6 articles tagged with "Microsoft".
Microsoft will disable the 33-year-old NTLM authentication protocol by default in future Windows releases through a phased rollout: enhanced auditing now, Kerberos improvements in H2 2026, and disabled-by-default in future major releases.
Microsoft introduces new Purview DLP integration, sensitivity label enforcement, and oversharing assessment tools for Copilot for Microsoft 365, responding to widespread CISO concerns about AI assistants accessing sensitive data through existing permissions.
Varonis discovered a prompt injection attack chain that could steal sensitive data from Microsoft Copilot with a single click, bypassing safety filters through double-request and chain-request techniques. Patched January 13, 2026.
CVE-2026-21509 bypasses OLE security mitigations in Microsoft Office. Russia-linked APT28 is exploiting it against targets in Ukraine and the EU. Emergency patches available.
Coordinated action with UK, German authorities, and Europol takes down subscription service that operated 2,600 VMs sending over 1 million phishing emails daily. Microsoft's 35th civil action against cybercrime.
Monthly security update addresses 114 CVEs including CVE-2026-20805, a Windows Desktop Window Manager flaw under active exploitation enabling ASLR bypass. Eight critical RCE and privilege escalation flaws patched.