#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Microosft Office | Breaking Cybersecurity News | The Hacker News

Category — Microosft Office
Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems

Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems

Jul 12, 2022
Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses. It, however, doesn't support Windows Education (A3) or Windows Front Line Worker (F3) licenses. "Microsoft will continue to release updates on the second Tuesday of every month and now Autopatch helps streamline updating operations and create new opportunities for IT pros," Lior Bela  said . Autopatch works by  applying security updates  first to devices in what's called the Test ring, which contains a minimum number of representative devices. After a validation period, the updates are pushed to the First (1% devices), Fast (9%), and Broad (90%) rings. The service was first  teased  by the tech giant in April 2022
Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation

Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation

May 31, 2022
Microsoft on Monday published guidance for a newly discovered  zero-day security flaw  in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier  CVE-2022-30190 , is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted.  "To help protect customers, we've published CVE-2022-30190 and additional guidance  here ," a Microsoft spokesperson told The Hacker News in an emailed statement. The  Follina  vulnerability, which came to light late last week, involved a real-world exploit that leveraged the shortcoming in a weaponized Word document to execute arbitrary PowerShell code by making use of the "ms-msdt:" URI scheme. The sample was uploaded to VirusTotal from Belarus. But first signs of exploitation of the flaw date back
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
New UAF Vulnerability Affecting Microsoft Office to be Patched Today

New UAF Vulnerability Affecting Microsoft Office to be Patched Today

Jun 08, 2021
Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook," researchers from Check Point research said in a report published today. Three of the four flaws — tracked as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 — have been fixed by Microsoft as part of its Patch Tuesday update for May 2021, with the fourth patch (CVE-2021-31939) to be issued in June's update rolling out later today. In a hypothetical attack scenario, the researchers said the vulnerability could be triggered as simply as opening a malicious Excel (.XLS) file that's served via a download link or an email. Arising out of parsing mistakes made in legacy code found in Excel 9
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
Expert Insights / Articles Videos
Cybersecurity Resources