Explore Microsoft’s AI innovations at RSA Conference 2024
Will you be at the RSA Conference? Join us for Microsoft Pre-Day, sessions, and other events for insights on leading in AI. Keep reading for what to expect at the event.
Read about the latest updates to our Microsoft Security Experts product offerings.
Microsoft security researchers recently identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance. The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment to gain access and elevated permissions to a Microsoft SQL Server instance deployed in an Azure Virtual Machine (VM). The attackers then used the acquired elevated permission to attempt to move laterally to additional cloud resources by abusing the server’s cloud identity.
It’s Cybersecurity Awareness Month! Celebrate security with us and prioritize it year-round. Explore how Microsoft is continuously innovating and creating the #BeCybersmart kit to help you and your organization stay safe online.
Join Microsoft Security at Microsoft Ignite 2023 for the latest security insights, hands-on skilling, product innovations, in-person networking, and more.
Windows 11 is designed to simplify security with features from the chip to the cloud that are on by default. Since its launch, we’ve seen a 58 percent reduction in security. Learn more about the new features.
Today, Microsoft announced several major innovations to empower people across work and life and redefine how we live and work with AI.
For the fifth consecutive year, Microsoft 365 Defender demonstrated leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and showcases Microsoft 365 Defender as a leading solution, enabled by next-gen protection, industry-first capabilities like automatic attack disruption, and more.
Microsoft is proud to be recognized as a Leader in The Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.
Since February 2023, Microsoft has observed a high volume of password spray attacks attributed to Peach Sandstorm, an Iranian nation-state group. In a small number of cases, Peach Sandstorm successfully authenticated to an account and used a combination of publicly available and custom tools for persistence, lateral movement, and exfiltration.
A set of memory corruption vulnerabilities in the ncurses library could have allowed attackers to chain the vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious actions.