Microsoft rejecting emails as spam

Microsoft blocks emails from legitimate sources

Once again in the war on spam, there are friendly casualties. Many users are reporting that their emails are not getting through to Hotmail and Outlook.com users. Some of our clients are reporting that they are not receiving emails to their Microsoft email addresses from us. This of course risks users not receiving important emails about their domains and services. Read More

Microsoft admits Outlook.com hacked

Micrsoft Outlook.com hacked

 

Microsoft has admitted that its Outlook.com platform was hacked. Users of its email system are affected. That includes Outlook.com, MSN and Hotmail email accounts.

A support agent had their credentials compromised by hackers. The hackers had full access to Outlook.com which also hosts the msn and Hotmail email accounts. Microsoft will not admit to how many users are affected but say that they have contacted affected users and also as a precaution made them all change their passwords although they say that there are no user credentials that have been compromised.

SecuredMail.App

Secure, easy to use email at a low cost

Get your SecuredMail.App email account and keep your email and attachments private. Your mail is always your mail, and only £2.00 inc VAT/month for 2 email accounts.

Get yours now; get away from those free email accounts and take back control of your data.

Includes - spam and virus filtering, 5GB account, POP/IMAP access, webmail, calendar, auto-responders, import email from your old free account, Address book and much, much more, click below for more details.

 

Claims that it has been going on for longer

Microsoft dismissed claims that the breach had been going on for around 6 months and stated that it had only been between January 1st and March 28th 2019.They also claim that only around 6% of the total affected users had been fully breached. Certainly the hackers had full access to email and attachments of those affected.

The Managing Director and a Security Expert at CritchCorp Computers Ltd stated:

It seems unlikely that they had different levels of access to users email accounts and more likely that they had full access to all the accounts. However as Microsoft will not elaborate on breach it is difficult to say.

Screen shots of the breach have been provided to Microsoft, which prompted them to admit that the hack had happened and further screen shots to admit to the extent of the hack.

What they may have done

You may well have noticed more phishing emails during this time and indeed in the future. These emails may come from someone you know and use your name in them. They may well urge you to click a link which will inevitably ask you for money in some way, or infect you with a virus that will steal credentials to banking sites or other high value websites.

You should always be vigilant when receiving email and even more so when it comes from a free email account such as Hotmail or Outlook.com but now you will need to extra vigilant.

There is also a suggestion that they may have used the breach to reset stolen iPhones. Apple has started to tie iPhones to the email address. Therefore only the email address holder can reset the phone to factory default.

What to do if you use Outlook.com

If you know of any Outlook.com users then you should urge them to immediately check their email for a message from Microsoft. In any case perhaps change their password and/or email service provider. We recommend SecuredMail.App, BasicMail or our Cloud Mail accounts as an alternative to any free or paid for email service. All are available from our store and can replace Outlook.com, Gmail, yahoo mail and iCloud mail.

Keep Safe

CritchCorp Computers Ltd

 

Microsoft Edge moves to Chromium

Microsoft is giving up and changing their Edge browser over to the Chromium base. This means that in the new year Edge will be completely redone based on the Chromium project, which many browsers are; most notably Google Chrome. There has always been a choice of Chrome, Firefox, Microsoft Internet Explorer and then Edge, Opera and a few others. Most of the others have already converted over to the Chromium project base, including Opera, so Microsoft is not alone in this move. Going forward it will have the same code base as Google Chrome and many others reducing the real number of options.

What does that mean?

Well, to the average person, probably not a lot, it in fact might be a good thing as you will be able to get many of the add-ons that work in Chrome on the Microsoft Edge browser and there will be many more possibilities for themes. To large corporate businesses it may be a pain as they have only just got many of the group policies for Edge that they have needed.

Internet Explorer was a fairly good and certainly well-established browser due to it being built-in to the operating system, which is why it is still there as it is part of Windows. It was made this way to avoid problems with competition laws. “Sorry your honour we can’t remove it because it is an integral piece of Windows” was their response to the European Court of Law in the early 2000s. That’s why we then had a pop up after installing Windows to show you that there were alternate browsers that could be downloaded.

The good thing about IE is that it could be configured to be secure, it was just a little, difficult for the average user but it could be done using group policy, keeping everyone in an organisation safe.

Edge, the replacement for Internet Explorer has never managed to gain the foothold that IE did. Google Chrome and Firefox are far bigger now. That is one reason why they are moving to the Chromium base for Edge. This move does have pros and cons. It means that it will have the sane code base as Google Chrome and so many of the features that are available in Chrome will be available in the new Edge (if they keep the name), that also means that Microsoft will have to start again with the Group Policies, needed for corporate administrators to be able to lock it down as they require.

If they do manage to claw back some of the market share then the other issues is that any bugs or exploits found in the code base will be present in Chrome and Edge, this gives a wider attack surface to exploit from a single flaw.

In any case time will tell and I personally am sure it will be an improvement over the current Edge browser

Keep Safe

CritchCorp Computers Ltd

Remote Desktop Protocol (RDP) Flaw

Just a quick note to all, although I only know of a couple of folks that do this and they will be contacted urgently.

If you use Microsoft Remote Desktop Protocol (RDP) over the Internet then there is a serious bug that has just been discovered that allows an attacker to gain entry even with out a username and password.

The good news is that if you use a VPN connection first, then you are completely safe from this. Likewise if you use Network Layer Authentication only then you are not at risk either.

As always we recommend that you use RDP over a VPN tunnel, this way you are not vulnerable to any problems found in the protocol.

If you are concerned then please contact us and we will assess your situation with you.

If you want to deal with this yourself then you need to run updates on your servers as well as your desktops. The problem has now been fixed in the latest updates.

Keep Safe.

CritchCorp Support Team!