Patch Now: Microsoft Releases Updates for Over 75 Flaws

Microsoft Releases Patches for 9 Critical Flaws & 3 Zero-Day Vulnerabilities On Tuesday, Microsoft released its security updates for February 2023, including patches for over 75 flaws. Among the 75 vulnerabilities, nine were rated “critical” and 66 “important” in terms of severity of threat to the organization. Three of them have been identified as zero-day […]

Four Different Microsoft Azure Services Found Vulnerable to Server-Side Request Forgery Attacks

Microsoft Azure Services Flaws Could’ve Exposed Cloud Resources to Cyberattacks According to a blog post Tuesday by Orca Security, four Microsoft Azure services have been found vulnerable to server-side request forgery (SSRF). The security issues were discovered by Orca between October 8, 2022 and December 2, 2022. The vulnerable services include: Azure API Management, Azure Functions, Azure […]

Microsoft Launches Brute Force Attack Protection For All Windows Versions

Microsoft Releases Policy to Further Prevent Brute Force Attack Attempts Earlier this week, Microsoft announced additional protection against brute force attacks, one of the most common methods used to attack Windows machines. IT admins can now configure a group policy to automatically block brute force attacks targeting local administrator accounts on any Windows system still […]

Azure AD Connect: New Update

New Azure AD Connect Version 2.0.91.0 Released This week, Microsoft released an updated version of Azure AD Connect. This new version provides compliance of the Azure AD Connect Health component with the Federal Information Processing Standards (FIPS) requirements. Keep track and understand all the versions that have been released — view Azure AD Connect version […]

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Microsoft Releases Over 100 Updates in Patch Tuesday for January 2022 The January security updates from the Redmond-based software giant cover security defects in a wide range of default Windows OS components, including a critical flaw in the HTTP Protocol Stack (http.sys) that Microsoft describes as “wormable,” and another code execution Exchange Server bug reported […]

New Microsoft Vulnerability, MSHTML RCE, Under Active Attack

Microsoft Alerts of New Zero-Day Flaw in Windows Microsoft released a security alert yesterday announcing a newly discovered flaw for a remote code execution (RCE) in MSHTML that is currently being exploited. MSHTML, also known as Trident, is a component used as a browser rendering engine for Microsoft Office documents. Attackers are using this zero-day […]

New Pricing for Microsoft 365

New Commercial List Pricing for Office 365 Microsoft announced changes to their commercial pricing for Microsoft 365—the first substantive pricing update since the launch of Office 365 a decade ago. Microsoft says that this updated pricing reflects the increased value they have delivered to their customers over the past 10 years. On March 1, 2022, […]

New Find: Windows 365 Exposes Microsoft Azure Credentials In Plaintext

Windows 365 credentials can be dumped in plaintext On August 2nd, 2021, Microsoft launched their Windows 365 cloud-based desktop service, allowing users to rent Cloud PCs and access them via remote desktop clients or a browser.  One of the lucky few who could get a free trial was Benjamin Delpy, creator of Mimikatz which is […]

3rd Windows Print Spooler Critical Vulnerability Detected

Windows PrintNightmare Vulnerabilities & Exploits Continue At the end of June and earlier this month, Microsoft released a security update regarding a Windows Print Spooler critical vulnerability, now being called PrintNightmare. Their original guidance, CVE-2021-1675, was quickly met with backlash as patches released by Microsoft were reported to not fix the issue completely. According to […]

Microsoft Discovers New SolarWinds Flaw Under Attack

Microsoft Uncovers Remote Code Execution (RCE) Vulnerability & Zero-Day Exploit of SolarWinds Serv-U Product Microsoft recently alerted software company, SolarWinds, of a new vulnerability uncovered, providing proof of concept to the company last week. It was found in SolarWinds Serv-U product, in two IT management utilities used to manage remote file servers, Serv-U Managed File […]