close
The Wayback Machine - https://web.archive.org/web/20240822151236/https://www.microsoft.com/en-us/security/blog/
Skip to main content
Microsoft Security

Microsoft Security Blog

Forward facing view of two men working on a Microsoft Surface Studio with a larger blurred screen/display behind them.
Published
5 min read

How Microsoft and NIST are collaborating to advance the Zero Trust Implementation 

Both Microsoft and the National Institute of Standards and Technology (NIST) National Cyber security Center of Excellence (NCCoE) have translated the Zero Trust Architecture (ZTA) and Security Model into practical and actionable deployment. In this blog post, we explore details of their collaboration on a Zero Trust (ZT) implementation and what this learning pathway means for your organization.​​

Latest posts
Two colleagues in a courtyard on a laptop

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE 

Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information.

Two men looking at a laptop

Onyx Sleet uses array of malware to gather intelligence for North Korea 

On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. We will continue to closely monitor Onyx Sleet’s activity to assess changes following the indictment.

Tailored AI insights from Microsoft Security Copilot

Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.

BERJAYA
Photo of a worker using industrial tool in electronics factory assembly line.

Vulnerabilities in PanelView Plus devices could lead to remote code execution 

Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell’s PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). PanelView Plus devices are graphic terminals, which are known as human machine interface (HMI) and are used in the industrial space.

Go beyond data protection with Microsoft Purview

Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.

BERJAYA
Man at laptop in room

Mitigating Skeleton Key, a new type of generative AI jailbreak technique 

Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models. This new method has the potential to subvert either the built-in model safety or platform safety systems and produce any content. It works by learning and overriding the intent of the system message to change the expected behavior and achieve results outside of the intended use of the system.