-
In a recent setback for Windows administrators, Microsoft’s October 2025 security update addressing a critical vulnerability in Windows Server Update Services (WSUS) has inadvertently broken hotpatching functionality on a subset of Windows Server 2025 systems. The flaw, tracked as CVE-2025-59287, allows remote code execution in WSUS environments, posing significant risks to enterprise update infrastructures. Microsoft […] The post Microsoft Patch for WSUS Vulnerability has Broken Hotpatching on Windows Server 2025 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Tier Zero Security have released a specialised Beacon Object File (BOF) tool that exploits a critical weakness in Microsoft Teams cookie encryption, enabling attackers to steal user chat messages and other sensitive communi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has launched Researcher with Computer Use in Microsoft 365 Copilot, marking a significant advancement in autonomous AI technology. This new feature allows the AI assistant to move beyond simple research tasks and actively perform actions on behalf of users through a secure virtual computer environment. The innovation enables Copilot to navigate public websites, access […] The post Microsoft Introduces Researcher in 365 Copilot: Your Secure Virtual Assistant for Enhanced Productivity appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA), working alongside the National Security Agency and international cybersecurity partners, has released a comprehensive security guidance document focused on hardening Microsoft Exchange server…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a timely response to escalating threats against email infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), Australian Cyber Security Centre (ACSC), and Canadian Centre for Cyber Security, released a comprehensive guide on October 2025 outlining best practices for securing on-premises Microsoft Exchange Servers. Titled “Microsoft Exchange Server Security […] The post CISA Releases Best Security Practices Guide for Hardening Microsoft Exchange Server appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has addressed a critical privilege escalation vulnerability affecting Windows environments worldwide. Attackers can exploit misconfigured Service Principal Names (SPNs) combined with Kerberos reflection attacks to gain SYSTEM-level access on …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft addressed a critical race condition vulnerability affecting its Windows Cloud Files Minifilter driver in October 2025. The flaw, assigned CVE-2025-55680, was originally discovered in March 2024 and represents a significant security concern fo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft reported a DNS-related outage on October 29, 2025, affecting access to key services, including Microsoft Azure and Microsoft 365. The issue surfaced around 9:37 PM GMT+5:30, leaving users unable to reach the Microsoft 365 admin center and experiencing widespread delays in other applications. Businesses relying on these platforms for email, collaboration tools, and cloud […] The post Microsoft DNS Outage Disrupts Azure and Microsoft 365 Services Worldwide appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Australia’s competition regulator has filed legal proceedings against Microsoft for allegedly misleading approximately 2.7 million Australian consumers regarding subscription options and pricing for Microsoft 365 plans. The Australian Competition and Consumer Commission claims that Microsoft deliberately concealed the availability of cheaper alternative plans when integrating its AI assistant Copilot into subscription offerings. The core of […] The post Microsoft Sued for Allegedly Misleading Millions to Subscribe for Microsoft 365 Subscriptions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released a critical security update addressing a severe vulnerability in ASP.NET Core that could enable attackers to execute HTTP request smuggling attacks. On October 14, 2025, the company issued patches for CVE-2025-55315, a security fe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
