Loading color scheme

Microsoft knows password-expiration policies are useless

Microsoft admitted today that password-expiration policies are a pointless security measure. Such requirements are "an ancient and obsolete mitigation of very low value," the company wrote in a blog post on draft security baseline settings for Windows 10 v1903 and Windows Server v1903. Microsoft isn't doing away with its password-expiration policies across the board, but the blog post makes the company's stance clear: expiring passwords does little good.

Read more
Microsoft: WinRAR exploit gives attackers 'full control' of Windows PC

Microsoft has detailed a March attack on Windows customers in the satellite and communications sectors using "unusual, interesting techniques" that bear the hallmarks of APT group MuddyWater.

The company's Office 365 ATP picked up archive (ACE) files loaded with the recently discovered WinRAR flaw, CVE-2018-20250, which has become widely used among cybercrime groups and nation-state hackers in recent months.

Read more