News


Microsoft Security Advisory Warns About 'SeriousSAM' Vulnerability in Windows Clients

An elevation-of-privilege vulnerability (CVE-2021-36934) is present in Windows 10 client operating systems, per a Tuesday Microsoft security advisory .

Microsoft's July Patch Rollout Bigger than Last Two Months Combined

Microsoft's latest monthly patch tally is back in the three digits.

Microsoft Opens Azure Learning Site for IT Pros

Microsoft this week launched Inside Azure for IT, which contains links to "fireside chats" on various Azure topics, aiming "to solve your real-world IT challenges."

Four Dozen Vulnerabilities Patched in Microsoft's June Security Bundle

Security researchers counted 49 common vulnerabilities and exposures (CVEs) in Microsoft's June security patch release, with five being "Critical" and the rest "Important."

Microsoft Describes Nobelium Attacks Targeting USAID

The Nobelium espionage group targeted about 3,000 e-mail accounts, commencing May 25, a Thursday Microsoft announcement indicated.

Microsoft Patches 55 Vulnerabilities in May Update

Four CVEs this month were described as "Critical" in severity, 50 were deemed "Important" and one was "Moderate."

Microsoft Ousting Flash from Windows in July

A Microsoft patch to be released this July will remove the Adobe Flash Player from most Windows systems, Microsoft announced this week.

VPN Vulnerability Found in Ivanti's Pulse Connect Secure

Ivanti recently issued a warning about a new security vulnerability in its Pulse Connect Secure VPN appliances that enables "an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway."

Linux Apps Graphics Support Coming to Windows 10

A new Windows 10 preview build notably adds support for running graphical user interface (GUI)-based Linux applications.

Microsoft's April Patch Rollout the Biggest of 2021 So Far

The April rollout comprised security updates for 114 common vulnerabilities and exposures (CVEs), including "Critical" Exchange Server patches that Microsoft implored organizations to apply "as soon as possible."

PowerShell Secret Management Modules Generally Released

Microsoft has released two PowerShell modules that make it easier to invoke scripted processes requiring passcodes (or "secrets") to work.

Microsoft's March Security Patch Tally Hits 89

Microsoft's March security update release delivered patches for 89 common vulnerabilities and exposures (CVEs), up 60 percent from last month.

Exchange Server Zero-Days Get Out-of-Band Security Patches

Microsoft has issued out-of-band security patches to address zero-day flaws affecting Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019.

MTA To Join List of Other Dead Microsoft Certs Next Year

The Microsoft Technology Associate (MTA) certification will end June 2022, joining other dead programs like the Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Solutions Developer (MCSD) and Microsoft Certified Solutions Expert (MCSE).

Microsoft Fixes 56 Security Flaws in February Patch Release

Microsoft's February security patch bundle rolled out on Tuesday to address 56 security vulnerabilities.

Microsoft's January Patch Rollout Tackles 10 'Critical' Flaws

Microsoft's January security patch release addresses 83 common vulnerabilities and exposures (CVEs), 10 of which were described as "Critical" by security researchers and 73 as "Important."

Linux Server Monitoring Comes to Microsoft Defender for Endpoint

Microsoft this week announced the release of a new endpoint detection and response (EDR) capability specifically for Linux servers in the Microsoft Defender for Endpoint product.

NSA Gives Advice on Reducing TLS Security Risk

Organizations that want to detect and block the old and insecure Transport Layer Security (TLS) protocol can draw on some new advice from the U.S. National Security Agency.

Microsoft Releases Office 365 Attack Simulation Training Capability

Certain subscribers to the Microsoft Defender for Office 365 service can now access a new "attack simulation training" feature, Microsoft announced this week.

Microsoft Advises IT on Tracking Down 'Solorigate'-Style Attacks

In the wake of the SolarWinds Orion-based software attack discovered last month, Microsoft has shared several resources for IT pros to help them discover similar breaches.