English - French - Italian

Microsoft

Dual-Boot Linux broken after Windows security update

Peter • Sunday, August 25, 2024 • 2 mins read (300)

The issue:

A monthly Windows update pushed on August 13 has disrupted dual-boot systems running both Windows and Linux.
The update, released on August 13, aimed to fix a two-year-old vulnerability (!) (CVE-2022-2601) related to the GRUB bootloader but, according to Microsoft, inadvertently caused boot failures for many users:

"the update would apply to "dual-boot systems that boot both Windows and Linux and should not affect these systems."
But in fact... after update several users, reported that they were shown the following (lovely and generic) error: Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation'

Microsoft

MFA mandatory for Azure services, soon

Peter • Friday, August 23, 2024 • 1 min read (205)

The good intention:

Microsoft will implement mandatory multi-factor authentication (MFA) for all Azure services starting October 2024. This move aims - of course - to enhance security by ensuring that users verify their identity through multiple methods before accessing services. The requirement will apply to all Azure users, including those with existing accounts.

Microsoft

Simple CSS can be used to bypass anti-phishing Outlook warning...

Peter • Wednesday, August 7, 2024 • 2 mins read (228)

The issue:

To help user to pay better attention to email from unfamiliar addresses, Microsoft 365 add a warning to the email stating “You don't often get email from xyz@example.com. Learn why this is important”.
The so called "First Contact Safety Tip" (from Exchange Online Protection (EOP) and Microsoft Defender).

Microsoft

New Outlook flaw: MonikerLink

Peter • Monday, February 19, 2024 • 1 min read (142)

The good:

Microsoft Outlook attachments and links cannot be downloaded by default to prevent exploit (let say a malicious script execution).
A (wellknown) readonly feature called Office Protected View.