Microsoft Support & Discussions
Free PC Help Forum microsoft products support and discussions. If you need help with Microsoft Windows, Windows Server software, Microsoft 365, Microsoft Azure or any other Microsoft product you can post here. If you want to discuss Microsoft and their line of products you can do that here also.
84,928 topics in this forum
-
How to get the best of Windows on the Microsoft 365 admin center
by Guest Mabel_Gomes- 0 replies
- 0 views
Time flies and it's hard to believe that one year ago, in April 2021, we were concluding the rollout of Windows release heath and Windows message center content[1] to the Microsoft 365 admin center. We want to take advantage of this one-year anniversary to share some good news about a brand-new capability, and to remind you how to get the best Windows content from the admin center so you stay informed about both known issues and important, upcoming changes. Let's start with some news worth celebrating: Message center posts about Windows are now returned via the Service Comms Graph API. Initially, admin center users were able to use the service communications API in Mic…
-
Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution
by Guest msrc- 0 replies
- 0 views
MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user … Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution Read More » Continue reading...
-
Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution
by Cloaked-
- FPCH Admin
- 0 replies
- 0 views
MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers’ databases.
Last reply by Cloaked, -
-
How one senior developer brings the startup spirit to Microsoft
by Guest Christine Barrett- 0 replies
- 0 views
I recently had the opportunity to visit the Microsoft Africa Development Center, in my role as executive sponsor, for dedication ceremonies we hosted in both Nigeria and Kenya. All I have to say is, “Wow!” The energy at the ADC is simply electric. There’s so much optimism and so much enthusiasm for our plans to continue hiring engineers in ADC-West (Lagos) and ADC-East (Nairobi). Spending time at the ADC reminded me of my early days at Microsoft when we were a much smaller company with a much shorter history, and I was working on a brand-new team. There’s something incredibly special about being there at the beginning, which software engineer George Maina understands f…
-
-
- FPCH Admin
- 0 replies
- 271 views
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints. The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution. Moreover, the Nimbuspwn vulnerabilities could potentially be leveraged as a vector for root access by more sophisticated threats, such as malware or ransomware, to achieve greater impact on vulnerable devices. We discovered the vulnerabilities by listening to messages on the Sy…
Last reply by AWS, -
-
-
- FPCH Admin
- 1 follower
- 1 reply
- 447 views
Microsoft's upgrade to Windows 11 is largely considered the smoothest we've ever had. The Microsoft Digital Employee Experience team was able to upgrade 190,000 employee devices in just five weeks. We learned a lot so, in this post, I'm sharing our learnings with you to help with your deployment journey. Our success was built around several factors: far fewer app compatibility challenges than in the past, not needing to build out a plethora of disk images, and delivery processes and tools already that were greatly improved during the rollout of Windows 10. We divided our upgrade into three stages: plan, prepare, and deploy. Start with a good plan First, we had …
Last reply by Tony D, -
-
Microsoft best practices for managing IoT security concerns
by Guest Christine Barrett- 0 replies
- 1 view
The Internet of Things, or IoT, has expanded beyond the mere concept that it was when first introduced. IoT is now part of most individuals’ daily activities, from smart speakers and thermostats to smartwatches and vehicles. IoT devices and systems bring massive convenience and functionality. IoT is transforming the way businesses function, and more rapidly than ever, industrial IoT, manufacturing, and critical infrastructure are depending on IoT for their operations. However, due to the complicated nature of IoT, when implementing and managing IoT, security must be top of mind. During a thorough survey, organizations were asked about their top security concerns when impl…
-
Discover the anatomy of an external cyberattack surface with new RiskIQ report
by Guest Christine Barrett- 0 replies
- 0 views
The internet is now part of the network. That might sound like hyperbole, but the massive shift to hybrid and remote work and a multicloud environment means security teams must now defend their entire online ecosystem. Recent ransomware attacks against internet-facing systems have served as a wake-up call. Now that Zero Trust has become the gold standard for enterprise security, it’s critical that organizations gain a complete picture of their attack surface—both external and internal. Microsoft acquired RiskIQ in 2021 to help organizations assess the security of their entire digital enterprise.1 Powered by the RiskIQ Internet Intelligence Graph, organizations can disc…
-
- 0 replies
- 0 views
Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q1 Security Researcher Leaderboard are: Yuki Chen, William Söderberg, … Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers! Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 0 views
Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q1 Security Researcher Leaderboard are: Yuki Chen, William Söderberg, and Terry Zhang @pnig0s!
