New attacks use Windows security bypass zero-day to drop malware
New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. [...]
Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.
Search across headline titles and summaries.
Background for this topic.
Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.
Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.
New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. [...]
A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware
Although the group relies on good old phishing to deliver Royal ransomware, researchers say DEV-0569 regularly uses new and creative discovery techniques to lure victims.
Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell. [...]
The attack bypassed both SPF and DMARC email authentication checks
As well as malvertising and phishing links, the new threat actor is now also using contact forms to deliver its payloads, found Microsoft
Microsoft has released out-of-band (OOB) updates to fix a known issue triggering Kerberos sign-in failures and other authentication problems on enterprise Windows domain controllers after installing cumulative updates released during November's Patch Tuesday. [...]
Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software. [...]
The socially engineered campaign used a legitimate domain to send phishing emails to large swaths of university targets.
Microsoft has urged developers still using the long-term support (LTS) release of .NET Core 3.1 to migrate to the latest .NET Core versions until it reaches the end of support (EOS) next month. [...]
Microsoft has resolved a known issue triggering errors and temporarily causing the taskbar and desktop to disappear on Windows 10 systems. [...]
Okta, a leading provider of authentication services, has shared a workaround for ongoing issues preventing customers to log into their accounts using Microsoft Office 365 Single Sign-On. [...]
Microsoft has released this month's optional KB5020030 Preview cumulative update for all editions of Windows 10 20H2, 21H1, 21H2, and 22H2. [...]
Microsoft has resolved a known issue causing connectivity problems for Windows customers using the DirectAccess service to access their organizations remotely without using a virtual private network (VPN). [...]
Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos sign-in failures and other authentication problems after installing cumulative updates released during this month's Patch Tuesday. [...]