Microsoft has revealed a serious security flaw in its Office software that could expose sensitive information to hackers. The unpatched vulnerability, labeled CVE-2024-38200 and rated 7.5 on the ...

Microsoft has urged its customers to be on high alert after discovering a dangerous vulnerability in hybrid Exchange deployments.

If an attacker gets admin control over the on-premises Exchange server, they can forge authentication tokens or make API ...

Microsoft: We're boosting our bug bounties for these high-impact security flaws Microsoft creates new categories with higher bonus awards for bugs affecting Office 365, Dynamics and Power Platform ...

July 21 (UPI) -- An investigation is underway after hackers used a security flaw in Microsoft software to internationally infiltrate agencies and businesses over the weekend.

The ongoing attacks on Office 365 on Windows Server 2008-2019, both on Windows 8.1 to 10, are infiltrating a security issue called the CVE-2021-40444. Office 365 Zero-Day Security Flaw: CVE-2021-40444 ...

You may like Microsoft releases urgent SharePoint security flaw patches - here's what you need to know, and how to update Microsoft Entra ID vulnerability allows full account takeover – and ...

The researchers at Aim Security dubbed the flaw “EchoLeak.” Microsoft told Fortune that it has already fixed the issue in Microsoft 365 Copilot and that its customers were unaffected.

Three Microsoft products were said to be affected: SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Server 2016. SharePoint Online (Microsoft 365) is not affected.

It affects both 32-bit and 64-bit versions of the product, including Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise.

The Microsoft Publisher flaw, CVE-2023-21715, is a security feature bypass vulnerability with an "important" severity rating from Microsoft. An attacker could bypass Office macro policies used to ...

WithSecure originally shared its discovery of the Office 365 vulnerability with Microsoft in January 2022. Microsoft acknowledged it and paid the researcher through its vulnerability reward ...