IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [microsoft]

108 questions
52
votes
10 answers

Replacing Windows 7 security updates with anti-virus?

Microsoft has announced Windows 7 will no longer be receiving updates after January 14, 2020: Here. I hate windows 10's forced updates and telemetry so I have always stuck with Windows 7, but it may be as good as dead after the lack of security…
TritiumCat
  • 593
  • 1
  • 4
  • 10
39
votes
4 answers

Microsoft email servers "require remote control of Android device security features"

Just tried to set up my student email address with the default email client on my Android device. The email servers used by the university are outlook.office365.com (incoming) and smtp.office365.com (outgoing). So I set it up like I always do with a…
voices
  • 1,649
  • 7
  • 22
  • 36
26
votes
2 answers

What's the point of Microsoft Account 2FA if it still lets me log in using password instead?

I have a Microsoft Account linked to a Microsoft Authenticator app for 2FA purposes. Every time I log in, it first sends me the Authenticator request, but I can always click "Other ways to sign in" and then choose "Use my password instead", which…
mehov
  • 421
  • 4
  • 9
20
votes
5 answers

KeePass Vs OneNote

In my personal life, I use KeePassX to generate/store all my passwords. I have seen some people use a password protected OneNote section. Does the password protected OneNote section provide a comparable level of security to KeePass? Or is the…
pat
  • 211
  • 1
  • 2
  • 5
8
votes
1 answer

Is this Windows local code execution bug also a security vulnerability?

I stumbled on a Windows bug leading to code execution. I believe it should be categorized as a vulnerability but Microsoft does not recognize it as such. I would like to read other opinions. Functionality The bug affects the context menu "Open…
Enos D'Andrea
  • 1,047
  • 5
  • 12
6
votes
2 answers

After changing Microsoft password, one can still login to previously authenticated Windows devices with old password indefinitely. Why?

Has anyone else noticed that if you are using a Microsoft account for Windows, after changing your password, the old password can still be used indefinitely on previously authenticated devices? I have one I changed a year ago and it still works to…
dyasta
  • 173
  • 1
  • 7
6
votes
2 answers

Windows Privilege Escalation system shell dies quickly

I have a user restricted shell and I used a host upnpn exploit which gives me root access to nc.exe. I am able to get a shell as SYSTEM but it dies after 30 seconds due to the service being unrecognised and then terminates. Within this time, what…
Anderson
  • 475
  • 6
  • 12
6
votes
1 answer

Curious about Microsoft "Buffer Security Check" implementation

A very quick background to help you answering my questions : Learning IDA Interactive Disassembler, the old free edition (too expensive for a hobbyist) 15 year Linux Sysadmin & DBA experience Hobbyist coder (C/ASM/Fortran/...) Not very…
ker2x
  • 163
  • 4
6
votes
2 answers

Can Google Docs be used to “sanitize” a Word or Excel document?

Sometimes I have to download some Word or Excel documents from uncredible sites. I need not only to read but also to edit them. I heard that the Microsoft Office suite is a very popular attack vector. Although I patch my Windows and Office regularly…
user129187
5
votes
1 answer

Is this email from OneDrive a phishing attack?

Today I received an email claiming that my OneDrive account is going to be deleted as it has been unused for the past two years. This is probably true. The email urges me to visit OneDrive to reactivate my account before a date roughly 3 months from…
Kelly Bang
  • 179
  • 1
  • 1
  • 7
5
votes
1 answer

I ran netstat and one thing that came up was MSN bingbot, does that mean my computer is being used as part of a Microsoft botnet?

I ran netstat on my computer, and one thing that came up was msnbot-65-52-108-216. I did some research and what came up was that it's from an IP originating in Redmond, Washington and that it's likely Microsoft Bing bot or something like that. Does…
Mr. Chameleon
  • 333
  • 1
  • 7
5
votes
2 answers

Is there an equivalent of Control Flow Guard for Linux?

Introduced by Microsoft in recent versions of Windows and its compilers, Control Flow Guard is a useful defence in depth measure in the mitigation of return-oriented programming exploits. My question is, is there any equivalent of this available or…
James Jameson
  • 51
  • 2
4
votes
1 answer

Why did Microsoft publish the CPassword AES key ca. 2012?

As outlined in Security Bulletin MS14-025, Microsoft acknowledges the way credentials had been stored in the group policy field "CPassword" is insecure and is not to be trusted any more. However according to their own Developer Documentation, they…
Al Longley
  • 143
  • 4
4
votes
0 answers

Where can I find a list of all government agencies with CAs in PKI root stores?

Is there a source that monitors popular root stores for CAs controlled by government agencies? There are several "root stores" that maintain a list of trusted root CAs. These root stores are imported and used by thousands (millions?) of apps to…
Michael Altfield
  • 826
  • 4
  • 19
4
votes
2 answers

Is 'account-security-noreply@accountprotection.microsoft.com' a legitimate sender of security alerts?

I have been getting emails from "account-security-noreply@accountprotection.microsoft.com" (as verified in metadata) about unusual activity. The internet has very conflicting information about if these emails are legitimate or not. Microsoft's own…
WakeDemons3
  • 161
  • 1
  • 1
  • 3
1
2 3 4 5 6 7 8