Microsoft Support & Discussions
Free PC Help Forum microsoft products support and discussions. If you need help with Microsoft Windows, Windows Server software, Microsoft 365, Microsoft Azure or any other Microsoft product you can post here. If you want to discuss Microsoft and their line of products you can do that here also.
84,928 topics in this forum
-
Build a stronger cybersecurity team through diversity and training
by Guest Pooja Parab- 0 replies
- 1 view
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series, Microsoft Security Product Marketing Manager Natalia Godyla talks with Heath Adams, Chief Executive Officer (CEO) at TCM Security about being a mentor, hiring new security talent, certifications, upskilling, the future of cybersecurity training, and lots more. Natalia: What do you recommend to security leaders concerned with the talent shortfall? Heath: There needs to be more openness and getting away from gatekeeping. In this industry, there’s a lot of, “I went throug…
-
An Armful of CHERIs
by Guest Saar Amar- 0 replies
- 1 view
Today, Arm announced that the first silicon supporting the Morello prototype architecture, a research project led by Arm, Microsoft, University of Cambridge and others, is now available on a limited run of demonstration boards, which are being shipped from today to industry partners for testing. Morello is the first high-performance implementation of the CHERI extensions. … An Armful of CHERIs Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 0 views
Today, Arm announced that the first silicon supporting the Morello prototype architecture, a research project led by Arm, Microsoft, University of Cambridge and others, is now available on a limited run of demonstration boards, which are being shipped from today to industry partners for testing. Morello is the first high-performance implementation of the CHERI extensions.
Last reply by Cloaked, -
-
Destructive malware targeting Ukrainian organizations
by Guest Microsoft 365 Defender Threat Intelligence Team- 0 replies
- 0 views
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in Ukraine and surrounding region and encourages organizations to use the information in this post to proactively protect from any malicious activity. While our investigation is continuing, MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malware, which is designed to look like ransomware …
-
Learn about 4 approaches to comprehensive security that help leaders be fearless
by Guest Emma Jones- 0 replies
- 0 views
The last 18 months have put unprecedented pressure on organizations to speed up their digital transformation as remote and hybrid work continue to become the new normal. Yet even with all the change and uncertainty, having the right security support system in place means your organization can still move forward confidently to turn your vision into reality. I’ve seen our customers demonstrate this fearlessness every day, and I love learning from them as we stand together against ongoing threats. According to the Microsoft Zero Trust Adoption report,1 security is the top concern for organizations moving to hybrid work, and it’s the number one reason that security profess…
-
-
- FPCH Admin
- 0 replies
- 352 views
With five months left until Internet Explorer 11 (IE11) retires on June 15, 2022 (for certain versions of Windows 10), it’s time to configure and test Internet Explorer (IE) mode in Microsoft Edge to make sure your business and your users are ready. This is also crucial if you are planning to upgrade to Windows 11 as Microsoft Edge with IE mode has officially replaced IE11 on that operating system and cannot be installed. If you’re just getting started with IE mode, stop before reading past this paragraph! We recommend you read our IE mode Getting Started Guide on our website or attend one of our webinars. While we wish we could offer 1:1 consultation for everyone, cus…
Last reply by AWS, -
-
New testing tools and tips to help prepare for IE retirement
by Guest Eric_VanAelstyn- 0 replies
- 1 view
With five months left until Internet Explorer 11 (IE11) retires on June 15, 2022 (for certain versions of Windows 10), it’s time to configure and test Internet Explorer (IE) mode in Microsoft Edge to make sure your business and your users are ready. This is also crucial if you are planning to upgrade to Windows 11 as Microsoft Edge with IE mode has officially replaced IE11 on that operating system and cannot be installed. If you’re just getting started with IE mode, stop before reading past this paragraph! We recommend you read our IE mode Getting Started Guide on our website or attend one of our webinars. While we wish we could offer 1:1 consultation for everyone, cus…
-
Microsoft Zero Trust solutions deliver 92 percent return on investment, says new Forrester study
by Guest Pooja Parab- 0 replies
- 0 views
In the last two years, we’ve seen a staggering increase in the adoption of cloud-based services, remote work solutions, bring your own device (BYOD), and IoT devices as organizations digitally transform themselves to enable a hybrid workforce.1 Zero Trust has become the essential security strategy for successfully preventing data breaches and mitigating risk in today’s complex cybersecurity landscape. Implementing a Zero Trust security strategy, however, is a significant undertaking that requires in-depth planning, cross-company collaboration, and resources. Organizations need solutions that simplify and accelerate the adoption of Zero Trust by offering flexibility, in…
-
Coming Soon: New Security Update Guide Notification System
by Guest Lisa Olson- 0 replies
- 0 views
Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we have been working to make signing up for and receiving Security Update Guide notifications easier. We are excited to share that starting today, you can … Coming Soon: New Security Update Guide Notification System Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 0 views
Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we have been working to make signing up for and receiving Security Update Guide notifications easier. We are excited to share that starting today, you can sign up with any email address that you want and receive notifications at that email address.
