microsoft

Microsoft Isn’t Fixing 8-year-old Zero Day Used for Spying • The Register

,

Microsoft is ignoring an 8-year-old Windows exploit involving .LNK shortcut files used for surveillance, treating it as a low-priority issue despite its effectiveness in espionage. Trend Micro discovered the flaw, which allows attackers to hide malicious commands, affecting mainly state-sponsored actors from countries like North Korea and Russia. Microsoft claims it's a user-interface issue rather than a security threat, suggesting a possible fix in future updates but no immediate action.

https://www.theregister.com/2025/03/18/microsoft_trend_flaw/

Botnet Targets Basic Auth in Microsoft 365 Password Spray Attacks

Botnet of 130,000 devices targets Microsoft 365 via password-spray attacks on Basic Authentication, evading multi-factor authentication. Attackers use stolen credentials to exploit Basic Auth, which transmits credentials in plaintext and bypasses MFA. Security experts recommend disabling Basic Auth and strengthening access controls to mitigate risks. Possible links to Chinese threat actors have been identified.

https://www.bleepingcomputer.com/news/security/botnet-targets-basic-auth-in-microsoft-365-password-spray-attacks/

Microsoft February 2025 Patch Tuesday Fixes 4 Zero-days, 55 Flaws

,

Microsoft's February 2025 Patch Tuesday includes security updates for 55 vulnerabilities, with 4 zero-day flaws, two of which are actively exploited. Highlights are 19 elevation of privilege and 22 remote code execution vulnerabilities. Specific zero-days addressed include one posing file deletion risks (CVE-2025-21391) and another granting SYSTEM privileges (CVE-2025-21418). Publicly disclosed zero-days include a UEFI bypass (CVE-2025-21194) and NTLM hash disclosure vulnerability (CVE-2025-21377). Additional updates were also released by other companies, such as Adobe and Google.

https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2025-patch-tuesday-fixes-4-zero-days-55-flaws/

Microsoft Advertisers Phished Via Malicious Google Ads

, ,

Malicious Google ads target Microsoft advertisers, attempting to steal login info for Microsoft's ad platform. Attackers use cloaking techniques to redirect users and evade security, ultimately leading to a phishing page that mimics the legitimate site. The campaign highlights ongoing phishing threats in online advertising, urging users to verify URLs, utilize two-factor authentication, monitor accounts, and report suspicious ads.

https://www.malwarebytes.com/blog/news/2025/01/microsoft-advertisers-phished-via-malicious-google-ads

Microsoft Tests Edge Scareware Blocker to Block Tech Support Scams

, ,

Microsoft is testing a new “scareware blocker” for Edge browser to detect and block tech support scams using local machine learning. It alerts users about potential scams and allows reporting to improve detection accuracy. Users can find the feature in Edge's privacy settings, and it enhances protection alongside Defender SmartScreen, which catalogs malicious sites.

https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-edge-scareware-blocker-to-block-tech-support-scams/

Microsoft January 2025 Patch Tuesday Fixes 8 Zero-days, 159 Flaws

,

Microsoft's January 2025 Patch Tuesday addresses 159 vulnerabilities, including 8 zero-days, with 3 actively exploited. Key fixes include 12 critical vulnerabilities affecting remote code execution, information disclosure, and privilege elevation. Notable vulnerabilities include flaws in Windows Hyper-V and Microsoft Access, which could lead to serious security risks. The total comprises 40 elevation of privilege vulnerabilities, 58 remote code execution vulnerabilities, and others across various categories. Other vendors like Adobe, Cisco, and Fortinet also released updates this month.

https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2025-patch-tuesday-fixes-8-zero-days-159-flaws/

Hackers Use FastHTTP in New High-speed Microsoft 365 Password Attacks

,

Hackers are using the FastHTTP Go library to execute high-speed brute-force password attacks on Microsoft 365 accounts globally, with a 10% success rate. The campaign began on January 6, 2025, targeting Azure Active Directory. Most attacks originate from Brazil, and they involve overwhelming multi-factor authentication (MFA) attempts. Microsoft warns that these takeovers can lead to data breaches. Administrators can use a provided PowerShell script to identify affected accounts and are advised to take immediate security measures if malicious activity is detected.

https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/

Microsoft to Force Install New Outlook on Windows 10 PCs in February

,

Microsoft will enforce installation of the new Outlook on Windows 10 starting February via a security update. Users deploying the optional January update will get it first, while others will see it installed with the February update. Classic Outlook will remain intact, and users can uninstall the new app afterward, as it cannot be blocked. The new Outlook was previewed in May 2022 and is available for personal and commercial accounts now.

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-new-outlook-on-windows-10-pcs-in-february/

Payload Trends in Malicious Onenote Samples

Extreme TLDR: Attackers exploit Microsoft OneNote for phishing using embedded payloads, primarily through images and buttons that execute malicious scripts or binaries. Analysis of 6,000 samples shows various payload types like JavaScript, VBScript, and EXE files are used, with a trend towards smaller file sizes for stealth. Organizations are advised to block dangerous extensions and monitor embedded objects in OneNote files to mitigate risks.

Payload Trends in Malicious OneNote Samples

Scroll to Top