MICROSOFT PLANS MAJOR PLATFORM UPGRADES FOR `WINDOWS 12` THAT WILL MODERNIZE THE OS WITH AI AND FASTER UPDATES
2023-03-28 14:00:00       Slashdot
Windows Central reports: According to my sources who are familiar with Microsoft`s plans, the company is once again hard at work on a new project internally that`s designed to modernize the Windows platform with many of the same innovations it was working on for Windows Core OS, but with a focus on native compatibility for legacy Win32 applications on devices where it makes sense. The project is codenamed CorePC and is designed to be a modular and customizable variant of Windows for Microsoft to leverage different form factors with. Not all Windows PCs need the full breadth of legacy Win32 app support, and CorePC will allow Microsoft to configure `editions` of Windows with varying levels of feature and app compatibility. The big change with CorePC versus the current shipping version of Windows is that CorePC is state separated, just like Windows Core OS. State separation enables faster updates and a more secure platform via read-only partitions that are inaccessible to the user and third-party apps, just like on iPadOS or Android. [...] CorePC splits up the OS into multiple partitions, which is key to enabling faster OS updates. State separation also enables faster and more reliable system reset functionality, which is important for Chromebook compete devices in the education sector. [...] My sources tell me CorePC will allow Microsoft to finally deliver a version of Windows that truly competes with Chromebooks in OS footprint, performance, and capabilities. [...] Microsoft is also working on a version of CorePC that meet the current feature set and capabilities of Windows desktop, but with state separation enabled for those faster OS updates and improved security benefits. The company is working on a compatibility layer codenamed Neon for legacy apps that require a shared state OS to function, too. Lastly, I hear that Microsoft is experimenting with a version of CorePC that`s `silicon-optimized,` designed to reduce legacy overhead, focus on AI capabilities, and vertically optimize hardware and software experiences in a way similar to that of Apple Silicon. Unsurprisingly, AI experiences are a key focus for Windows going into 2024.\n \n\n \n

UNKILLABLE UEFI MALWARE BYPASSING SECURE BOOT ENABLED BY UNPATCHABLE WINDOWS FLAW
2023-03-06 14:25:00       Slashdot
Researchers have announced a major cybersecurity find -- the world`s first-known instance of real-world malware that can hijack a computer`s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows. From a report: Dubbed BlackLotus, the malware is what`s known as a UEFI bootkit. These sophisticated pieces of malware hijack the UEFI -- short for Unified Extensible Firmware Interface -- the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC`s device firmware with its operating system, the UEFI is an OS in its own right. It`s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch. Because the UEFI is the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. These traits make the UEFI the perfect place to run malware. When successful, UEFI bootkits disable OS security mechanisms and ensure that a computer remains infected with stealthy malware that runs at the kernel mode or user mode, even after the operating system is reinstalled or a hard drive is replaced. As appealing as it is to threat actors to install nearly invisible and unremovable malware that has kernel-level access, there are a few formidable hurdles standing in their way. One is the requirement that they first hack the device and gain administrator system rights, either by exploiting one or more vulnerabilities in the OS or apps or by tricking a user into installing trojanized software. Only after this high bar is cleared can the threat actor attempt an installation of the bootkit. The second thing standing in the way of UEFI attacks is UEFI Secure Boot, an industry-wide standard that uses cryptographic signatures to ensure that each piece of software used during startup is trusted by a computer`s manufacturer. Secure Boot is designed to create a chain of trust that will prevent attackers from replacing the intended bootup firmware with malicious firmware. If a single firmware link in that chain isn`t recognized, Secure Boot will prevent the device from starting.\n \n\n \n

BLACKLOTUS BOOTKIT CAN TARGET FULLY PATCHED WINDOWS 11 SYSTEMS
2023-03-02 10:46:13       Security Week
\nESET says the BlackLotus UEFI bootkit can bypass secure boot on fully updated Windows 11 systems.\n \nThe post BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems appeared first on SecurityWeek .\n

WINDOWS 11 SLAPPING A WATERMARK ON `UNSUPPORTED` PCS
2023-02-20 12:01:00       Slashdot
An anonymous reader shares a report: Did you force your PC to install Windows 11 despite it not meeting the official requirements? Microsoft might start nagging you for doing that -- or at least reminding you that what you`ve done is against the intended use of its operating system. The January 2023 Windows 11 update is pestering folks who forced the update on their PCs with a persistent watermark on the desktop warning that system requirements haven`t been met. The story is circulating among Windows blogs, though I found a couple of instances of folks complaining about the watermark on the official Microsoft support forums. The watermark says `system requirements not met` and is emblazoned on the desktop`s lower right hand corner if the operating system notices that it`s running on hardware that doesn`t meet the minimum requirements. It`s possible the culprit is the dedicated security processor, or TPM 2.0 (Trusted Platform Module) chip, used by services like BitLocker and Windows Hello. Microsoft requires this module before upgrading. It`s why many PCs were rendered un-upgradeable when Windows 11 was announced. Most new CPUs and motherboards have capability for it built into them, but the feature wasn`t a guaranteed inclusion prior to the Windows 11 launch.\n \n\n \n

CITRIX PATCHES HIGH-SEVERITY VULNERABILITIES IN WINDOWS, LINUX APPS
2023-02-15 06:41:46       Security Week
\nCitrix released patches for multiple vulnerabilities in Virtual Apps and Desktops, and Workspace apps for Windows and Linux.\n \nThe post Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps appeared first on SecurityWeek .\n

MICROSOFT WILL FORCIBLY REMOVE INTERNET EXPLORER FROM MOST WINDOWS 10 PCS TODAY
2023-02-14 11:02:00       Slashdot
An anonymous reader shares a report: Internet Explorer 11 was never Windows 10`s primary browser -- that would be the old, pre-Chromium version of Microsoft Edge. But IE did continue to ship with Windows 10 for compatibility reasons, and IE11 remained installed and accessible in most versions of Windows 10 even after security updates for the browser ended in June of 2022. That ends today, as Microsoft`s support documentation says that a Microsoft Edge browser update will fully disable Internet Explorer in most versions of Windows 10, redirecting users to Edge.\n \n\n \n

