Microsoft Archives - Page 13 of 17 - Cyber Security Minute

Latest Microsoft Windows security update options explained

Issued by: CSO

The need to manage patching on home machines that have no Group Policy, Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) control means that you may be looking for alternatives. Employees’ personal machines might run Windows 10 Home version, which has limited ability to control updates. With corporate-owned machines you have more…

Software Security

July 2020 Patch Tuesday forecast: Will the CVE trend continue?

Issued by: Help Net Security

Microsoft has averaged roughly 90 common vulnerabilities and exposures (CVE) fixes per month over the past five months. With everyone working from home and apparently focused on bug fixes, I expect this large CVE fixing trend to continue. Despite these record CVE numbers, the actual number of updates have been down; we haven’t seen Exchange…

Vulnerabilities

Microsoft fixes two RCE flaws affecting Windows 10 machines

Issued by: Help Net Security

Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines. The vulnerabilities Both flaws – CVE-2020-1425 and CVE-2020-1457 – arose because of the way the Microsoft Windows Codecs Library handled objects in memory. CVE-2020-1425 could allow attackers to obtain information to further compromise the…

Software Security

Microsoft releases Defender ATP for Android and Linux

Issued by: Help Net Security

Microsoft has added support for Linux and Android to Microsoft Defender ATP, its unified enterprise endpoint security platform. Microsoft Defender Advanced Threat Protection is designed to help enterprises prevent, detect, investigate, and respond to advanced cyber threats on company endpoints from one central point. Microsoft Defender ATP for Linux Microsoft Defender ATP initially offered protection…

Network Security

Microsoft acquires CyberX to provide unified security governance across both IT and industrial networks

Issued by: Help Net Security

CyberX, the IoT/OT security company, announced that it is being acquired by Microsoft. As enterprises implement digital transformation and Industry 4.0 for greater efficiency and productivity, boards and management teams are increasingly concerned about the financial and liability risk resulting from the deployment of massive numbers of connected IoT and OT devices. Adversaries targeting this…

Application Security

Microsoft 365 Apps update changes: What security admins need to know

Issued by: CSO

As more organizations move to the Microsoft 365 platform, Microsoft has acknowledged that we need a more stable monthly update platform for the Office suite. Microsoft has made changes in naming and the patching cadence in response to customers’ concerns. Until May 2020, Office 365 applications were updated using click-to-run technology under three difference schedules…

Malware & Threats

4 tips for protecting users from COVID-19-targeted attacks

Issued by: CSO

Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to COVID-19. Attackers are also setting up COVID-19-related domain names and enticing people to click on them. Anomali recently released a report that identified at least 15 distinct COVID-19-related campaigns associated with 11 threat…

Vulnerabilities

Microsoft Teams Vulnerability Exposed Organizations to Attacks

Issued by: Security Week

Sending the malicious link or image was simple, but preparing the attack involved multiple steps that would be difficult to achieve for unsophisticated attackers. “We addressed the issue discussed in this blog and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we…

Network Security

Microsoft Launches Free Zero Trust Assessment Tool

Issued by: Security Week

Nupur Goyal, senior product marketing manager at Microsoft, told SecurityWeek that the tool is free and available to anyone. “Our assessment tool will help orgs assess readiness across identities, devices, apps, infrastructure, network and data, and then provide go-dos and deployment guidance to help them reach key milestones,” Goyal said. Due to the COVID-19 coronavirus…

Vulnerabilities

Windows users under attack via two new RCE zero-days

Issued by: Help Net Security

Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. The attacks are limited and targeted, the company noted, and provided workarounds to help reduce customer risk until a fix is developed and released. More about the new Windows zero-days According…