Microsoft

On Tuesday, Microsoft revealed a "New Bing" search engine and conversational bot powered by ChatGPT-like technology from OpenAI. On Wednesday, a Stanford University student named Kevin Liu used a prompt injection attack to discover Bing Chat's initial prompt, which is a list of statements that governs how it interacts with people who use the service. Bing Chat is currently available only on a limited basis to specific early testers.

Microsoft said on Wednesday that an Austria-based company named DSIRF used multiple Windows and Adobe Reader zero-days to hack organizations located in Europe and Central America. Multiple news outlets have published articles like this one, which cited marketing materials and other evidence linking DSIRF to Subzero, a malicious toolset for “automated exfiltration of sensitive/private data” and “tailored access operations [including] identification, tracking and infiltration of threats.”

Microsoft's Internet Explorer has died many deaths over the years, but today is the one that counts. The final version of the browser, Internet Explorer 11, will no longer receive support or security updates starting today, and it will gradually be removed from Windows 10 PCs via a Windows Update at some point in the future. It was never installed on Windows 11 PCs at all.

Researchers warned last weekend that a flaw in Microsoft's Support Diagnostic Tool could be exploited using malicious Word documents to remotely take control of target devices. Microsoft released guidance on Monday, including temporary defense measures.

Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document.

The vulnerability, which has yet to receive a tracking number and is referred to by the infosec community as 'Follina,' is leveraged using malicious Word documents that execute PowerShell commands via the MSDT.

Vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights— the latest elevation of privileges flaw to come to light in the open source OS.

Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws.

Microsoft has fixed 119 vulnerabilities (not including 26 Microsoft Edge vulnerabilities) with today's update, with ten classified as Critical as they allow remote code execution.

Microsoft said that it's currently tracking a "low volume of exploit attempts" targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability across its cloud services.

The Spring4Shell vulnerability (tracked as CVE-2022-22965) impacts the Spring Framework, described as the "most widely used lightweight open-source framework for Java."

Microsoft is enabling a Microsoft Defender 'Attack Surface Reduction' security rule by default to block hackers' attempts to steal Windows credentials from the LSASS process.

When threat actors compromise a network, they attempt to spread laterally to other devices by stealing credentials or using exploits.

Microsoft Corp. is in talks to acquire cybersecurity research and incident response company Mandiant Inc., according to people familiar with the discussions, a deal that would bolster efforts to protect customers from hacks and breaches.

The deliberations may not result in an offer, said the people, who asked not to be identified because the talks are private. Mandiant and Microsoft declined to comment. Mandiant shares surged 18% in New York, bringing its market value to almost $4.3 billion. Microsoft stock gained 1.2% to $304.56.