IS WINDOWS 11 SPYWARE? MICROSOFT DEFENDS SENDING USER DATA TO THIRD PARTIES
2023-02-12 06:34:00       Slashdot
An anonymous reader shares a report from Tom`s Hardware: According to the PC Security Channel (via TechSpot), Microsoft`s Windows 11 sends data not only to the Redmond, Washington-based software giant, but also to multiple third parties. To analyze DNS traffic generated by a freshly installed copy of Windows 11 on a brand-new notebook, the PC Security Channel used the Wireshark network protocol analyzer that reveals precisely what is happening on a network. The results were astounding enough for the YouTube channel to call Microsoft`s Windows 11 `spyware.` As it turned out, an all-new Windows 11 PC that was never used to browse the Internet contacted not only Windows Update, MSN and Bing servers, but also Steam, McAfee, geo.prod.do, and Comscore ScorecardResearch.com. Apparently, the latest operating system from Microsoft collected and sent telemetry data to various market research companies, advertising services, and the like. When Tom`s Hardware contacted Microsoft, their spokesperson argued that flowing data is common in modern operating systems `to help them remain secure, up to date, and keep the system working as anticipated.` `We are committed to transparency and regularly publish information about the data we collect to empower customers to be more informed about their privacy.`\n \n\n \n

MICROSOFT SWEARS IT`S NOT COMING FOR YOUR DATA WITH SCAN FOR OLD OFFICE VERSIONS
2023-02-06 13:40:00       Slashdot
Microsoft wants everyone to know that it isn`t looking to invade their privacy while looking through their Windows PCs to find out-of-date versions of Office software. From a report: In its KB5021751 update last month, Microsoft included a plan to scan Windows systems to smoke out those Office versions that are no longer supported or nearing the end of support. Those include Office 2007 (which saw support end in 2017) and Office 2010 (in 2020) and the 2013 build (this coming April). The company stressed that it would run only one time and would not install anything on the user`s Windows system, adding that the file for the update is scanned to ensure it`s not infected by malware and is stored on highly secure servers to prevent unauthorized changes to it. The update caused some discussion among users, at least enough to convince Microsoft to make another pitch that it is respecting user privacy and won`t access private data despite scanning their systems. The update collects diagnostic and performance data so that it can determine the use of various versions of Office and how to best support and service them, the software maker wrote in an expanded note this week. The update will silently run once to collect the data and no files are left on the user`s systems once the scan is completed.\n \n\n \n

MICROSOFT WILL END SALE OF WINDOWS 10 LICENSES TO CONSUMERS THIS MONTH
2023-01-19 17:15:00       Slashdot
An anonymous reader shares a report: Microsoft`s Windows 10 operating system has been available on the retail market for over seven years and was superseded by Windows 11 in October 2021. However, despite its age, Windows 10 remains the most popular version of Windows, with a global market share of 67.95% in December 2022 compared to 16.97% for Windows 11, according to StatCounter. But it now looks like Microsoft is ready to put the brakes on issuing new Windows 10 licenses to everyday consumers. Microsoft`s official product pages for Windows 10 Home and Windows 10 Pro now include the following disclaimer: `January 31, 2023 will be the last day this Windows 10 download is offered for sale. Windows 10 will remain supported with security updates that help protect your PC from viruses, spyware, and other malware until October 14, 2025.`\n \n\n \n

WINDOWS 7 EXTENDED SECURITY UPDATES, WINDOWS 8.1 REACH END OF SUPPORT
2023-01-10 06:33:28       Security Week
\n Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates. \n \n read more \n

MOZILLA JUST FIXED AN 18-YEAR-OLD FIREFOX BUG
2022-12-25 18:46:00       Slashdot
Mozilla recently fixed a bug that was first reported 18 years ago in Firebox 1.0, reports How-to Geek: Bug 290125 was first reported on April 12, 2005, only a few days before the release of Firefox 1.0.3, and outlined an issue with how Firefox rendered text with the ::first-letter CSS pseudo-element. The author said, `when floating left a :first-letter (to produce a dropcap), Gecko ignores any declared line-height and inherits the line-height of the parent box. [...] Both Opera 7.5+ and Safari 1.0+ correctly handle this.` The initial problem was that the Mac version of Firefox handled line heights differently than Firefox on other platforms, which was fixed in time for Firefox 3.0 in 2007. The issue was then re-opened in 2014, when it was decided in a CSS Working Group meeting that Firefox`s special handling of line heights didn`t meet CSS specifications and was causing compatibility problems. It led to some sites with a large first letter in blocks of text, like The Verge and The Guardian, render incorrectly in Firefox compared to other browsers. The issue was still marked as low priority, so progress continued slowly, until it was finally marked as fixed on December 20, 2022. Firefox 110 should include the updated code, which is expected to roll out to everyone in February 2023.\n \n\n \n

PATCHED WINDOWS BUG WAS ACTUALLY A DANGEROUS WORMABLE CODE-EXECUTION VULNERABILITY
2022-12-25 14:36:00       Slashdot
Ars Technica reports on a dangerously `wormable` Windows vulnerability that allowed attackers to execute malicious code with no authentication required - a vulnerability that was present `in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability.` Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes. At the time, however, Microsoft researchers believed the vulnerability allowed only the disclosure of potentially sensitive information. As such, Microsoft gave the vulnerability a designation of `important.` In the routine course of analyzing vulnerabilities after they`re patched, IBM security researcher Valentina Palmiotti discovered it allowed for remote code execution in much the way EternalBlue did [the flaw used to detonate WannaCry]. Last week, Microsoft revised the designation to critical and gave it a severity rating of 8.1, the same given to EternalBlue.... One potentially mitigating factor is that a patch for CVE-2022-37958 has been available for three months. EternalBlue, by contrast, was initially exploited by the NSA as a zero-day. The NSA`s highly weaponized exploit was then released into the wild by a mysterious group calling itself Shadow Brokers. The leak, one of the worst in the history of the NSA, gave hackers around the world access to a potent nation-state-grade exploit. Palmiotti said there`s reason for optimism but also for risk: `While EternalBlue was an 0-Day, luckily this is an N-Day with a 3 month patching lead time,` said Palmiotti. There`s still some risk, Palmiotti tells Ars Technica. `As we`ve seen with other major vulnerabilities over the years, such as MS17-010 which was exploited with EternalBlue, some organizations have been slow deploying patches for several months or lack an accurate inventory of systems exposed to the internet and miss patching systems altogether.` Thanks to Slashdot reader joshuark for sharing the article.\n \n\n \n

