Bleeping Computer: Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws

Bleeping Computer: Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws. “Today is Microsoft’s September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws. Five of the 63 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution, one of the most severe types of vulnerabilities.”

Ars Technica: Microsoft finds TikTok vulnerability that allowed one-click account compromises

Ars Technica: Microsoft finds TikTok vulnerability that allowed one-click account compromises. “Microsoft said on Wednesday that it recently identified a vulnerability in TikTok’s Android app that could allow attackers to hijack accounts when users did nothing more than click on a single errant link. The software maker said it notified TikTok of the vulnerability in February and that the China-based social media company has since fixed the flaw, which is tracked as CVE-2022-28799.”

Sky News: Criminals posting counterfeit Microsoft products to get access to victims’ computers

Sky News: Criminals posting counterfeit Microsoft products to get access to victims’ computers. “One such package seen by Sky News is manufactured to a convincing standard and contains an engraved USB drive, alongside a product key. But the USB does not install Microsoft Office when plugged in to a computer. Instead, it contains malicious software which encourages the victim to call a fake support line and hand over access to their PC to a remote attacker.”

Krebs on Security: Microsoft Patch Tuesday, August 2022 Edition

Krebs on Security: Microsoft Patch Tuesday, August 2022 Edition. “Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.”

Bleeping Computer: Microsoft starts blocking Office macros by default, once again

Bleeping Computer: Microsoft starts blocking Office macros by default, once again. “Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback. The change comes after the company improved its user and admin support documentation to make it easier to understand the available options when a macro is blocked.”

BetaNews: Microsoft changes its policy against the sale of open source software in the Microsoft Store

BetaNews: Microsoft changes its policy against the sale of open source software in the Microsoft Store . “Having previously upset software developers by implementing a ban on the sale of open source software in its app store, Microsoft has reversed its decision. The company says that it has listened to feedback — which was vocal and negative — and has updated the Microsoft Stores Policies, removing references to open source pricing. Microsoft has also clarified just why it put the ban in place.”

ZDNet: Microsoft makes sharing Excel workbooks in Teams happen in real-time with ‘Excel Live’

ZDNet: Microsoft makes sharing Excel workbooks in Teams happen in real-time with ‘Excel Live’. “Microsoft is continuing to make real-time collaboration actually work inside Teams. Its latest effort in this space is called Excel Live. This feature will be available in public preview at the end of August. Microsoft officials announced Excel Live on Day 1 of the company’s annual Inspire partner conference on July 19.”

Microsoft Blog: A street-by-street view of digital inequity in the United States

Microsoft Blog: A street-by-street view of digital inequity in the United States. “Today, Microsoft is releasing a new Digital Equity Data Dashboard to help create better understanding of the economic opportunity gaps in towns, cities and neighborhoods across the United States. The new tool was developed by our Chief Data Science Officer Juan Lavista Ferres and the Microsoft AI for Good Lab, and aggregates public data from the Census Bureau, Federal Communications Commission (FCC), BroadbandNow and Microsoft’s own Broadband Usage Data.”