Top 10 IT Security Headlines of 2021 -- Redmondmag.com

Let's take a look back at our year of vulnerability exposures, reactionary patches and losing sleep over what security hole would emerge tomorrow.

10. April Microsoft Security Patches Released, Bringing More Critical Exchange Server Fixes (April 13 )
Microsoft released security updates for 114 common vulnerabilities and exposures (CVEs) in its software products, while also publishing a supplementary note urging organizations to apply the new April Exchange Server "Critical" patches "as soon as possible." [Read here]

9. Microsoft Issues Security Advisory on 'SeriousSAM' Elevation of Privilege Flaw in Windows Client Systems (July 21 )
Microsoft issued a security advisory about an elevation-of-privilege vulnerability (CVE-2021-36934) present in Windows 10 client operating systems. [Read here]

8. Another Windows Print Spooler Vulnerability Disclosed by Microsoft (Aug 13 )
Microsoft published a "Security Update Guide" notice on another Windows print spooler vulnerability, namely CVE-2021-36958. [Read here]

7. Microsoft and Security Researchers Describe Tips and Tools for Detecting Exchange Server Hafnium Attacks (March 8)
Microsoft updated its recommendations to organizations running Exchange Server, targeted in Hafnium nation-state attacks, by describing some new resources. [Read here]

6. Microsoft's June Windows Print Spool Patch Doesn't Block Remote Code Execution Attacks (June 30)
An "Important"-rated Windows print spool vulnerability (CVE-2021-1675), addressed by Microsoft via its June 8 security patch bundle, has emerged more recently as being subject to active attacks. [Read here]

5. Microsoft Issues Hafnium Security Fixes that Don't Require Latest Exchange Server Cumulative Updates (March 9)
Microsoft's Exchange team announced additional help for organizations having trouble trying to patch Exchange Server products quickly in response to the Hafnium attacks. [Read here]

4. 'Millions' of Dell Windows PCs Contain 'Critical' Driver Vulnerability (May 5)
Dell issued a support article describing a "Critical" vulnerability in the Dell dbutil driver affecting most Windows-based Dell computer users. [Read here]

3. Microsoft Issues Out-of-Band 'PrintNightmare' Windows Print Spooler Patch (July 7)
Microsoft announced the release of an "out-of-band" fix for a Windows print spooler vulnerability dubbed "PrintNightmare." [Read here]

2. Microsoft Releases Out-of-Band Security Patches for Exchange Server (March 3)
Microsoft released out-of-band security patches for Exchange Server to address multiple zero-day flaws that are currently being exploited in active attacks. [Read here]

1. Microsoft Clarifies Its 'PrintNightmare' Patch Advice (July 9)
Microsoft issued "clarified guidance" for organizations addressing a zero-day Windows printer spooler vulnerability dubbed "PrintNightmare.". [Read here]

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.