PATCH TUESDAY UPDATE IS CAUSING SOME WINDOWS 10 SYSTEMS TO BLUE SCREEN
2022-12-20 00:30:07       The Register
Microsoft issues a workaround for problem while it works on a fix \nSome users running Windows 10 who installed the KB5021233 cumulative update this month are seeing their operating system crash with the Blue Screen of Death, Microsoft is warning.\n

MALICIOUS MICROSOFT-SIGNED WINDOWS DRIVERS WIELDED IN CYBERATTACKS
2022-12-14 23:24:08       The Register
Handy tools to kill off security protections get Redmond`s stamp of approval \nMicrosoft says it has suspended several third-party developer accounts that submitted malicious Windows drivers for the IT giant to digitally sign so that the code could be used in cyberattacks.\n

MICROSOFT PATCH TUESDAY, DECEMBER 2022 EDITION
2022-12-14 12:01:07       Krebs on Security
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week`s Patch Tuesday.

MICROSOFT FIXES EXPLOITED ZERO-DAY, REVOKES CERTIFICATE USED TO SIGN MALICIOUS DRIVERS
2022-12-13 15:09:54       Net-Security
\nIt’s December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw (CVE-2022-44698) exploited by attackers to deliver a variety of malware. CVE-2022-44698 CVE-2022-44698 affects all Windows OS versions starting from Windows 7 and Windows Server 2008 R2. “The vulnerability has low complexity. It uses the network vector, and requires no privilege escalation. However, it does need user interaction; attackers need to dupe a victim into visiting a … More → \n \nThe post Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698) appeared first on Help Net Security .\n

SUPPORT FOR WINDOWS 7 AND 8 FULLY ENDS IN JANUARY, INCLUDING MICROSOFT EDGE
2022-12-12 13:01:00       Slashdot
Microsoft`s Chromium-based Edge browser was an improvement over the initial version of Edge in many ways, including its support for Windows 7 and Windows 8. But the end of the road is coming: Microsoft has announced that Edge will end support for Windows 7 and Windows 8 in mid-January of 2023, shortly after those operating systems stop getting regular security updates. From a report: Support will also end for Microsoft Edge Webview2, which can use Edge`s rendering engine to embed webpages in non-Edge apps. The end-of-support date for Edge coincides with the end of security update support for both Windows 7 and Windows 8 on January 10, and the end of Google Chrome support for Windows 7 and 8 in version 110. Because the underlying Chromium engine in both Chrome and Edge is open source, Microsoft could continue supporting Edge in older Windows versions if it wanted, but the company is using both end-of-support dates to justify a clean break for Edge.\n \n\n \n

GOOGLE CHROME ZERO-DAY EXPLOITED IN THE WILD
2022-12-06 06:03:57       Net-Security
\nGoogle has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the wild. No other technical details have been shared about this zero-day flaw, only that it was reported by security engineer Clement Lecigne of Google’s Threat Analysis Group (TAG), whose goal is to protect users from state-sponsored attacks and other advanced persistent threats. About CVE-2022-4262 With a “High” security … More → \n \nThe post Google Chrome zero-day exploited in the wild (CVE-2022-4262) appeared first on Help Net Security .\n

WINDOWS 11 STILL NOT WINNING THE OS POPULARITY CONTEST
2022-12-05 13:40:00       Slashdot
Microsoft has released an out-of-band update to nudge laggards toward Windows 11 amid a migration pace that company executives would undoubtedly prefer is rather faster. From a report: The software giant is offering an option of upgrading to Windows 11 as an out of box experience to its Windows 10 22H2 installed base, the main aim being to smooth their path forward to the latest operating system. `On November 30, 2022, an out-of-band update was released to improve the Windows 10, version 2004, 20H2, 21H1, 21H2, and 22H2 out-of-box experience (OOBE). It provides eligible devices with the option to upgrade to Windows 11 as part of the OOBE process. This update will be available only when an OOBE update is installed.` The update, KB5020683, applies only to Windows 10 Home and Professional versions 2004, 20H2, 21H1, 22H2. There are some pre-requisites that Microsoft has listed here before users can make the move to Windows 11. The operating system was released on October 5 last year but shifting stubborn consumers onto this software has proved challenging for top brass at Microsoft HQ in Redmond. According to Statcounter, a web analytics service that has tracking code installed on 1.5 million websites and records a page view for each, some 16.12 percent of Windows users had installed Windows 11 in November, higher than the 15.44 percent in the prior month, but likely still not close to the figures that Microsoft was hoping for.\n \n\n \n

MOZILLA, MICROSOFT DROP TRUSTCOR AS ROOT CERTIFICATE AUTHORITY
2022-12-02 09:30:51       The Register
`There is no evidence to suggest that TrustCor violated conduct, policy, or procedure` says biz \nMozilla and Microsoft have taken action against a certificate authority accused of having close ties to a US military contractor that allegedly paid software developers to embed data-harvesting malware in mobile apps.\n

CHROME, DEFENDER AND FIREFOX 0-DAYS LINKED TO COMMERCIAL IT FIRM IN SPAIN
2022-12-01 09:00:00       Slashdot
Google researchers say they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender. From a report: Variston IT bills itself as a provider of tailor-made Information security solutions, including technology for embedded SCADA (supervisory control and data acquisition) and Internet of Things integrators, custom security patches for proprietary systems, tools for data discovery, security training, and the development of secure protocols for embedded devices. According to a report from Google`s Threat Analysis Group, Variston sells another product not mentioned on its website: software frameworks that provide everything a customer needs to surreptitiously install malware on devices they want to spy on. Researchers Clement Lecigne and Benoit Sevens said the exploit frameworks were used to exploit n-day vulnerabilities, which are those that have been patched recently enough that some targets haven`t yet installed them. Evidence suggests, they added, that the frameworks were also used when the vulnerabilities were zero-days. The researchers are disclosing their findings in an attempt to disrupt the market for spyware, which they said is booming and poses a threat to various groups.\n \n\n \n

