\n<\/p>\n
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it’s also in the process of migrating the Entra ID signing service as well.<\/p>\n
The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to generate, store, and automatically rotate access token signing keys using the Azure Managed Hardware Security Module (HSM) service.<\/p>\n
“Each of these improvements helps mitigate the attack vectors that we suspect the actor used in the 2023 Storm-0558 attack on Microsoft,” Charlie Bell, Executive Vice President for Microsoft Security, said in a post shared with The Hacker News ahead of publication.<\/p>\n
<\/p>\n
Microsoft also noted that 90% of identity tokens from Microsoft Entra ID for Microsoft apps are validated by a hardened identity Software Development Kit (SDK) and that 92% of employee productivity accounts are now using phishing-resistant multifactor authentication (MFA) to mitigate risk from advanced cyber attacks.<\/p>\n
Besides isolating production systems and enforcing a two-year retention policy for security logs, the company also said it’s protecting 81% of production code branches using MFA through proof-of-presence checks.<\/p>\n
“To reduce the risk of lateral movement, we are piloting a project to move customer support workflows and scenarios into a dedicated tenant,” it added. “Security baselines are enforced across all types of Microsoft tenants, and a new tenant provisioning system automatically registers new tenants in our security emergency response system.”<\/p>\n
The changes are part of its Secure Future Initiative (SFI), which the company characterized as the “largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft.”<\/p>\n
<\/p>\n
The SFI gained traction last year in response to a report from the U.S. Cyber Safety Review Board (CSRB), which criticized the tech giant for a series of avoidable errors that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 in 2023.<\/p>\n
Microsoft, in July 2023, revealed that a validation error in its source code allowed for Azure Active Directory (Azure AD) or Entra ID tokens to be forged by Storm-0558 using an MSA consumer signing key to infiltrate several organizations and gain unauthorized email access for subsequent exfiltration of mailbox data.<\/p>\n
Late last year, the company also launched a Windows Resiliency Initiative to improve security and reliability and avoid causing system disruptions like what happened during the infamous CrowdStrike update incident in July 2024.<\/p>\n
<\/p>\n
This includes a feature called Quick Machine Recovery, which enables IT administrators to run specific fixes on Windows PCs even in situations when the machines are unable to boot. It’s built into the Windows Recovery Environment (WinRE).<\/p>\n
“Unlike traditional repair options that rely on user intervention, it activates automatically when the system detects failure,” Patch My PC’s Rudy Ooms said late last month.<\/p>\n
“The whole cloud remediation process is pretty straightforward: it checks if flags\/settings like CloudRemediation, AutoRemediation, and optionally HeadlessMode are set. If the environment meets the conditions (such as an available network and required plugin), Windows silently initiates recovery.”<\/p>\n
Found this article interesting? Follow us on Twitter _\uf099_ and LinkedIn to read more exclusive content we post.\n<\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach Update ID THN:84F854456369867A80BB38F8862A7139 Type thn Published 2025-04-22T07:38:00 Last…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,13,33,7,11,43,5],"class_list":["post-1049","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=1049\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach Update ID THN:84F854456369867A80BB38F8862A7139 Type thn Published 2025-04-22T07:38:00 Last...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=1049\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-23T06:07:37+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1049#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1049\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach\",\"datePublished\":\"2025-04-23T06:07:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1049\"},\"wordCount\":657,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"news\",\"NONE\",\"Security\",\"tapic\",\"thn\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=1049#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1049\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1049\",\"name\":\"Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-04-23T06:07:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1049#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=1049\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1049#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=1049","og_locale":"en_US","og_type":"article","og_title":"Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach - zero redgem","og_description":"Security Update News Update Information Title Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach Update ID THN:84F854456369867A80BB38F8862A7139 Type thn Published 2025-04-22T07:38:00 Last...","og_url":"https:\/\/zero.redgem.net\/?p=1049","og_site_name":"zero redgem","article_published_time":"2025-04-23T06:07:37+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=1049#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=1049"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach","datePublished":"2025-04-23T06:07:37+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=1049"},"wordCount":657,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","news","NONE","Security","tapic","thn","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=1049#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=1049","url":"https:\/\/zero.redgem.net\/?p=1049","name":"Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-04-23T06:07:37+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=1049#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=1049"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=1049#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/1049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1049"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/1049\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1049"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1049"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}