August 9, 2024 at 12:17PM Microsoft has identified a high-severity zero-day vulnerability in Office 2016 and later, for which a patch is yet to be released. Based on the meeting notes, the key takeaway is that Microsoft has announced a high-severity zero-day vulnerability impacting Office 2016 and later versions that is still awaiting a patch. … Read more
August 8, 2024 at 04:51PM Microsoft reminds admins that Exchange 2016 reaches end of extended support on October 14 next year. They advise migrating to Exchange 2019 for in-place upgrades to Exchange SE. After migration, servers should be put into maintenance mode for a week to identify issues. Admins are suggested to ensure all issues … Read more
August 6, 2024 at 11:11PM Microsoft denied Delta Air Lines’ accusations of responsibility for outages caused by CrowdStrike’s software, insulting Delta’s IT infrastructure. Delta threatened to sue Microsoft and CrowdStrike over the incident, claiming $500 million in losses. Microsoft’s legal representative said they offered daily help, which Delta ignored, and suggested that Delta has not … Read more
August 6, 2024 at 10:06PM Microsoft is investigating why other airlines recovered from tech outages faster than Delta. This comes after Delta claimed a $500 million loss due to a recent tech outage. The incident has prompted Microsoft to defend itself against the airline’s criticism. (48 words) It seems there may be some confusion. The … Read more
August 5, 2024 at 05:08PM Microsoft successfully resolved a two-hour Azure outage that disrupted multiple services in North and Latin America. Based on the meeting notes, the key takeaway is that Microsoft has successfully mitigated an Azure outage that affected multiple services for customers across North and Latin America, lasting more than two hours. Full … Read more
August 5, 2024 at 09:18AM Cybersecurity researchers have identified design weaknesses in Microsoft’s Windows Smart App Control and SmartScreen, potentially allowing threat actors to gain access without triggering warnings. These vulnerabilities include bypassing protections with a legitimate EV certificate, reputation hijacking, seeding, tampering, and LNK stomping. This underscores the need for additional scrutiny in download … Read more
August 5, 2024 at 08:41AM CrowdStrike rejects Delta’s claims of gross negligence leading to IT outage. They reiterate their apology, offer support, and criticize Delta’s litigation threat. Delta also considers litigation against Microsoft. Majority of CrowdStrike customers recovered, but lingering issues persist. CrowdStrike faces declining share price and a lawsuit over update rollout. They assert … Read more
July 29, 2024 at 04:40PM Microsoft revised the estimate of machines crashing due to the CrowdStrike Falcon outage, stating that the previous number of 8.5 million was too low. The company aims to reduce infosec vendors’ reliance on kernel drivers and emphasized the need to balance the benefits and risks of using such drivers for … Read more
July 29, 2024 at 02:48PM Ransomware groups are exploiting a critical vulnerability (CVE-2024-37085) in VMware ESXi hypervisors to gain full administrative access on domain-joined systems. Microsoft warns that known cybercriminal groups have already exploited this flaw to deploy ransomware. The issue was not initially recognized as being exploited in the wild when VMware released patches. … Read more
July 29, 2024 at 02:39AM Microsoft acknowledges that its initial estimate of 8.5 million machines affected by CrowdStrike’s software update was likely underestimated. The incident response blog shared insights into the impact measurement process, stressing the limitations of crash reports. Microsoft outlined plans to reduce dependence on kernel drivers and enhance security in collaboration with … Read more