Last reply by Cloaked, -
-
The future of compliance and data governance is here: Introducing Microsoft Purview
by Guest Emma Jones- 0 replies
- 0 views
The worldwide shift to a hybrid workplace has pushed us all to embrace ubiquitous connectivity. Those new connections have helped us become more collaborative; routinely editing and sharing documents in real-time from wherever we happen to be working. Instant messaging went from being a tool of convenience to a cornerstone of communication. People in business, operations, and technical roles became adept at stitching together disparate solutions to meet changing needs. But constant connectivity brings evolving, inherent risks. Over the past two years, organizations have seen a massive increase in their digital footprint, leading to data fragmentation and growth across …
-
- 1 follower
- 4 replies
- 569 views
basically all my pc connected with ethernet to the modem, sometime work and sometime don't, when they don't i get the error "ip configuration not valid" This is happening from when i changed my modem/internet connection , probably is configured bad but i have no idea of how to check it This problem pops up only on pc connected with ethernet, all wifi device are connected and have no problem also if i change the spot of the ethernet cable multiple times then it work again, or if i do right click on the internet icon in the bottom right of windows and then "troubleshooting" Does anyone know why is happening and how i can fix it? thanks!
Last reply by toel, -
-
- FPCH Admin
- 0 replies
- 224 views
Today’s world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and what it means. This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the ground of reality. We start off with some observations and insights on how people are seeing Zero Trust, then highlight some great work at the National Institute of Standards and Technology (NIST) to make Zero Trust real using products available today, and then highlight work being done at The Open Group to standardize Zero Trust (including an origin story of The Jericho …
Last reply by AWS, -
-
- 0 replies
- 1 view
We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potential impact on customer privacy and security. Awards increase by up to … Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs Read More » Continue reading...
-
How to provide feedback on Windows 365
by Guest Bryan_Taylor- 0 replies
- 1 view
We're improving our product feedback and feature request process by integrating Windows 365 into the Microsoft Feedback Portal, a consolidated destination for providing feedback on the broad catalog of Microsoft products that support modern work, including Windows, Microsoft 365 Apps, and Microsoft Teams. Effective immediately, please submit any feedback and feature requests for Windows 365 by visiting https://aka.ms/w365feedback. We have begun the process of decommissioning the Windows 365 feature requests board here in the Windows Tech Community, which has now been set to read-only. If you previously submitted requests or feedback for Windows 365 via that board, rest…
-
-
- FPCH Admin
- 0 replies
- 0 views
We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potential impact on customer privacy and security. Awards increase by up to 30% ($26,000 USD total) for eligible scenario submissions.
