security best practices

In an ever-evolving security landscape, even the stalwarts we trust—like Microsoft Office—are not immune to critical vulnerabilities. Recently disclosed as CVE-2025-26629, a use-after-free flaw in Microsoft Office has raised fresh concerns about how attackers might exploit memory management...

Windows Subsystem for Linux (WSL2) has long been celebrated for bridging the gap between two traditionally separate worlds: Windows and Linux. Yet, even this robust integration is not immune to security challenges. A new kernel vulnerability—CVE-2025-24084—has emerged, where an untrusted pointer...

Cybersecurity experts have recently uncovered a stealthy botnet campaign that is targeting Microsoft 365 environments still using legacy authentication protocols. This article delves into the specifics of the attack, explains its broader implications, and offers actionable recommendations for...

In the ever-evolving landscape of cybersecurity, the traditional "trust but verify" approach has given way to the zero trust model—an uncompromising methodology that never assumes any entity, user, or device is inherently safe. In a recent SC Media interview, special projects engineer Adam...

In an era where every device on your network is a potential entry point for attackers, the latest revelations surrounding Xerox VersaLink printer vulnerabilities serve as a stark reminder of the hidden risks. These vulnerabilities not only jeopardize the printers themselves but also pave the way...

On October 3, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made waves in the cybersecurity community by adding a new entry to its Known Exploited Vulnerabilities Catalog. This catalog is no small potatoes—it is a crucial repository that outlines vulnerabilities actively...

Windows resiliency is becoming an increasingly critical topic for organizations of all sizes, particularly in light of recent significant events that have impacted IT systems globally. The culmination of these incidents, like the CrowdStrike incident, highlights the need for robust resiliency...

Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA)...

Original release date: January 6, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions...

Original release date: December 5, 2019 Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share...

Date: Tuesday, December 18, 2018Time: 02:00 PM Eastern Standard TimeDuration: 1 hour Most people think firewalls when it comes to network security and defending against cyber-threats. But with today’s increasingly sophisticated cyber-security threats Continue reading...

Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of...

Original release date: September 06, 2016 | Last revised: September 28, 2016 Systems Affected Network Infrastructure Devices Overview The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat...

Graham Calladine, Security Architect with Microsoft Services partners with the Security Talk Series to describe the use of claims-based authentication to allow Active Directory and other on-premises identity providers to be used by Azure applications. Related resources: Whitepaper: Security...