Microsoft

Pierluigi Paganini June 14, 2020
Tech firms suspend use of ‘biased’ facial recognition technology

Amazon, IBM and now Microsoft ban the sale of facial recognition technology to police departments and are urging for federal laws to regulate its use. Microsoft has joined Amazon and IBM in banning the sale of facial recognition technology to police departments, the tech giants are also urging for federal laws to regulate the use […]

Pierluigi Paganini June 11, 2020
SMBleed could allow a remote attacker to leak kernel memory

Microsoft addressed a Server Message Block (SMB) protocol issue, named SMBleed, that could allow an attacker to leak kernel memory remotely, without authentication. Recently released Microsoft June 2020 Patch Tuesday updates also address a vulnerability in the Server Message Block (SMB) protocol dubbed SMBleed (CVE-2020-1206) that could allow an attacker to leak kernel memory remotely, without […]

Pierluigi Paganini May 08, 2020
Microsoft investigates claims that its GitHub account has been hacked

Microsoft confirmed that it is investigating claims that its GitHub account has been hacked after some of its files were leaked online. Microsoft launched an investigation into the claims that its GitHub account has been hacked. Recently some files allegedly stolen from the Microsoft Github account have been leaked online, and they appear to be […]

Pierluigi Paganini April 23, 2020
Microsoft issued Out-of-Band advisory to address Autodesk FBX flaws

Microsoft released an out-of-band advisory to address security vulnerabilities affecting Autodesk FBX vulnerabilities in Office, Office 365, and Paint 3D.  Researchers from Autodesk discovered multiple vulnerabilities that affect the Autodesk FBX software development kit (SDK), the issues could lead to code execution and trigger denial of service conditions.  Microsoft confirmed that the issues in the Autodesk […]

Pierluigi Paganini April 04, 2020
Microsoft’s case study: Emotet took down an entire network in just 8 days

Microsoft declared that an Emotet attack took down an organization’s network by overheating all the computers and bringing its Internet access down. Microsoft shared details of the Emotet attack suffered by an organization named Fabrikam in the Microsoft’s Detection and Response Team (DART) Case Report 002, where Fabrikam is a fake name the IT giant […]

Pierluigi Paganini March 31, 2020
Microsoft Edge will warn users if their credentials have been compromised

Microsoft announced that it will add an alerting feature to Edge to warn users if their credentials saved to autofill have been compromised. Microsoft announced several new features for its Edge browser, including a new alerting service to warn users if the credentials they have saved to autofill have been compromised in a third-party data […]

Pierluigi Paganini March 12, 2020
Microsoft fixes CVE-2020-0796, the SMBv3 wormable bug recently leaked

Microsoft released security updates to fix a recently disclosed CVE-2020-0796 vulnerability in SMBv3 protocol that could be abused by wormable malware. Microsoft has released security updates to address the CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by vxers to implement “wormable” malware. On March 10, 2019, Microsoft accidentally leaked info on a security update for […]

Pierluigi Paganini March 10, 2020
Microsoft accidentally reveals Wormable Win SMBv3 CVE-2020-0796 Flaw

Today Microsoft accidentally leaked info about a new wormable vulnerability (CVE-2020-0796) in the Microsoft Server Message Block (SMB) protocol. Today Microsoft accidentally leaked info on a security update for a wormable vulnerability in the Microsoft Server Message Block (SMB) protocol. The issue, tracked as CVE-2020-0796, is pre- remote code execution vulnerability that resides in the Server […]

Pierluigi Paganini March 05, 2020
Hundreds of Microsoft sub-domains open to hijacking

Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Researchers have devised another way to carry out an attack, for example, inviting victims to download a fake update from an apparently trusted URL such as mybrowser.microsoft.com. Security researchers Numan Ozdemir and […]

Pierluigi Paganini February 13, 2020
Microsoft recommends Exchange admins to disable the SMBv1 protocol

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. “To make sure that your Exchange organization is better protected against the latest threats (for […]