Microsoft – Page 17 – PossibleThreat Articles

MalwareBytes Security

Microsoft fixes driver blocklist placing users at risk from BYOVD attacks

October 20, 2022 0 Comments blocklist, bring your own vulnerable driver, byovd, Microsoft, news, windows updates

Categories: News

Tags: BYOVD

Tags: bring your own vulnerable driver

Tags: blocklist

Tags: microsoft

Tags: windows updates

We take a look at reports that Microsoft’s driver blocklist hadn’t been updated for three years, leaving people at risk from BYOVD attacks.

(Read more…)

The post Microsoft fixes driver blocklist placing users at risk from BYOVD attacks appeared first on Malwarebytes Labs.

Security Sophos

S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]

October 20, 2022 0 Comments Cryptography, data breach, data loss, Microsoft, Naked Security Podcast, office, Patch Tuesday, Podcast, Privacy, zoom

Credit to Author: Paul Ducklin| Date: Thu, 20 Oct 2022 16:54:12 +0000

The coolest video game ever! And lots of solid cybersecurity advice – listen now!

ComputerWorld Independent

Zero-day flaws mean it's time to patch Exchange and Windows

October 17, 2022 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

This month’s Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.

To read this article in full, please click here

ComputerWorld Independent

Zero-days flaws mean it's time to patch Exchange and Windows

October 14, 2022 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

This month’s Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.

To read this article in full, please click here

Security Sophos

Serious Security: Microsoft Office 365 attacked over feeble encryption

October 14, 2022 0 Comments Cryptography, ecb, Microsoft, office, Windows

Credit to Author: Paul Ducklin| Date: Fri, 14 Oct 2022 16:59:25 +0000

How 2022 is your encryption?

MalwareBytes Security

Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected

October 12, 2022 0 Comments Adobe, Android, Apple, cve-2022-41033, cve-2022-41040, Exploits and vulnerabilities, fortinet, Google, Microsoft, news, Samsung, sap, vmware, xiaomi, zero day

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: Apple

Tags: Google

Tags: Android

Tags: Samsung

Tags: Xiaomi

Tags: Adobe

Tags: SAP

Tags: VMWare

Tags: Fortinet

Tags: CVE-2022-41033

Tags: CVE-2022-41040

Tags: zero-day

No fix for ProxyNotShell

(Read more…)

The post Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected appeared first on Malwarebytes Labs.

Security Sophos

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

October 12, 2022 0 Comments 0 day, Exploit, Microsoft, Patch Tuesday, vulnerability, Windows

Credit to Author: Paul Ducklin| Date: Wed, 12 Oct 2022 16:58:26 +0000

There’s a zero-day patch, but it’s not for the zero-day you thought.

Security Sophos

You can’t always get what you want on Patch Tuesday

October 11, 2022 0 Comments Microsoft, Patch Tuesday, threat research

Credit to Author: Angela Gunn| Date: Tue, 11 Oct 2022 17:47:47 +0000

No joy for Exchange admins looking to seal off two widely reported Server vulns

Security Sophos

Serious Security: OAuth 2 and why Microsoft is finally forcing you into it

October 10, 2022 0 Comments Cryptography, exchange, Microsoft, modern auth, oath, oauth, Podcast, totp

Credit to Author: Paul Ducklin| Date: Mon, 10 Oct 2022 14:02:13 +0000

Microsoft calls it “Modern Auth”, though it’s a decade old, and is finally forcing Exchange Online customers to switch to it.

Security Sophos

S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]

October 6, 2022 0 Comments :proxynotshell, BEC, bust, exchange, Exploit, Law & order, Microsoft, Naked Security Podcast, Podcast, robocalls, romance scam, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 06 Oct 2022 14:43:53 +0000

Latest episode – listen and learn now (or read and revise, if the written word is your thing)…