Neowin News Feed for: Msrc

New phishing scam uses legit software to hijack computers, but the real story is even wilder

Ivan Jenic — Wed, 04 Mar 2026 05:28:01 +0000

Shell companies, EV certificates, and malware subscription services: take a closer look at one of the most audacious phishing scams in recent memory. Read more...

Microsoft blocks a way for user sign-in on Windows 11 25H2 24H2, and for good reason

Sayan Sen — Fri, 13 Feb 2026 14:54:01 +0000

Microsoft has recently blocked a convenient way to sign-in or authenticate on all Windows 11 versions as well as on 10. The company has explained why. Read more...

Microsoft Copilot's quiet flaw exposes audit log failures

Paul Hill — Wed, 20 Aug 2025 03:22:01 +0000

A researcher who reported a serious issue to Microsoft related to Copilot messing with audit logs has hit out at the firm for failing to inform customers. Read more...

A 13-year-old prodigy helped improve the security of Microsoft products

Usama Jawad — Wed, 02 Jul 2025 10:28:01 +0000

Microsoft has shared the story of a child prodigy, with whom the company has been working since he was 13 years old, to improve the security of its products. Read more...

Microsoft shares "immediate remediation" script if you deleted this Windows system folder

Sayan Sen — Fri, 06 Jun 2025 21:44:01 +0000

Microsoft has shared a PowerShell script in case you mistakenly deleted a system folder believing it was malicious. The company recommends "immediate remediation." Read more...

Microsoft posts guidance for CVE-2024-21302 VBS flaw that downgrades modern Windows PCs

Sayan Sen — Wed, 14 Aug 2024 16:36:01 +0000

Microsoft has published a detailed guidance post on how to deal with a recently uncovered security vulnerability that can downgrade almost all modern Windows 11/10/Server PCs with VBS. Read more...

Critical vulnerability in Microsoft Azure Health Bot Service exposed cross-tenant resources

Pradeep Viswanathan — Wed, 14 Aug 2024 04:54:02 +0000

Tenable discovered two security vulnerabilities in Microsoft's Azure Health Bot service. The first vulnerability, found in the "Data Connections" feature, allowed unauthorized access to resources. Read more...

Microsoft shares official Windows Registry tweak as the Spectre still haunts Intel in 2024

Sayan Sen — Sat, 13 Apr 2024 18:34:02 +0000

Remember the Spectre CPU vulnerability that reared its head for the first time in 2017? Variant 2 of Spectre is back, and as such, Microsoft has published guidance about the mitigation. Read more...

Microsoft calls out security firm for exaggerating impact of BlueBleed misconfiguration

Usama Jawad — Thu, 20 Oct 2022 04:46:01 +0000

Microsoft has published an advisory about a misconfiguration that led to its own, customer, and partner data being exposed. It has also called out security researchers for mishandling the disclosure. Read more...

Microsoft accused of slashing bug bounty rewards by up to 90%, allege security researchers

Sayan Sen — Tue, 23 Nov 2021 15:48:01 +0000

Microsoft has been accused of slashing bug bounty reward money by large amounts by several security researchers. One of them said his finding was worth just 10% compared to the earlier value. Read more...

Microsoft acknowledges Windows zero-day that leverages Office files for attacks

Abhay V — Wed, 08 Sep 2021 16:14:01 +0000

Microsoft has acknowledged that it is investigating a Windows zero-day vulnerability that is currently being exploited in the wild. The firm has provided a workaround that involves AcitveX controls. Read more...

Spectre Variant 4 disclosed, mitigations to result in another performance hit

Usama Jawad — Tue, 22 May 2018 04:52:01 +0000

New variants of Spectre have been discovered by Microsoft and Google, which allow attackers to read privileged data. While mitigations will be available soon, they will result in a performance hit. Read more...