Found 3 bookmarks
Newest
Microsoft Outlook to block more risky attachments used in attacks
Microsoft Outlook to block more risky attachments used in attacks
Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month. Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month. The company said on Monday in a Microsoft 365 Message Center update that Outlook will block .library-ms and .search-ms file types beginning in July. "As part of our ongoing efforts to enhance security in Outlook Web and the New Outlook for Windows, we're updating the default list of blocked file types in OwaMailboxPolicy," Microsoft said. "Starting in early July 2025, the [.library-ms and .search-ms] file types will be added to the BlockedFileTypes list."
#bleepingcomputer#EN#2025#Microsoft#New-Outlook#Outlook#Outlook-on-the-web#Windows
·bleepingcomputer.com·
Microsoft Outlook to block more risky attachments used in attacks
Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.
Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.
Researchers say the behavior amounts to a persistent backdoor. rom the department of head scratches comes this counterintuitive news: Microsoft says it has no plans to change a remote login protocol in Windows that allows people to log in to machines using passwords that have been revoked. Password changes are among the first steps people should take in the event that a password has been leaked or an account has been compromised. People expect that once they've taken this step, none of the devices that relied on the password can be accessed. The Remote Desktop Protocol—the proprietary mechanism built into Windows for allowing a remote user to log in to and control a machine as if they were directly in front of it—however, will in many cases continue trusting a password even after a user has changed it. Microsoft says the behavior is a design decision to ensure users never get locked out. Independent security researcher Daniel Wade reported the behavior earlier this month to the Microsoft Security Response Center. In the report, he provided step-by-step instructions for reproducing the behavior. He went on to warn that the design defies nearly universal expectations that once a password has been changed, it can no longer give access to any devices or accounts associated with it.
#arstechnica#EN#2025#RDP#revoked#passwords#Microsoft#Windows
·arstechnica.com·
Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.