$type=slider$show=home$snippet=hide$cate=0$h=500$va=0$rm=0

Some Microsoft Office updates are being flagged as ransomware threats

Some recently-released Microsoft Office updates are causing the company's Defender for Endpoint platform to raise the alarm about cybe...

Some recently-released Microsoft Office updates are causing the company's Defender for Endpoint platform to raise the alarm about cyberattacks, it has warned.

The security tool was found to be labelling the Office updates as potential ransomware behavior, and given how prevalent supply chain attacks are, it’s no wonder people took it seriously.

Microsoft was quick to react, confirming the warnings were in fact only a false positive alert, and quickly tweaked Defender for Endpoint to alleviate the issue.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window <<

"Starting on the morning of March 16th, customers may have experienced a series of false-positive detections that are attributed to a Ransomware behavior detection in the file system,” Microsoft said in its report. “Admins may have seen that the erroneous alerts had a title of 'Ransomware behavior detected in the file system,' and the alerts were triggered on OfficeSvcMgr.exe." 

Office updates

The company added that the issue concerned a problem with the code that was swiftly addressed.

"Our investigation found that a recently deployed update within service components that detect ransomware alerts introduced a code issue that was causing alerts to be triggered when no issue was present. We deployed a code update to correct the problem and ensure that no new alerts will be sent, and we've re-processed a backlog of alerts to completely remediate impact."

This is not the first time Defender for Endpoint has seen issues with false positives. In early December 2021, the antivirus program prevented users from opening some Office files and launching various applications, triggering false positives related to Emotet malware.

Back then, the program detected print jobs as Emotet malware, as well as any Office app using MSIP.ExecutionHost.exe and slpwow64.exe.

Following this, Microsoft reportedly tried to increase the sensitivity of its filters for detecting Emotet and similar activity, due to the malware’s recent resurgence.

Emotet, which is believed to have originated in Ukraine, was almost extinct at the start of last year, after law enforcement seized control of Emotet infrastructure and reportedly arrested individuals linked with the operation.

However, since mid-November 2021, new Emotet samples have started popping up once again. These are quite similar to the previous strain, but have a different encryption scheme, and are being delivered to machines infected by TrickBot.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/IysdeTX
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3856,Business,149,Camera,1155,Earn $$$,2,Gadgets,1740,Games,926,GTA,1,Innovations,2,Mobile,1696,Paid Promotions,4,Promotions,4,Technology,7935,Trailers,796,Travel,37,Trendly News,23746,Video,5,XIAOMI,13,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Some Microsoft Office updates are being flagged as ransomware threats
Some Microsoft Office updates are being flagged as ransomware threats
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/03/some-microsoft-office-updates-are-being.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/03/some-microsoft-office-updates-are-being.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy