Office 365 Threats
The latest Office 365 Threats coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft’s 2011 Secure Boot Certificates Are Expiring: What Windows Users and Admins Must Do Before June 2026
Microsoft's 2011 Secure Boot certificates expire in June and October 2026, requiring updates to firmware and Windows. Home users should keep Windows and firmware current; IT admins must audit devices, test updates, and plan for hardware that may need replacement. Simply enabling Secure Boot is not enough—organizations must verify new certificates are installed.
Google’s Gemini Enterprise Connector Overhaul Could Break Your Microsoft 365 Integrations – Here’s How to Prepare
Google is rolling out a Gemini Enterprise connector upgrade that forces reauthorization of existing connections, potentially disrupting Microsoft 365 and third-party integrations. IT admins need to audit connectors, prepare for permission prompts, and test workflows to avoid service outages.
Microsoft to Disable RC4 Kerberos Encryption by Mid-2026: What IT Admins Must Do Now
Microsoft announced that by the end of Q2 2026, Active Directory domain controllers will no longer treat RC4 as a default Kerberos encryption type. This article explains the timeline, the impact on organizations, and provides a step-by-step action plan for IT admins—from auditing event logs to remediating legacy accounts and applying Group Policy exceptions—ensuring a smooth transition ahead of the deadline.
Neowin’s New Winget Safety Guide: Why You Should Never Install Apps Without an Exact ID
A new guide from Neowin warns Windows 11 users that installing winget packages without exact IDs can lead to unwanted or malicious software. It recommends a three-step process: search, inspect, and install with precise identifiers to avoid security risks in the growing winget ecosystem.
Android 16 Lock-Screen Flaw Lets Anyone Send Texts via Gemini—Here's How to Block It Now
A lock-screen vulnerability in Android 16 allows anyone with physical access to a phone to send SMS messages via Google Gemini without a PIN, even when the user had revoked messaging permissions. Google is rolling out a fix, but as of July 19 there's no device-by-device confirmation, so affected users should immediately disable Gemini's lock-screen messaging features and check for unauthorized app integrations.
Microsoft Sets Hard Deadline: SMS MFA Retires in Entra ID by 2027, Passkeys Take Over
Microsoft will retire its built-in SMS and voice MFA for Entra ID on February 1, 2027, forcing organizations to move users to phishing-resistant passkeys or risk account lockouts. The change brings a two-phase rollout starting September 2026, with a hard no-opt-out deadline that requires immediate planning, piloting, and communication.
Office LTSC 2021’s Final Countdown: Plan Your Exit Before the 2026 Security Shutdown
Microsoft will end support for Office LTSC 2021, Project LTSC 2021, and Visio LTSC 2021 on October 13, 2026. After that date, no security updates or technical support will be provided, leaving users at risk. This article explains the practical impact, offers a step-by-step migration plan to Microsoft 365 Apps or Office LTSC 2024, and highlights the special considerations for Project and Visio.
The Hidden Danger in 'winget upgrade --all' That Could Break Your Company's PCs
The 'winget upgrade --all' command is popular for updating Windows apps, but it lacks a critical filter to separate apps that need administrator rights from those that don't. This flaw, tracked in GitHub issue #2706 since 2022, can cause broken installs, lost user settings, and compliance headaches on managed PCs. IT teams should replace blanket updates with a curated, tested catalog and script narrow upgrades by package ID—using WinGet as an engine, not a policy manager.
Windows 10 security updates just stopped—how to enroll in paid patches before the October 2026 cutoff
Windows 10 support ended on October 14, 2025. Here’s how consumers and businesses can enroll in paid Extended Security Updates to keep getting critical fixes, and what deadlines they face.
Microsoft July Patches: 2 Zero-Days Under Active Attack; Critical Fixes for Gamers and Firmware
Microsoft’s July 14, 2026 Patch Tuesday delivered 570 fixes, including actively exploited zero-days in SharePoint and ADFS that demand immediate patching. The update also patches critical gaming server and client vulnerabilities in Minecraft and Age of Empires II, DirectX privilege escalation, Lenovo BIOS flaws, and a Supermicro BMC issue. A practical, prioritized checklist helps admins and home users navigate the sprawling release.
Windows 11 23H2 Home and Pro Are Unsupported – Enterprise Still Has Until 2026
Windows 11 version 23H2 support status depends entirely on the installed edition. Home and Pro editions lost security updates months ago, while Enterprise and Education remain supported until November 2026. Users must identify their edition and upgrade immediately if unprotected.
Last Call for Windows Server 2012 R2 Security Patches: Deadline Is October 13, 2026
Microsoft will end Extended Security Updates for Windows Server 2012 and 2012 R2 on October 13, 2026, with no further extensions. IT teams must now inventory their entire server estate, categorize each workload for retirement, rebuilding on a supported OS, migration to Azure, or temporary containment, and verify that existing ESU coverage is actually delivering patches. This article provides a practical playbook for auditing, planning, and executing the migration before the final deadline.
Across Protocol Restarts Solana Deposits After July 17 Attack; Relayer Absorbed Hit, Users Protected
Across Protocol resumed Solana deposits on July 18 after an attacker tricked a relayer into paying out on a failed transaction. The protocol's intent-based architecture ensured no user funds were lost, with the relayer (operated by Risk Labs) absorbing the financial hit. The incident echoes an April vulnerability disclosure about Solana's event model and raises broader lessons for developers and IT professionals about verifying off-chain signals.