination mit einer bereits bekannten Lücke. First seen on golem.de Jump to article: www.golem.de/news/kein-patch-von-microsoft-zero-day-luecke-gefaehrdet-alle-gaengigen-windows-versionen-2512-203266.html