February 23, 2024 at 07:21AM Microsoft has unveiled PyRIT, an open-access automation framework, to proactively identify risks in generative AI systems. The tool aims to assess robustness, security, and privacy harms, offering various interfaces and scoring options. Though it complements manual red teaming, it highlights risk areas and prompts further investigation. This development coincides with … Read more
February 22, 2024 at 04:44PM Microsoft is testing Wi-Fi 7 support in Windows 11 to provide multi-gigabit speeds and improved throughput, latency, and reliability. Wi-Fi 7 offers advancements including 320 MHz superwide channels, Multi-Link Operation (MLO) support, and a new 4K QAM modulation technique, delivering faster speeds than Wi-Fi 6. The support is being tested … Read more
February 15, 2024 at 04:34PM Microsoft identified a critical vulnerability in Exchange Server disclosed in February as a zero-day threat already being exploited. The flaw (CVE-2024-21410) permits attackers to disclose and relay Windows NT Lan Manager hashes, impersonating legitimate users. Microsoft revised its advisory, flagging the exploit as a zero-day. A cumulative update (CU14) protects … Read more
February 15, 2024 at 06:45AM A critical vulnerability in Exchange Server (CVE-2024-21410) is actively exploited, enabling privilege escalation and NTLM hash relay attacks. Microsoft issued a warning and released Exchange Server 2019 CU14 to address the flaw. Furthermore, Check Point disclosed another critical-severity Outlook vulnerability (CVE-2024-21413) allowing remote code execution through crafted hyperlinks. Both companies … Read more
February 15, 2024 at 12:21AM Microsoft has confirmed active exploitation of a critical security flaw in Exchange Server, allowing attackers to gain privileges and execute operations. It has released patches to address this and other vulnerabilities in its Patch Tuesday updates. Threat actors, including APT28, have a history of exploiting such flaws for NTLM relay … Read more
February 14, 2024 at 03:12PM Microsoft updated a security advisory warning about a critical Outlook bug, tracked as CVE-2024-21413, leading to remote code execution if exploited. The vulnerability allows bypassing Protected View, affecting multiple Office products including Microsoft Outlook 2016 and Office 2019. Check Point researchers discovered the vulnerability called Moniker Link, recommending applying the … Read more
February 14, 2024 at 12:41PM After installing Exchange Server 2019 CU14 or later, Extended Protection (EP) will be automatically enabled to strengthen Windows Server authentication and mitigate security risks. Admins should review Microsoft’s documentation and PowerShell script before toggling EP, and address any issues after enabling it. Microsoft encourages keeping servers updated to deploy emergency … Read more
February 13, 2024 at 03:28PM The provided text contains a list of CVE IDs and their associated vulnerabilities across various Microsoft products. The list spans different severity levels, such as Important, Moderate, and Critical. It outlines vulnerabilities related to .NET, Azure Active Directory, Azure DevOps, Azure File Sync, Microsoft Edge, Microsoft Office, Skype for Business, … Read more
February 13, 2024 at 02:08PM The document details a list of vulnerabilities, including CVE IDs, titles, and severity ratings for various Microsoft products and services, such as .NET, Azure Active Directory, Azure DevOps, Microsoft Edge, and others. It also covers Windows-related vulnerabilities in areas like Hyper-V, Internet Connection Sharing, Kernel, LDAP, and Message Queuing. Based … Read more
February 12, 2024 at 01:27AM Microsoft is introducing Sudo for Windows 11, allowing users to run elevated commands from an unelevated console session, providing an ergonomic solution to elevate commands without opening a new console. This feature is available in Windows 11 builds 26045 and later, and comes with three options. The project is also … Read more