Windows administrators don't like zero day vulnerabilities. The good news about the new flaw in the TaskScheduler service is that a hotfix, or a micropatch, is available.
Microsoft has taken over six domains associated with a Russian-backed hacking group known to have targeted U.S. political campaigns and candidates.
The flaw in Microsoft's Active Directory Federation Services lets an attacker use the same second factor to bypass multi-factor authentication for any account running on the same service. Microsoft has patched the flaw.
Microsoft Edge now supports the Web Authentication API, allowing users to login to sites without needing a password.
Microsoft will do more than pay researchers bounties for finding and reporting vulnerabilities in Microsoft Account and Microsoft Entra ID in its Microsoft Identity Bounty Program. The company also wants vulnerabilities in select OpenID standards.