Microsoft – Page 5 – PossibleThreat Articles

Microsoft plans to offer extended security updates to both business and individual Windows 10 users for the first time when the operating system reaches end-of-life in late 2025.

Microsoft encouraged Windows 10 customers to begin plans to migrate to the latest version of the operating system — Windows 11 — last April with the announcement that Windows 10 22H2 would be the final version.

Windows 10 is still the most widely used version of the OS, accounting for 64% of US desktop market share, according to StatCounter’s figures; that compared to 30% for Windows 11.

To read this article in full, please click here

ComputerWorld Independent

Critical zero-day flaws in Windows, Office mean it's time to patch

November 17, 2023 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

We are now in the third decade of Microsoft’s monthly Patch Tuesday releases, which deliver fewer critical updates to browsers and Windows platforms — and much more reliable updates to Microsoft Office — than in the early days of patching. But this month, the company rolled out 63 updates (including fixes for three zero-days in Windows and Office).

Updates to Microsoft Exchange and Visual Studio can be included in standard patch release cycles, while Adobe needs to be included in your “Patch Now” releases for third-party applications.

The team at Readiness has provided a detailed infographic that outlines the risks associated with each of the updates for November.

To read this article in full, please click here

Security Sophos

A November rain of patches from Microsoft

November 16, 2023 0 Comments Microsoft, Patch Tuesday, threat research

Credit to Author: Angela Gunn| Date: Thu, 16 Nov 2023 18:08:02 +0000

A collection of 57 CVEs for twelve product families is literally only half of the story this month

ComputerWorld Independent

‘Data poisoning’ anti-AI theft tools emerge — but are they ethical?

October 30, 2023 0 Comments Artificial intelligence, Emerging Technology, generative ai, Intel, legal, Microsoft, natural language processing, regulation, Security

Technologists are helping artists fight back against what they see as intellectual property (IP) theft by generative artificial intelligence (genAI) tools whose training algorithms automatically scrape the internet and other places for content.

The fight over what constitutes fair use of content found online is at the heart of what has been an ongoing court battle. The fight goes beyond artwork to whether genAi companies like Microsoft and its partner, OpenAI, can incorporate software code and other published content into their models.

To read this article in full, please click here

Security Sophos

Patch Tuesday harvests a bumper crop in October

October 11, 2023 0 Comments curl, cve-2023-38545, cve-2023-44487, featured, libcurl, Microsoft, Patch Tuesday, threat research

Credit to Author: Angela Gunn| Date: Wed, 11 Oct 2023 18:06:24 +0000

Two significant vulnerabilities – both extending far beyond Microsoft – make this a crucial month for admins to stay on their game

Independent Krebs Security

Patch Tuesday, October 2023 Edition

October 10, 2023 0 Comments adam barnett, amazon, Apple, CloudFlare, cve-2023-35349, cve-2023-36563, cve-2023-36778, cve-2023-41763, cve-2023-44487, damian menscher, Google, immersive labs, ios 17.0.3, ipados 17.0.3, libvpx, Microsoft, natalie silva, patch tuesday october 2023, rapid reset attack, rapid7, security tools, skype for business, Time to Patch, Windows, wordpad

Credit to Author: BrianKrebs| Date: Tue, 10 Oct 2023 22:51:31 +0000

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.

MalwareBytes Security

Microsoft AI researchers accidentally exposed terabytes of sensitive data

September 19, 2023 0 Comments blob, Business, Microsoft, news, sas, secrets, wiz

Categories: Business

Categories: News

Tags: blob

Tags: SAS

Tags: Microsoft

Tags: Wiz

Tags: secrets

Microsoft AI researchers posted a long-living, overly permissive, SAS token on GitHub, exposing 38 TB of data.

MalwareBytes Security

ThemeBleed exploit is another reason to patch Windows quickly

September 18, 2023 0 Comments cve-2023-38146, Exploits and vulnerabilities, Microsoft, msstyles, news, theme, themepack

Categories: Exploits and vulnerabilities

Categories: News

Tags: theme

Tags: themepack

Tags: Microsoft

Tags: cve-2023-38146

Tags: msstyles

An exploit has been released for a vulnerability in .themes that was patched in the September 2023 Patch Tuesday update.

ComputerWorld Independent

Critical updates for Microsoft Office and Visual Studio drive September's Patch Tuesday

September 15, 2023 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

Microsoft released 59 updates in its September Patch Tuesday release, with critical patches for Microsoft Office and Visual Studio, and continued the trend of including non-Microsoft applications in its update cycle. (Notepad++ is a notable addition, with Autodesk returning with a revised bulletin.) We’ve made “Patch Now” recommendations for Microsoft development platforms (Visual Studio) and Microsoft Word.

Unfortunately, updates for Microsoft Exchange Server have also returned, requiring server reboots this time, too.

The team at Readiness has created this infographic outlining the risks associated with each of the September updates.

To read this article in full, please click here

Independent Krebs Security

FBI Hacker Dropped Stolen Airbus Data on 9/11

September 13, 2023 0 Comments A Little Sunshine, airbus, breachforums, Data Breaches, FBI, genesis market, hudson rock, infragard, Microsoft, redline, The Coming Storm, usdod

Credit to Author: BrianKrebs| Date: Thu, 14 Sep 2023 00:22:05 +0000

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI’s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.