threat mitigation

In the ever-evolving cat-and-mouse game between cyber attackers and security professionals, even the stalwarts like Windows Defender Application Control (WDAC) are not immune to inventive bypass techniques. Recent demonstrations by elite red team operators have shown that even the trusted...

In the ever-evolving world of cybersecurity, a newly documented attack targeting Microsoft 365 users is challenging some of the built‐in email security safeguards many organizations rely on. With attackers increasingly honing their strategies, this campaign leverages legitimate Microsoft...

The recent joint cybersecurity advisory on Medusa ransomware shines a harsh light on an evolving threat that continues to keep network defenders on their toes. This advisory—released under the #StopRansomware banner by the FBI, CISA, and the MS-ISAC—provides a detailed breakdown of the tactics...

StopRansomware: Unpacking the Ghost (Cring) Ransomware Threat Published: February 19, 2025 Source: CISA, FBI, and MS-ISAC In a bid to empower network defenders worldwide, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center...

Recently, the Microsoft Security Response Center (MSRC) has flagged a important security vulnerability identified as CVE-2024-49128 affecting Windows Remote Desktop Services. With the increasing reliance on remote work and desktop services, this vulnerability presents a significant risk, and...

In a world increasingly reliant on digital infrastructure, vulnerabilities in software can lead to significant risks, especially when they concern critical manufacturing sectors. Recently, cybersecurity experts identified vulnerabilities in Rockwell Automation's DataMosaix Private Cloud that...

Date: Thursday, June 27, 2019 Time: 02:00 PM Eastern Daylight Time Duration: 1 hour The threat of a cyberattack is so eminent, organizations can no longer simply put up defenses and hope either they aren’t attacked, or defenses will hold should one Continue reading...

Original release date: March 27, 2018 Systems Affected Networked systems Overview According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and...

Severity Rating: Important Revision Note: V1.1 (October 11, 2016): Bulletin revised to correct a CVE ID. CVE-2016-7191 has been changed to CVE-2016-7211. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action. Summary...

Severity Rating: Important Revision Note: V1.0 (June 14, 2016): Bulletin published. Summary: This security update resolves vulnerabilites in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in...

Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the...

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and Link Removed can be found in the Security TechNet...

Original release date: April 30, 2015 Systems Affected Networked systems Overview Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject...

Lex Thomas welcomes Mark Simos, an Architect for the Cyber, Security and Identity team here at Microsoft, to discuss tools, techniques and services that are available to help mitigate “Pass-the-Hash” and other forms of cyber credential theft. Tune in as they give us an in-depth overview of the...

Severity Rating: Important Revision Note: V1.1 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2655992 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...

Severity Rating: Critical Revision Note: V2.2 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2536276 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...

Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2. Customers concerned with this...

Resolves vulnerabilities in Windows Task Scheduler that could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on... More...

In November 2010, Microsoft released the first Security Bulletin (Link Removed due to 404 Error) against an Office 2010 component, in this case Microsoft Word. Approximately 6 months had elapsed since Office 2010 launched in May and while it's good for such a widely used product to be available...