Search results for MICROSOFT "§ | Breaking Cybersecurity News | The Hacker News

Have you recently purchased a Windows computer? Congratulations! As your new Windows computer has inbuilt disk encryption feature that is turned on by default in order to protect your data in case your device is lost or stolen. Moreover, In case you lost your encryption keys then don't worry, Microsoft has a copy of your Recovery Key. But Wait! If Microsoft already has your Disk Encryption Keys then what's the use of using disk encryption feature? Doesn't Encryption mean Only you can unlock your disk ? Microsoft Probably Holds your Encryption Keys Since the launch of Windows 8.1, Microsoft is offering disk encryption as a built-in feature for Windows laptops, Windows phones and other devices. However, there is a little-known fact, highlighted by The Intercept, that if you have logged into Windows 10 using your Microsoft account, your system had automatically uploaded a copy of your recovery key to Microsoft's servers secretly, and you can't pre...

On passed Thursday, Microsoft has released an advance advisory alert for upcoming Patch Tuesday which will address Remote Code Execution vulnerabilities in several Microsoft's products. Microsoft came across a limited targeted attacks directed at their Microsoft Word 2010 because of the vulnerability in the older versions of Microsoft Word. This Tuesday Microsoft will release Security Updates to address four major vulnerabilities, out of which two are labeled as critical and remaining two are Important to patch as the flaws are affecting various Microsoft software such as, Microsoft Office suite, Microsoft web apps, Microsoft Windows, Internet Explorer etc. VULNERABILITY THAT YOU  MUST PATCH Google Security Team has reported a critical Remote code execution vulnerability in Microsoft Word 2010 ( CVE-2014-1761 ) which could be exploited by an attacker to execute the malicious code remotely via a specially crafted RTF file , if opened by a user with an affected ...

It's Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products. This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity. Two of the vulnerabilities patched by the tech giant this month are listed as publicly known at the time of release, and one flaw is reported as being actively exploited in the wild by multiple cybercriminal groups. Zero-Day Vulnerability Being Exploited by Cyber Criminals The zero-day vulnerability, tracked as CVE-2018-8589 , which is being exploited in the wild by multiple advanced persistent threat groups was first spotted and reported by security researchers from Kaspersky Labs. The flaw resides in the Win32k component (win32k.sys), which if exploited successfully, could allow a malicious program to execute arbitrary code...

With the release of 12 Security Bulletins , Microsoft addresses a total of 56 vulnerabilities in its different products. The bulletins include five critical updates, out of which two address vulnerabilities in all versions of Windows. The September Patch Tuesday update (released on second Tuesday of each month) makes a total of 105 Security Bulletins being released this year; which is more than the previous year with still three months remaining for the current year to end. The reason for the increase in the total number of security bulletins within such less time might be because of Windows 10 release and its installation reaching to a score of 100 million. Starting from MS15-094 to   MS15-105 ( 12 security bulletins ) Microsoft rates the severity of the vulnerabilities and their impact on the affected software. Bulletins MS15-094 and MS15-095 are the cumulative updates, meaning these are product-specific fixes for security related vulnerabilities that are r...

For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks. However, Microsoft has officially announced that support for Exchange Server 2016 and Exchange Server 2019 will end on October 14, 2025. While this may seem like a distant concern, businesses and IT teams must start preparing now. The end of support means that Microsoft will no longer provide security patches, bug fixes or technical support, leaving organizations running on these versions exposed to security vulnerabilities, compliance risks and potential operational disruptions. So, what should businesses do now? In this article, we'll explore the impact of Microsoft's decision, the risks...