WINDOWS SERVER DOMAIN CONTROLLERS MAY STOP, RESTART AFTER RECENT UPDATES
2022-11-28 15:46:52       The Register
Microsoft outlines a workaround while pulling together a fix to LSASS memory leak \nUpdates to Windows Server released as part of this month`s Patch Tuesday onslaught might cause some domain controllers to stop working or automatically restart, according to Microsoft.\n

STILL USING A DISCONTINUED BOA WEB SERVER? MICROSOFT WARNS OF SUPPLY CHAIN ATTACKS
2022-11-23 19:00:10       The Register
Flaws in the open-source tool exploited and India`s power grid was a target \nMicrosoft is warning that systems using the long-discontinued Boa web server could be at risk of attacks after a series of intrusion attempts of power grid operations in India likely included exploiting security flaws in the technology.\n

MICROSOFT WARNS: THIS FORGOTTEN OPEN-SOURCE WEB SERVER COULD LET HACKERS 'SILENTLY' GAIN ACCESS TO YOUR SYSTEM
2022-11-23 08:09:12       ZDNet
Users of affected network gateway appliances likely don't even know their router is running a web server that was discontinued 17 years ago.

MICROSOFT RELEASES OUT-OF-BAND UPDATE AFTER SECURITY PATCH CAUSES KERBEROS ISSUES
2022-11-22 07:56:59       Security Week
\n Microsoft has released an out-of-band update after learning that a recent Windows security patch started causing Kerberos authentication issues. \n \n read more \n

MICROSOFT`S ATTEMPTS TO HARDEN KERBEROS AUTHENTICATION BROKE IT ON WINDOWS SERVERS
2022-11-21 23:00:08       The Register
Emergency out-of-band updates to the rescue \nMicrosoft is rolling out fixes for problems with the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates.\n

WINDOWS 8.1 SUPPORT ENDS JANUARY 10
2022-11-21 15:01:00       Slashdot
Mark Hachman, writing for PCWorld: Windows 8 stunk. It might have helped cost chief executive Steve Ballmer his job. Windows 8.1 was a bit better -- but if you love it, you have only a month or so left to enjoy it. Microsoft will kill off Windows 8.1 support on January 10, 2023. There`s no out: Microsoft will not be offering an extended support package for Windows 8.1. At that point, you`ll have a choice: buy a new Windows PC, or officially pay to upgrade to either Windows 10 or Windows 11. What does the end of support mean? Until January 10, Microsoft will offer security patches and other fixes for any security issues that crop up. Afterwards, you`re on your own. If any exploit or malware surfaces, you`ll have to depend on any antivirus software you have running -- Microsoft won`t be issuing any more patches after Jan. 10, and your PC will absolutely be at risk.\n \n\n \n

MICROSOFT: HACKERS USING `CONCERNING` TACTIC TO DODGE MULTI-FACTOR AUTHENTICATION
2022-11-18 11:41:00       Slashdot
Microsoft says token theft attacks are on the rise. From a report: Microsoft has outlined several mitigations to protect against attacks on multi-factor authentication that will unfortunately make life more difficult for your remote workers. Three years ago, attacks on multi-factor authentication (MFA) were so rare that Microsoft didn`t have decent statistics on them, largely because few organisations had enabled MFA. But with MFA use rising as attacks on passwords become more common, Microsoft has seen an increase in attackers using token theft in their attempts to sidestep MFA. In these attacks, the attacker compromises a token issued to someone who`s already completed MFA and replays that token to gain access from a different device. Tokens are central to OAuth 2.0 identity platforms, including Azure Active Directory (AD), which aim to make authentication simpler and faster for users, but in a way that`s still resilient to password attacks. Moreover, Microsoft warns that token theft is dangerous because it doesn`t require high technical skills, detection is difficult and, because the technique has only recently seen an uptick, few organisations have mitigations in place. `Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose,` Microsoft says in a blogpost. `By compromising and replaying a token issued to an identity that has already completed multifactor authentication, the threat actor satisfies the validation of MFA and access is granted to organizational resources accordingly. This poses to be a concerning tactic for defenders because the expertise needed to compromise a token is very low, is hard to detect, and few organizations have token theft mitigations in their incident response plan.`\n \n\n \n

WINDOWS 10 STILL HAVING PROBLEMS WITH THE DESKTOP AND TASKBAR
2022-11-17 14:25:00       Slashdot
Microsoft has fixed yet another problem in some versions of Windows 10, a bug that makes the taskbar and desktop temporarily vanish or causes the system to ignore you. From a report: According to Redmond, users `might experience an error in which the desktop or taskbar might momentarily disappear, or your device might become unresponsive.` The issue affects PCs running Windows 10 versions 22H2, 21H2, 21H1, and 20H2, the company wrote on its Windows Health Dashboard. Microsoft didn`t outline the exact cause but notes it was related to the KB5016688 220820_03051 cumulative update and later. The software giant is using its Known Issue Rollback (KIR) feature -- which enables IT administrators to roll back the unwanted changes of an update -- to resolve the problem, adding that it could take up to 24 hours for the fix to reach non-managed business systems and consumer devices. Restarting the device may accelerate the timeframe. Organizations that use enterprise-managed devices can install and configure a special Group Policy by going to `Computer Configuration` and then `Administrative Templates` and `Group Policy name.` If the resolution doesn`t work, users can try restarting the Windows device, according to Microsoft. The latest fix comes after a number of other problems were resolved this week.\n \n\n \n

FIREFOX 107 PATCHES HIGH-IMPACT VULNERABILITIES
2022-11-16 11:05:19       Security Week
\n Mozilla has announced the release of Firefox 107. The latest version of the popular web browser patches a significant number of vulnerabilities. \n \n read more \n

MYSTERIOUS COMPANY WITH GOVERNMENT TIES PLAYS KEY INTERNET ROLE
2022-11-10 11:45:00       Slashdot
whoever57 writes: Would you trust your communications to a company that has links to a spyware company and claims that its address is a UPS store in Toronto? You probably already do. Washington Post reports: An offshore company that is trusted by the major web browsers and other tech companies to vouch for the legitimacy of websites has connections to contractors for U.S. intelligence agencies and law enforcement, according to security researchers, documents and interviews. Google`s Chrome, Apple and #226;(TM)s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what`s known as a root certificate authority, a powerful spot in the internet`s infrastructure that guarantees websites are not fake, guiding users to them seamlessly. The company`s Panamanian registration records show that it has the identical slate of officers, agents and partners as a spyware maker identified this year as an affiliate of Arizona-based Packet Forensics, which public contracting records and company documents show has sold communication interception services to U.S. government agencies for more than a decade. One of those TrustCor partners has the same name as a holding company managed by Raymond Saulino, who was quoted in a 2010 Wired article as a spokesman for Packet Forensics. Saulino also surfaced in 2021 as a contact for another company, Global Resource Systems, that caused speculation in the tech world when it briefly activated and ran more than 100 million previously dormant IP addresses assigned decades earlier to the Pentagon. The Pentagon reclaimed the digital territory months later, and it remains unclear what the brief transfer was about, but researchers said the activation of those IP addresses could have given the military access to a huge amount of internet traffic without revealing that the government was receiving it. whoever57 has also shared a unpaywalled link to the story.\n \n\n \n

MICROSOFT IS SHOWING ADS IN THE WINDOWS 11 SIGN-OUT MENU
2022-11-08 09:40:00       Slashdot
Microsoft is now promoting some of its products in the sign-out flyout menu that shows up when clicking the user icon in the Windows 11 start menu. BleepingComputer: This new Windows 11 `feature` was discovered by Windows enthusiast Albacore, who shared several screenshots of advertisement notifications in the Accounts flyout. The screenshots show that Microsoft promotes the OneDrive file hosting service and prods users to create or complete their Microsoft accounts. Those reacting to this on social media had an adverse reaction to Redmond`s decision to display promotional messages in the start menu. Some said that Windows 11 is `getting worse in each and every update it gets,` while others added that this is a weird choice given that `half of the Start Menu is for recommendations` anyway. BleepingComputer has also tried replicating this on multiple Windows 11 systems, but we didn`t get any ads. This hints at an A/B testing experiment trying to gauge the success of such a `feature` on devices running Windows Insider builds or the company pushing such ads to a limited set of customers.\n \n\n \n

WINDOWS MALWARE WITH VHD EXTENSION,
2022-11-05 18:02:59       incidents.org
\nWindows 10 supports various virtual drives natively and can recognize and use ISO, VHD and VHDX files. The file included as an attachment with this email, when extracted appears in the email as a PDF but is is in fact a VHD file.\n

WINDOWS 11 RUNS ON FEWER THAN 1 IN 6 PCS
2022-11-02 14:41:00       Slashdot
Much of the Windows world has yet to adopt Microsoft`s latest desktop operating system more than a year after it launched, according to figures for October collated by Statcounter. From a report: Just 15.44 percent of PCs across the globe have installed Windows 11, meaning it gained 1.83 percentage points in a month. This compares to the 71.29 percent running Windows 10, which fell marginally from 71.88 percent in September. Windows 7 is still hanging on with a tenuous grip, in third place with 9.61 percent, Windows 8.1 in fourth with 2.45 percent, plain old Windows 8 with 0.69 percent, and bless its heart, Windows XP with 0.39 percent because of your extended family. In total, Windows has almost 76 percent of the global desktop OS market followed by OS X with 15.7 percent and Linux with 2.6 percent. Android comprised 42.37 percent of total operating system market share, with Windows trailing on 30.11 percent, iOS on 17.6 percent, OS X on 6.24 percent, and Linux on 1.04 percent.\n \n\n \n

MICROSOFT: RASPBERRY ROBIN USB WORM HITS NEARLY 1,000 ORGANIZATIONS IN THE PAST MONTH
2022-10-28 06:01:47       ZDNet
Widely distributed worm evolves into one of the largest currently active malware distribution platforms.

OPENSSL WARNS OF CRITICAL SECURITY VULNERABILITY WITH UPCOMING PATCH
2022-10-27 23:30:00       Slashdot
An anonymous reader quotes a report from ZDNet: Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It`s also what is used to lock down pretty much every secure communications and networking application and device out there. So we should all be concerned that Mark Cox, a Red Hat Distinguished Software Engineer and the Apache Software Foundation (ASF)`s VP of Security, this week tweeted, `OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC.` How bad is `Critical`? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It`s likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely. In other words, pretty much everything you don`t want happening on your production systems. The last time OpenSSL had a kick in its security teeth like this one was in 2016. That vulnerability could be used to crash and take over systems. Even years after it arrived, security company Check Point estimated it affected over 42% of organizations. This one could be worse. We can only hope it`s not as bad as that all-time champion of OpenSSL`s security holes, 2014`s HeartBleed. [...] There is another little silver lining in this dark cloud. This new hole only affects OpenSSL versions 3.0.0 through 3.0.6. So, older operating systems and devices are likely to avoid these problems. For example, Red Hat Enterprise Linux (RHEL) 8.x and earlier and Ubuntu 20.04 won`t be smacked by it. RHEL 9.x and Ubuntu 22.04, however, are a different story. They do use OpenSSL 3.x. [...] But, if you`re using anything with OpenSSL 3.x in -- anything -- get ready to patch on Tuesday. This is likely to be a bad security hole, and exploits will soon follow. You`ll want to make your systems safe as soon as possible.\n \n\n \n

WINDOWS EVENT LOG VULNERABILITIES COULD BE EXPLOITED TO BLIND SECURITY PRODUCTS
2022-10-27 08:18:11       Security Week
\n Remote attackers could exploit two Event Log vulnerabilities in Windows to crash the Event Log application and cause a denial-of-service (DoS) condition, Varonis warns. \n \n Event Log is an Internet Explorer-specific application that exists in all Windows iterations, due to the deep integration of the browser with the operating system. \n \n read more \n

NEXT WINDOWS 10/11 PATCH TUESDAY FIXES MICROSOFT'S BOTCHED VULNERABLE DRIVER BLOCKLIST
2022-10-27 06:47:28       ZDNet
Microsoft addresses an issue preventing Windows 10's vulnerable driver blocklist from being updated with new vulnerable drivers.

NEW POWERSHELL BACKDOOR POSES AS PART OF WINDOWS UPDATE PROCESS
2022-10-19 17:55:38       Security Week
\n Cybersecurity firm SafeBreach has issued a warning about a new PowerShell backdoor that disguises itself as part of the Windows update process to remain fully undetected. \n \n read more \n

MORE THAN 4 IN 10 PCS STILL CAN`T UPGRADE TO WINDOWS 11
2022-10-10 22:02:00       Slashdot
Nearly 43 percent of millions of devices studied by asset management provider Lansweeper are unable to upgrade to Windows 11 due to the hardware requirements Microsoft set out for the operating system. The Register reports: Lansweeper said 42.76 percent of the estimated 27 million PCs it tested across 60,000 organizations failed the CPU test, albeit better than the 57.26 percent in its last test a year ago. Altogether 71.5 percent of the PCs failed the RAM test and 14.66 percent the TPM test. `We know that those who can`t update to Windows 11... will continue to use Windows 10,` said Roel Decneut, chief strategy officer at Lansweeper, whose customers include Sony, Pepsico, Cerner, MiT and Hilton hotels. He said that even if enterprises are prepared to upgrade their PC fleet to meet the system requirements of Microsoft`s latest OS, there are `broader issues affecting adoption that are out of Microsoft`s control.` `Global supply chain disruption has created chip a processor shortage, while many are choosing to stick with what hardware they have at the moment due to the global financial uncertainty.` Other findings from Lansweeper show adoption rates for the latest OS are improving, running on 1.44 percent of computers versus 0.52 percent in January. This means the latest incarnation has overtaken Windows 8 in the popularity stakes but remains behind market share for Windows 7, despite that software going end of life in January 2020. Adoption is, unsurprisingly, higher in the consumer space. Some 4.82 percent of the biz devices researched were running an OS that wasn`t fully supported and 0.91 percent had servers in their estate that are end of life.\n \n\n \n

WINDOWS 11 NOW OFFERS AUTOMATIC PHISHING PROTECTION
2022-10-10 09:00:00       Wired
Youre safer than everheres how.

PHISHING ATTACK SPOOFS ZOOM TO STEAL MICROSOFT USER CREDENTIALS
2022-10-06 14:44:58       Security on TechRepublic
\nTargeting more than 21,000 users, the phishing email managed to bypass Microsoft Exchange email security, says Armorblox.\n \nThe post Phishing attack spoofs Zoom to steal Microsoft user credentials appeared first on TechRepublic .\n

MICROSOFT: TWO NEW 0-DAY FLAWS IN EXCHANGE SERVER
2022-09-30 12:51:57       Krebs on Security
Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

MICROSOFT ROLLS OUT WINDOWS 11 2022 UPDATE
2022-09-20 14:00:00       Slashdot
Microsoft on Tuesday said it`s starting to release the first major update to Windows 11, the current version of its PC operating system. The company said the update is aimed at making PCs easier and safer to use and improve productivity. Some excerpts detailing new features from Windows blog: Windows 11 brought a sense of ease to the PC, with an intuitive design people love. We`re building on that foundation with new features to ensure the content and information you need is always at your fingertips, including updates to the Start menu, faster and more accurate search, Quick Settings, improved local and current events coverage in your Widgets board, and the No. 1 ask from you, tabs in File Explorer. All of this helps Windows anticipate your needs and save you time. [...] The PC has always been where people come to get things done -- especially when it comes to tackling complex tasks. With enhancements to Snap layouts, the new Focus feature, and performance and battery optimizations, the new Windows 11 2022 update will help you be your most productive yet. Snap layouts on Windows 11 have been a game changer for multitasking, helping people optimize their view when they need to have multiple apps or documents in front of them at the same time. With the new update, we`re making Snap layouts more versatile with better touch navigation and the ability to snap multiple browser tabs in Microsoft Edge. We`re introducing Focus sessions and Do Not Disturb to help you minimize distractions that pull you away from the task at hand. [...] We also want to continue to make Windows the best place to play games. This update will deliver performance optimizations to improve latency and unlock features like Auto HDR and Variable Refresh Rate on windowed games. And with Game Pass built right into Windows 11 through the Xbox app, players can access hundreds of high-quality PC games. Having the right content fuels a great PC experience. A year ago, we redesigned the Microsoft Store on Windows to be more open and easier-to-use -- a one-stop shop for the apps, games and TV shows you love. Today, through our partnership with Amazon, we are expanding the Amazon Appstore Preview to international markets, bringing more than 20,000 Android apps and games to Windows 11 devices that meet the feature-specific hardware requirements. In addition to a growing catalog of apps and games, we are also excited to share that we are moving to the next stage of the Microsoft Store Ads pilot -- helping developers get content in front of the right customers. [...] Windows 11 provides layers of hardware and software integrated for powerful, out-of-the box protection from the moment you start your device -- and we`re continuing to innovate. The new Microsoft Defender SmartScreen identifies when people are entering their Microsoft credentials into a malicious application or hacked website and alerts them.\n \n\n \n

MICROSOFT COMMITS TO UPDATING WINDOWS 11 ONCE PER YEAR, AND ALSO ALL THE TIME
2022-09-20 13:21:00       Slashdot
An anonymous reader shares a report: When ArsTechnica reviewed Windows 11 last fall, one of its biggest concerns was that it would need to wait until the fall of 2022 to see changes or improvements to its new -- and sometimes rough -- user interface. Nearly a year later, it`s become abundantly clear that Microsoft isn`t holding back changes and new apps for the operating system`s yearly feature update. One notable smattering of additions was released back in February alongside a commitment to `continuous innovation.` Other, smaller updates before and since (not to mention the continuously-updated Microsoft Edge browser) have also emphasized Microsoft`s commitment to putting out new Windows features whenever they`re ready. There`s been speculation that Microsoft could be planning yet another major shake-up to Windows` update model, moving away from yearly updates that would be replaced by once-per-quarter feature drops, allegedly called `Moments` internally. These would be punctuated by larger Windows version updates every three years or so. As part of the PR around the Windows 11 2022 Update (aka Windows 11 22H2), the company has made clear that none of this is happening. `Windows 11 will continue to have an annual feature update cadence, released in the second half of the calendar year that marks the start of the support lifecycle,` writes Microsoft VP John Cable, `with 24 months of support for Home and Pro editions and 36 months of support for Enterprise and Education editions.` These updates will include their own new features and changes, as the 2022 Update does, but you`ll also need to have the latest yearly update installed to continue to get additional feature updates via Windows Update and the Microsoft Store. As for the Windows 12 rumors, Microsoft simply told Ars it has `no plans to share today.` This stance leaves the company plenty of room to change its plans tomorrow or any day after that. But we can safely say that a new numbered version of Windows won`t happen in the near future. For smaller changes that aren`t delivered as part of a yearly feature update or via a Microsoft Store update, Microsoft will use something called Controlled Feature Rollout (CFR) to test features with a subset of Windows users rather than delivering them to everyone all at once.\n \n\n \n

MICROSOFT EDGE, GOOGLE CHROME ENHANCED SPELLCHECK FEATURE EXPOSES PASSWORDS
2022-09-19 20:02:00       Slashdot
Recent research from the otto-js Research Team has uncovered that data that is being checked by both Microsoft Editor and the enhanced spellcheck setting within Google Chrome is being sent to Microsoft and Google respectively. This data can include usernames, emails, DOB, SSN, and basically anything that is typed into a text box that is checked by these features. Neowin reports: As an additional note, even passwords can be sent by these features, but only when a `Show Password` button is pressed, which converts the password into visible text, which is then checked. The key issue resolves around sensitive user personally identifiable information (PII), and this is a key concern for enterprise credentials when accessing internal databases and cloud infrastructure. Some companies are already taking action to prevent this, with both AWS and LastPass security teams confirming that they have mitigated this with an update. The issue has already been dubbed `spell-jacking`. What`s most concerning is that these settings are so easy to enable by users, and could result in data exposure without anyone ever realising it. The team at otto-js ran a test of 30 websites, across a range of sectors, and found that 96.7% of them sent data with PII back to Google and Microsoft. At present, the otto-js Research Team recommends that these extensions and settings are not used until this issue is resolved.\n \n\n \n

TROJANIZED VERSION OF PUTTY DISTRIBUTED BY FAKE AMAZON JOB PHISHERS ON WHATSAPP
2022-09-17 12:34:00       Slashdot
The makers of the secure telnet client PuTTY also sell a service monitoring company security services - and this July Mandiant Managed Defense `identified a novel spear phish methodology,` according to a post on the company`s blog: [The threat cluster] established communication with the victim over WhatsApp and lured them to download a malicious ISO package regarding a fake job offering that led to the deployment of the AIRDRY.V2 backdoor through a trojanized instance of the PuTTY utility.... This activity was identified by our Mandiant Intelligence: Staging Directories mission, which searches for anomalous files written to directories commonly used by threat actors.... The amazon_assessment.iso archive held two files: an executable and a text file. The text file named Readme.txt had connection details for use with the second file: PuTTY.exe.... [T]he PuTTY.exe binary in the malicious archive does not have a digital signature. The size of the PuTTY binary downloaded by the victim is also substantially larger than the legitimate version. Upon closer inspection, it has a large, high entropy .data section in comparison to the officially distributed version. Sections like these are typically indicative of packed or encrypted data. The suspicious nature of the PuTTY.exe embedded in the ISO file prompted Managed Defense to perform a deeper investigation on the host and the file itself. The execution of the malicious PuTTY binary resulted in the deployment of a backdoor to the host. `The executable embedded in each ISO file is a fully functional PuTTY application compiled using publicly available PuTTY version 0.77 source code,` the blog post points out. Ars Technica notes that Mandiant`s researchers believe it`s being pushed by groups with ties to North Korea: The executable file installed the latest version of Airdry, a backdoor the US government has attributed to the North Korean government. The US Cybersecurity and Infrastructure Security Agency has a description here. Japan`s community emergency response team has this description of the backdoor, which is also tracked as BLINDINGCAN.\n \n\n \n

MICROSOFT TEAMS STORES AUTH TOKENS AS CLEARTEXT IN WINDOWS, LINUX, MACS
2022-09-14 19:20:00       Slashdot
Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on. BleepingComputer reports: `This attack does not require special permissions or advanced malware to get away with major internal damage,` Connor Peoples at cybersecurity company Vectra explains in a report this week. The researcher adds that by taking `control of critical seats -- like a company`s Head of Engineering, CEO, or CFO -- attackers can convince users to perform tasks damaging to the organization.` Vectra researchers discovered the problem in August 2022 and reported it to Microsoft. However, Microsoft did not agree on the severity of the issue and said that it doesn`t meet the criteria for patching. With a patch unlikely to be released, Vectra`s recommendation is for users to switch to the browser version of the Microsoft Teams client. By using Microsoft Edge to load the app, users benefit from additional protections against token leaks. The researchers advise Linux users to move to a different collaboration suite, especially since Microsoft announced plans to stop supporting the app for the platform by December.\n \n\n \n

MICROSOFT FIXES WINDOWS SECURITY HOLE LIKELY WIDELY EXPLOITED BY MISCREANTS
2022-09-13 22:50:07       The Register
Plus: Nasty no-auth RCE in TCP/IP stack, and many more updates \n Patch Tuesday September`s Patch Tuesday is here and it brings, among other things, fixes from Microsoft for one security bug that miscreants have used to fully take over Windows systems along with details of a second vulnerability that, while not yet under attack, has already been publicly disclosed.\n

A WINDOWS 11 AUTOMATION TOOL CAN EASILY BE HIJACKED
2022-09-02 07:00:00       Wired
Hackers can use Microsofts Power Automate to push out ransomware and key loggersif they get machine access first.

CRIMINALS POSTING COUNTERFEIT MICROSOFT PRODUCTS TO GET ACCESS TO VICTIMS` COMPUTERS
2022-08-27 00:00:00       Slashdot
Microsoft has confirmed to Sky News that criminals are posting counterfeit packages designed to appear like Office products in order to defraud people. From the report: One such package seen by Sky News is manufactured to a convincing standard and contains an engraved USB drive, alongside a product key. But the USB does not install Microsoft Office when plugged in to a computer. Instead, it contains malicious software which encourages the victim to call a fake support line and hand over access to their PC to a remote attacker. Microsoft launched an internal investigation into the suspect package after being contacted by Sky News. The company spokesperson confirmed that the USB and the packaging were counterfeit and that they had seen a pattern of such products being used to scam victims before. They added that while Microsoft had seen this type of fraud, it is very infrequent. More often when fraudulent products are sold they tend to be product keys sent to customers via email, with a link to a site for downloading the malicious software.\n \n\n \n