Last reply by Cloaked, -
-
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
by Guest Paul Oliveria- 0 replies
- 0 views
As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could no longer be leveraged by operators to distribute the trojan or activate deployed payloads like ransomware. Moreover, we are sharing this intelligence to emphasize the importance of collaboration throughout the larger security community. Below, we will detail the various aspects for identifying a ZLoader campaign. Derived from the Zeus banking trojan first discovered in 2007, ZLoader is a ma…
-
-
- FPCH Admin
- 0 replies
- 251 views
As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft Detection and Response Team (DART) in collaboration with the Microsoft Threat Intelligence Center (MSTIC) identified a multi-stage attack targeting the Zoho Manage Engine Rest API authentication bypass vulnerability to initially implant a Godzilla web shell with similar properties detailed by the Unit42 team in a previous blog. Microsoft attributes this set of activity to HAFNIUM and not TG-3390/APT 27/IODINE as mentioned in the Unit42 blog. Microsoft observed HAFNIUM …
Last reply by AWS, -
-
Learn the latest cybersecurity techniques at the Microsoft Security Summit
by Guest Christine Barrett- 0 replies
- 1 view
In a world marked by change and uncertainty, innovation is more than a nice-to-have—it’s vital to any healthy organization. But fearless innovation becomes impossible when gaps in security can put those ideas at risk. Many organizations try to increase their defenses by piecing together a patchwork of security solutions over time. Not only is this piecemeal approach costly and difficult to manage, but it also leaves many security administrators wondering, “Did I miss something?” Safeguard your future with the latest security innovations On May 12, 2022, at the Microsoft Security Summit digital event, join other cybersecurity professionals in exploring how a com…
-
-
- FPCH Admin
- 1 follower
- 1 reply
- 387 views
As an IT admin, your job is to keep the devices and the people who use them in your organization protected and productive. Part of that is centered on the update experience, and today we want to announce some new capabilities that will make that experience better than ever. Windows 11 will soon enable you to have an update experience more tailored to your organization and a more user-friendly experience. If you are running Windows Insider Preview Build 21277 or later, you can take advantage of new capabilities in the native Windows Update experience and leverage the native update experience with Microsoft Endpoint Configuration Manager. Use the step-by-step guides b…
Last reply by Tony D, -
-
Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report
by Guest Christine Barrett- 0 replies
- 1 view
We are excited to share that Microsoft has been named a leader in The Forrester Wave: Enterprise Detection and Response, Q1 2022. Microsoft received one of the highest scores in the strategy category and strength of current offering category. In the Forrester Wave assessment, Microsoft Defender for Endpoint received the highest score possible in 15 separate criteria including endpoint telemetry, investigation capabilities, threat hunting capabilities, user experience, product vision, and innovation roadmap. “Microsoft has made itself a powerhouse in security innovation and EDR. Microsoft has a vision to protect all endpoints through a combination of prevention, det…
-
Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations
by Guest Katie McCafferty- 0 replies
- 0 views
For the fourth consecutive year, Microsoft 365 Defender demonstrated its industry-leading protection in MITRE Engenuity’s independent ATT&CK® Enterprise Evaluations. Showcasing the value of an integrated XDR based defense that unifies device and identity protection with a Zero Trust approach: Complete visibility and analytics to all stages of the attack chain 100% protection, blocking all stages in early steps Each attack generated a single comprehensive incident for the SOC Differentiated XDR capabilities with integrated identity protection Protection for Linux across all attack stages Deep integrated Windows device sensors Leading with product truth and a …
-
Microsoft’s Response to CVE-2022-22965 Spring Framework
by Guest msrc- 0 replies
- 1 view
Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability. Threat analysis of the … Microsoft’s Response to CVE-2022-22965 Spring Framework Read More » Continue reading...
-
Join us April 7th for Tech Community Live: Windows edition
by Guest Heather Poulsen- 0 replies
- 0 views
Today, we revealed new and upcoming features to help your organization (and IT team) support hybrid work across your Windows ecosystem efficiently and securely. If you have questions about these capabilities—or about deploying, securing, and managing Windows devices in general—join us this Thursday, April 7th, for the second Windows edition of Tech Community Live! Save the date, RSVP, and join any or all of the 3 Tech Community Live sessions: Tech Community Live: Windows edition How does it work? This event will feature three live-streamed Ask Microsoft Anything (AMA) sessions with creators and experts from the engineering and product teams answering questions …
-
Randomizing the KUSER_SHARED_DATA Structure on Windows
by Guest Rohit Mothe- 0 replies
- 0 views
Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization (KASLR) that increases the cost of exploitation, particularly for remote code execution exploits. Many kernel virtual address space (VAS) locations including kernel stacks, pools, system PTEs etc. are randomized. A well-known exception to this is the KUSER_SHARED_DATA structure which is a page … Randomizing the KUSER_SHARED_DATA Structure on Windows Read More » Continue reading...