Microsoft Copilot has been called one of the most powerful productivity tools on the planet. Copilot is an AI assistant that lives inside each of your Microsoft 365 apps — Word, Excel, PowerPoint, Teams, Outlook, and so on. Microsoft's dream is to take the drudgery out of daily work and let humans focus on being creative problem-solvers. What makes Copilot a different beast than ChatGPT and other AI tools is that it has access to everything you've ever worked on in 365. Copilot can instantly search and compile data from across your documents, presentations, email, calendar, notes, and contacts. And therein lies the problem for information security teams. Copilot can access all the sensitive data that a user can access, which is often far too much. On average, 10% of a company's M365 data is open to all employees. Copilot can also rapidly generate  net new  sensitive data that must be protected. Prior to the AI revolution, humans' ability to create and share data ...

In an effort to crackdown on cyber crimes, Microsoft has taken a legal action against a malware network what it thought is responsible for more than 7.4 million infections of Windows PCs across the globe. Millions of legitimate servers that rely on Dynamic Domain Name Service (DDNS) from No-IP.com, owned by Vitalwerks Internet Solutions were blacked out on Monday after Microsoft seized their 23 domain names that were being used by malware developed in the Middle East and Africa. No-IP FOR MALWARE OPERATORS The Dynamic Domain Name Service (DDNS) from No-IP.com works by mapping users' dynamic IP addresses to a customized No-IP sub-domain like yourhost.no-ip.org or yourhost.no-ip.biz. This mechanism allows users to connect to a system with dynamic IP address using a static No-IP sub-domain. No doubt its a useful service, but Nevada-based No-IP Dynamic DNS (DDNS) service subdomains have been abused by creators of malware for infecting millions of computers with ma...

Microsoft yesterday accused a former manager of taking hundreds of megabytes of confidential company material when he left the firm for a new position at CRM rival Salesforce.com. In a motion filed with a Washington State Superior Court Thursday, Microsoft alleged that Matt Miszewski, formerly a market development manager in the company's government group, lied about retaining "a large trove of materials -- 600 megabytes of information comprising over 900 separate files (estimated at 25,000 pages)" of proprietary Microsoft information on his personal computer. Late last month, Microsoft sued Miszewski for violating non-compete and confidentiality agreements when he accepted a job as a senior vice president with customer-relationship management (CRM) vendor Salesforce.com. The state court then issued a temporary restraining order that blocked Miszewski from working at Salesforce.com, engaging in any competitive activities or providing services to any of his former cust...

Russian antivirus vendor Kaspersky Lab is so upset with US software giant Microsoft that the security firm has filed more antitrust complaints against the company. The antivirus firm initially filed a lawsuit late last year against Microsoft with Russian Federal Anti-monopoly Service (FAS) over alleged abuse of Microsoft's dominant position in the desktop market to push its own antivirus software with Windows 10 and unfair competition in the market. Microsoft ships Windows 10 with its own security software Windows Defender, which comes enabled it by default with the operating system. While Microsoft has made some changes in Windows Defender since the initial complaint, Kaspersky Lab is not satisfied with the changes, filing more antitrust complaints against the software giant, this time with the European Commission and the German Federal Cartel Office. Kaspersky Accuses Microsoft of Unfair Competitive Practices The antivirus firm told European antitrust regulators that Mi...

Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also disclosed details of another vulnerability that it said has been addressed with "more robust protections." The tech giant acknowledged it's "aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update." CVE-2025-53770 (CVSS score: 9.8), as the exploited vulnerability is tracked, concerns a case of remote code execution that arises due to the deserialization of untrusted data in on-premise versions of Microsoft SharePoint Server. The newly disclosed shortcoming is a spoofing flaw in SharePoint ( CVE-2025-53771 , CVSS score: 7.1). Viettel Cyber Security and an anonymous researcher has been credited with discovering and reporting the bug. "Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint...

Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.  Recently, a slew of activity by the advanced persistent threat (APT) group Lazarus has focused on finding vulnerable Microsoft IIS servers and infecting them with malware or using them to distribute malicious code. This article describes the details of the malware attacks and offers actionable suggestions for protecting Microsoft IIS servers against them.  An Overview on Microsoft IIS Servers IIS was first introduced with Windows NT 3.51 as an optional package back in 1995. Since then, it has seen several iterations, improvements, and features added to align with the evolving Internet, includin...