Global Scans · Microsoft · Weekly Summary

• [New] Microsoft's Security Copilot or Azure Sentinel could even be used to keep an eye on AI agent activities, with pre-built analytics rules for anomalies. CIAOPS
• [New] Companies like Microsoft have implemented AI-based models to rank vulnerabilities based on exploitability, helping their teams tackle critical issues first. Pressmaverick -
• [New] A critical security vulnerability in Microsoft Copilot that could have allowed attackers to easily access private data serves as a potent demonstration of the real security risks of generative AI. AIwire
• [New] Microsoft 365 Copilot, the AI tool built into Microsoft Office workplace applications including Word, Excel, Outlook, PowerPoint, and Teams, harbored a critical security flaw that, according to researchers, signals a broader risk of AI agents being hacked. Fortune
• [New] Microsoft Office applications received significant attention with multiple critical remote code execution fixes, including heap-based buffer overflow vulnerabilities that could enable local code execution without user interaction. CybersecurityNews
• [New] AI and technological innovation fueled outperformance in the technology sector, though worries about slowing capital expenditures by firms like Meta and Microsoft introduced risks. Day Hagan Asset Management
• [New] Many SMB-focused security providers (Microsoft, for instance, is adding predictive features to its Defender suite) now include dashboards that forecast risk levels and suggest hardening actions. Northern Technologies Group
• [New] Big tech firms set ambitious climate pledges years ago after facing pressure from their employees, but Amazon, Microsoft and Google have all since acknowledged that the race to build new data centers and develop AI could complicate their long-term climate objectives. Insurance Journal
• Microsoft, like many vendors, must navigate a minefield: threat actors have reduced their time-to-exploit and are targeting patch diffing techniques to reverse-engineer advisories for new attacks. Windows Forum
• Tarana's collaboration with Microsoft will help lower the cost of ngFWA equipment for internet service providers in Africa and assist with deployment logistics, enabling them to deliver life-changing internet access far faster and more cost-effectively. Yahoo Finance
• Amazon, Google, Meta, and Microsoft are projected to collectively invest $371 billion in Al data centers and computing resources in 2025, a 44% increase from the previous year. Magzter
• Companies like Google, Microsoft, and Amazon are already investing heavily in AI agent technology, and it's likely that we will see even more innovation in the coming years. SuperAGI
• Researchers have disclosed a critical vulnerability in Microsoft Copilot, dubbed EchoLeak (CVE-2025 - 32711), which could have allowed remote attackers to steal sensitive data without any user interaction. MapleTronics
• Critical vulnerabilities in UEFI firmware, urgent patches from Microsoft, and large-scale operations against malware networks underscore ongoing threats and response efforts. Cybersecurity News Everyday
• Microsoft has patched a critical vulnerability in Windows SMB that could allow attackers to gain SYSTEM-level privileges. Softcat
• Researchers at Oasis have identified a vulnerability in Microsoft OneDrive that allows third-party websites to access all cloud storage content, even when a user is downloading just one file. Action1 | Action1 Risk-based Patch Management
• Among the ten critical vulnerabilities patched, eight are remote code execution flaws affecting products like Microsoft Office, SharePoint Server, Windows Cryptographic Services, Windows KDC Proxy Service, Windows Netlogon, and Windows Remote Desktop Services. GBHackers Security | #1 Globally Trusted Cyber Security
• Microsoft Office contains a heap-based buffer overflow flaw that could allow an unauthenticated attacker to achieve remote code execution. Qualys
• By utilising Microsoft's integrated ecosystem, especially when paired with managed services like Data 3's Managed XDR, organizations can significantly reduce complexity and risk. Data#3
• While previous AI science initiatives have often underdelivered, Microsoft's approach of combining AI agents with supercomputing power could help bridge the gap between hype and reality. Radical Data Science
• Cloud Competition: The threat from Microsoft Azure (and to a lesser extent, Google Cloud) is very real. 24/7 Wall St.
• During the vulnerability assessment process, it was discovered that hacker groups exploit weaknesses in TP-Link routers - commonly used in small office environments - to carry out password spraying attacks on services such as Microsoft 365. Militarnyi
• Microsoft is expected to roll out MCP-based memory capabilities across Copilot and Azure AI Studio in H2 2025, enabling enterprise customers to build agent workflows with context persistence. The Futurum Group

Last updated: 29 June 2025