Malvertising Meets Office.com: Why Microsoft Is Urging You to Watch Those Links

This Week in IT

LISTEN ON:

This Week in IT, malvertising is getting smarter. Attackers are hijacking Microsoft’s own login flow to steal your credentials via ADFS – and your end‑users might never know. Plus: Microsoft’s Project Ire promises AI‑powered malware detection without AV signatures, and a botched August update forces an OOB patch after ‘Reset this PC’ goes missing.

Links and resources

Episode overview

This week’s IT update highlights a sophisticated malvertising attack exploiting Microsoft’s login flow, Microsoft’s new AI-driven malware detection research, and recent issues with Windows updates affecting system reset functions.

Potential SSD issues reported: Some users have reported SSD drives disappearing and data loss following updates, though Microsoft has not officially confirmed these problems. The reset issue affects Windows 10 supported releases and Windows 11 versions 23H2 and 22H2, but not the latest Windows 11 24H2 or Windows Server versions.
Malvertising attack via Microsoft login: Attackers are using Google Ads to redirect users mistyping “office 365” as “office 265” to a fake Microsoft login page, leveraging Active Directory Federation Services (ADFS) to steal credentials without users noticing. This attack requires significant backend setup but exploits trusted advertising platforms and domain redirection techniques. User education and monitoring ADFS-related logs are recommended defenses.
Microsoft’s Project Ire for malware detection: Microsoft is researching an AI-based system named Project Ire that uses large language models and reverse engineering to analyze executable code without relying on traditional antivirus signatures. This approach aims to improve accuracy, reduce false positives, and speed up malware analysis, with plans to integrate it into Microsoft Defender in the future.
Windows Update issues and patch: The recent Patch Tuesday update caused the “Reset this PC” feature to be disabled, affecting problem fixes and remote wipes. Microsoft acknowledged the issue and released an out-of-band patch. Users should apply the update if affected; unaffected systems do not require it.

Russell Smith

Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years' experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early 2000s. Since then, Russell has contributed to a variety of publications, including Petri, CDW's list of publications, and various industry blogs including Netwrix, BeyondTrust, and others. In addition to more than 1000 articles Russell has authored, he has also written a book on Windows security and co-authored another for Microsoft's MOAC series. Russell has also authored several courses for Pluralsight.