End-of-life doesn’t mean no longer a threat. Microsoft decided to release security updates for no longer supported Windows 2003 and Windows XP systems to fix a bug that could be exploited by a worm.
Users who hate having to change their Windows passwords every 60 days can rejoice: Microsoft now agrees that there is no point to forced password changes and will be removing that recommendation from its security recommendations.
Security professionals struggling with securely configuring Windows 10 devices can look at Microsoft's new security configuration framework.
Microsoft has taken over 99 domains used by the Phosphorus attack group, which has ties to the Iranian government.
From an attacker’s perspective, the wider the net cast, the more number of potential victims caught. So it’s no surprise that Recorded Future research indicates attackers continue to rely heavily on exploits targeting Microsoft applications.