A privilege escalation attack that is the combination of known issues and weaknesses with Microsoft Exchange will let users become Domain Administrators. No compromised credentials required.
Even with a regular software update cadence, some vulnerabilities are serious enough to warrant an emergency fix. Microsoft has released an out-of-band update addressing a remote code execution flaw in Internet Explorer.
A trio of problems caused by a software update in some of Microsoft's data centers led to a service outage for customers of the Microsoft Entra ID MFA service last week.
Microsoft customers now have the option of logging in to Windows, on desktop or mobile devices, with a FIDO2-compliant security key--and no password.
Adoption and support for two-factor authentication continues to expand, as Yubico and Microsoft introduce new products designed to make passwords a thing of the past.