The need to manage patching on home machines that have no Group Policy, Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) control means that you may be looking for alternatives. Employees’ personal machines might run Windows 10 Home version, which has limited ability to control updates. With corporate-owned machines you have more…

Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines. The vulnerabilities Both flaws – CVE-2020-1425 and CVE-2020-1457 – arose because of the way the Microsoft Windows Codecs Library handled objects in memory. CVE-2020-1425 could allow attackers to obtain information to further compromise the…

Microsoft has added support for Linux and Android to Microsoft Defender ATP, its unified enterprise endpoint security platform. Microsoft Defender Advanced Threat Protection is designed to help enterprises prevent, detect, investigate, and respond to advanced cyber threats on company endpoints from one central point. Microsoft Defender ATP for Linux Microsoft Defender ATP initially offered protection…

CyberX, the IoT/OT security company, announced that it is being acquired by Microsoft. As enterprises implement digital transformation and Industry 4.0 for greater efficiency and productivity, boards and management teams are increasingly concerned about the financial and liability risk resulting from the deployment of massive numbers of connected IoT and OT devices. Adversaries targeting this…

Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to COVID-19. Attackers are also setting up COVID-19-related domain names and enticing people to click on them. Anomali recently released a report that identified at least 15 distinct COVID-19-related campaigns associated with 11 threat…

Sending the malicious link or image was simple, but preparing the attack involved multiple steps that would be difficult to achieve for unsophisticated attackers. “We addressed the issue discussed in this blog and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we…

Nupur Goyal, senior product marketing manager at Microsoft, told SecurityWeek that the tool is free and available to anyone. “Our assessment tool will help orgs assess readiness across identities, devices, apps, infrastructure, network and data, and then provide go-dos and deployment guidance to help them reach key milestones,” Goyal said. Due to the COVID-19 coronavirus…

Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. The attacks are limited and targeted, the company noted, and provided workarounds to help reduce customer risk until a fix is developed and released. More about the new Windows zero-days According…