Security news aggregator

Latest coverage for Microsoft

Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.

19 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.

Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.

Showing 19 most recent headlines Filtered view
Bank Info Security 2 years, 4 months ago

Lazarus Group Exploits Windows AppLocker Driver Zero-Day

Microsoft Fixed Bug in February That Gave Kernel-Level Access to North Korean APTNorth Korea's Lazarus hackers exploited a Windows AppLocker driver zero-day to gain kernel-level access and turn off security tools that could detect the group's bring-your-own-vulnerable-driver exploitation techniques. Microsoft fixed the bug in its February patch dump.

Bank Info Security 2 years, 4 months ago

What EU Antitrust Probe Around Entra ID Means for Microsoft

Rivals Say Microsoft Restricts Competition Around Identity. Will Regulators Agree?Microsoft once again finds itself in the crosshairs of antitrust regulators, this time for practices around its Entra ID identity management tool. The European Commission is probing whether Microsoft prevents customers from buying security software that competes with its own, The Information said.

North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. [...]

Bank Info Security 2 years, 4 months ago

EU to Analyze Partnership Between Microsoft and Mistral AI

Microsoft Announces $16.3 Million Investment in French AI FirmThe European competition regulator will examine a partnership between Microsoft and French artificial intelligence startup Mistral AI for potential anti-competitive effects. Microsoft announced Monday that it has entered a $16.3 million, multiyear partnership with the firm.

Bank Info Security 2 years, 4 months ago

Moscow Military Hackers Used Microsoft Outlook Vulnerability

APT28 Used Hacked Ubiquiti Routers for Hashed Password Relay AttacksA campaign by Russian military intelligence to convert Ubiquiti routers into a platform for a global cyberespionage operation began as early as 2022, U.S. and foreign intelligence agencies said. The U.S. disrupted a botnet built by a hacking unit of Russian military's Main Intelligence Directorate.