Last reply by Cloaked, -
-
Align your security and network teams to Zero Trust security demands
by Guest Pooja Parab- 0 replies
- 0 views
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Jennifer Minella, Founder and Principal Advisor on Network Security at Viszen Security about strategies for aligning the security operations center (SOC) and network operations center (NOC) to meet the demands of Zero Trust and protect your enterprise. Natalia: In your experience, why are there challenges bringing together networking and security teams? Jennifer: Ultimately, it’s about trust. As someone wh…
-
-
- FPCH Admin
- 0 replies
- 367 views
Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Apple released a fix for this vulnerability, now identified as CVE-2021-30970, as part of security updates released on December 13, 2021. We encourage macOS users to apply these security updates as soon as possible. Introduced by Apple in 20…
Last reply by AWS, -
-
What you need to know about how cryptography impacts your security strategy
by Guest Pooja Parab- 0 replies
- 1 view
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Taurus SA Co-founder and Chief Security Officer Jean-Philippe “JP” Aumasson, author of “Serious Cryptography.” In this blog post, JP shares insights on learning and applying cryptography knowledge to strengthen your cybersecurity strategy. Natalia: What drew you to the discipline of cryptography? JP: People often associate cryptography with mathematics. In my case, I was not good at math when I…
-
Azure App Service Linux source repository exposure
by Guest msrc- 0 replies
- 1 view
MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an application configured to serve static content, makes it possible … Azure App Service Linux source repository exposure Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 0 views
MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an application configured to serve static content, makes it possible for others to download files not intended to be public.
Last reply by Cloaked, -
-
Modernize security with Microsoft Edge and IE mode
by Guest Gennevi- 0 replies
- 1 view
Are you ensuring your organization is secured with a modern web browser? On June 15, 2022, Internet Explorer 11 (“IE11”) desktop application will retire and go out of support for certain versions of Windows 10. With the rise of phishing attacks and users spending 60% of their time in the browser while on a PC, the browser is an important vector to consider in your organization’s Zero Trust strategy. The shift to remote and hybrid work has increased our reliance on web applications, both modern and legacy, that are critical for business productivity and success. This means that choosing the right browser for your business is crucial in defending against the evolving threat…
-
The final report on NOBELIUM’s unprecedented nation-state attack
by Guest Pooja Parab- 0 replies
- 1 view
This is the final post in a four-part series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM” pulls the curtain back on the NOBELIUM incident and how world-class threat hunters from Microsoft and around the industry came together to take on the most sophisticated nation-state attack in history. In this last post, we’ll reflect on lessons learned as covered in the of the docuseries. Nation-state attacks are a serious and growing threat that organizations of all sizes fac…
-
Windows 365 Business supports Windows 11 and enhanced admin capabilities
by Guest Joydeep Mukherjee- 0 replies
- 1 view
Originally announced at Microsoft Ignite earlier this year, the following new capabilities are now generally available for all Windows 365 Business customers: Windows 11 support: Experience Windows 11 in the cloud on any device. Windows 365 Business provides a powerful, simple, and secure Windows 11 experience for your users. Enhanced admin capabilities: Benefit from new lifecycle management features, including setting the default operating system (OS) and account type for your users' devices at the organizational level, as well as device-level actions on individual Cloud PCs. Microsoft Graph API availability: Graph APIs are available for Windows 365 Business, so or…
-
Researcher Spotlight: Dr. Nestori Syynimaa’s Constant Mission Protecting Identities
by Guest Stephanie Calabrese- 0 replies
- 0 views
“When you find the things I find, they really matter. They affect everybody’s security.” Currently streaming: The Expanse and Lost in Space on Netflix Currently listening to: Amorphis, Architects, and Killswitch Engage Currently running: 130 kilometers (or ~80 miles) a month Currently playing: Floorball (a type of floor hockey with five players and a goalkeeper) … Researcher Spotlight: Dr. Nestori Syynimaa’s Constant Mission Protecting Identities Read More » Continue reading...
-
Your guide to mobile digital forensics
by Guest Emma Jones- 0 replies
- 0 views
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cellebrite Senior Director of Digital Intelligence Heather Mahalik. In this blog post, Heather talks about digital forensics, from technical guidance to hiring best practices, with a special focus on mobile forensics. Natalia: What is digital forensics and why is it important? Heather: Cybersecurity is more about prevention, protection, and defense. Digital forensics is the response and is typically trigg…
-
-
- FPCH Admin
- 0 replies
- 0 views
“When you find the things I find, they really matter. They affect everybody’s security.” Currently streaming : The Expanse and Lost in Space on Netflix Currently listening to : Amorphis, Architects, and Killswitch Engage Currently running : 130 kilometers (or ~80 miles) a month Currently playing : Floorball (a type of floor hockey with five players and a goalkeeper)
Last reply by Cloaked, -
-
Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation
by Guest Microsoft 365 Defender Threat Intelligence Team- 0 replies
- 0 views
Microsoft’s unified threat intelligence team, comprising the Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, RiskIQ, and the Microsoft Detection and Response Team (DART), among others, have been tracking threats taking advantage of CVE-2021-44228, a remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as “Log4Shell”. The vulnerability allows unauthenticated remote code execution, and it is triggered when a specially crafted string provided by the attacker through a variety of different input vectors is parsed and processed by the Log4j 2 vulnerable component. For more technical and mitigation information…
-
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
by Guest MSRC Team- 0 replies
- 0 views
Published on: 2021 Dec 11 SUMMARY Microsoft is investigating the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. As we and the industry at large continue to gain a deeper understanding of the impact of this threat, we will publish technical … Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 0 views
Published on: 2021 Dec 11, updated 2022 Apr 6. SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outside of the initial disclosure involving Minecraft: Java Edition, to the security of our enterprise services and has not experienced any degradation in availability of those services as a result of this vulnerability.
Last reply by Cloaked, -
-
-
- FPCH Admin
- 1 follower
- 1 reply
- 298 views
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan, Qakbot has evolved into a multi-purpose malware that provides attackers with a wide range of capabilities: performing reconnaissance and lateral movement, gathering and exfiltrating data, or delivering other payloads on affected devices. Its modular nature allows Qakbot to persist in today’s computing landscape because it enables attackers to pick and choose the “building blocks” …
Last reply by Tony D, -