MOZILLA PATCHES HIGH-SEVERITY VULNERABILITIES IN FIREFOX, THUNDERBIRD
2022-08-25 07:03:00       Security Week
\n Mozilla this week patched several high-severity vulnerabilities in its Firefox and Thunderbird products. \n \n Firefox 104 as well as Firefox ESR 91.13 and 102.2 patches a high-severity address bar spoofing issue related to XSLT error handling. The flaw, tracked as CVE-2022-38472, could be exploited for phishing. \n \n read more \n

MICROSOFT FINDS CRITICAL HOLE IN CHROMEOS
2022-08-23 13:20:00       Slashdot
joshuark writes: Microsoft has found a bug in ChromeOS and given it a high vulnerability 9.8 out of 10. The bug was promptly fixed and, about a month later, merged in ChromeOS code then released on June 15, 2022. This is a reversal in that Google usually finds security bugs in software from Microsoft and other vendors after typically 90 days -- even if a patch had not been released -- in the interest of forcing companies to respond to security flaws more quickly. [...] The ChromeOS memory corruption vulnerability -- CVE-2022-2587 -- was particularly severe. As Jonathan Bar Or, a member of the Microsoft 365 Defender research team, explains in his post, the problem follows from the use of D-Bus, an Inter-Process-Communication (IPC) mechanism used in Linux. A D-Bus service called org.chromium.cras (for ChromiumOS Audio Server) provides a way to route audio to newly added peripherals like USB speakers and Bluetooth headsets. The service includes a function called SetPlayerIdentity, which accepts a string argument called identity as its input. And the function`s C code calls out to strcpy in the standard library. Yes, strcpy, which is a dangerous function.\n \n\n \n

MICROSOFT EMPLOYEES EXPOSED OWN COMPANY`S INTERNAL LOGINS
2022-08-16 20:45:00       Slashdot
Multiple people who appear to be employees of Microsoft have exposed sensitive login credentials to the company`s own infrastructure on GitHub, potentially offering attackers a gateway into internal Microsoft systems, according to a cybersecurity research firm that found the exposed credentials. Motherboard reports: `We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it`s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days,` Mossab Hussein, chief security officer at cybersecurity firm spiderSilk which discovered the issue, told Motherboard in an online chat. Hussein provided Motherboard with seven examples in total of exposed Microsoft logins. All of these were credentials for Azure servers. Azure is Microsoft`s cloud computer service and is similar to Amazon Web Services. All of the exposed credentials were associated with an official Microsoft tenant ID. A tenant ID is a unique identifier linked to a particular set of Azure users. One of the GitHub users also listed Microsoft on their profile. Three of the seven login credentials were still active when spiderSilk discovered them, with one seemingly uploaded just days ago at the time of writing. The other four sets of credentials were no longer active but still highlighted the risk of workers accidentally uploading keys for internal systems. Microsoft refused to elaborate on what systems the credentials were protecting when asked multiple times by Motherboard. But generally speaking, an attacker may have an opportunity to move onto other points of interest after gaining initial access to an internal system. One of the GitHub profiles with exposed and active credentials makes a reference to the Azure DevOps code repository. Highlighting the risk that such credentials may pose, in an apparently unrelated hack in March attackers gained access to an Azure DevOps account and then published a large amount of Microsoft source code, including for Bing and Microsoft`s Cortana assistant. `We`ve investigated and have taken action to secure these credentials,` said a Microsoft spokesperson in a statement. `While they were inadvertently made public, we haven`t seen any evidence that sensitive data was accessed or the credentials were used improperly. We`re continuing to investigate and will continue to take necessary steps to further prevent inadvertent sharing of credentials.`\n \n\n \n

MICROSOFT URGES WINDOWS USERS TO RUN PATCH FOR DOGWALK ZERO-DAY EXPLOIT
2022-08-13 06:00:00       Slashdot
joshuark shares a report from Computerworld: Despite previously claiming the DogWalk vulnerability did not constitute a security issue, Microsoft has now released a patch to stop attackers from actively exploiting the vulnerability. [...] The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems. DogWalk affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022. The vulnerability was first reported in January 2020 but at the time, Microsoft said it didn`t consider the exploit to be a security issue. This is the second time in recent months that Microsoft has been forced to change its position on a known exploit, having initially rejected reports that another Windows MSDT zero-day, known as Follina, posed a security threat. A patch for that exploit was released in June`s Patch Tuesday update.\n \n\n \n

MICROSOFT REPORTEDLY LAYS OFF TEAM FOCUSED ON WINNING BACK CONSUMERS
2022-08-10 11:38:00       Slashdot
Microsoft is reportedly laying off its team focused on winning back consumers. From a report: In 2018 the software giant originally detailed its efforts to win back the non-enterprise customers it let down, forming a Modern Life Experiences team to focus on professional consumers (prosumers). Business Insider now reports that Microsoft is laying off that team, and telling the roughly 200 affected employees to find another position at the company or take severance pay. While Microsoft isn`t officially commenting on the end of its Modern Life initiative, a Microsoft senior designer revealed there was `hard news` for the Modern Life Experiences team this week in a LinkedIn post. The news comes weeks after Microsoft cut less than 1 percent of its 180,000-person workforce, with job cuts in consulting, and customer and partner solutions. Microsoft has also been cutting open job roles as it slows hiring amid a weakening economy.\n \n\n \n

MICROSOFT`S FIX FOR `DATA DAMAGE` RISK HITS PC PERFORMANCE
2022-08-09 13:30:06       The Register
`AES-based operations might be two times slower` without latest updates \nMicrosoft has warned that Windows devices with the newest supported processors might be susceptible to data damage, noting the initial fix might have slowed operations down for some.\n

TO THWART RANSOMWARE, MICROSOFT`S WINDOWS GETS NEW DEFAULTS LIMITING BRUTE-FORCE PASSWORD GUESSING
2022-07-24 18:50:00       Slashdot
ZDNet reports: Microsoft is rolling out a new security default for Windows 11 that will go a long way to preventing ransomware attacks that begin with password-guessing attacks and compromised credentials. The new account security default on account credentials should help thwart ransomware attacks that are initiated after using compromised credentials or brute-force password attacks to access remote desktop protocol (RDP) endpoints, which are often exposed on the internet. RDP remains the top method for initial access in ransomware deployments, with groups specializing in compromising RDP endpoints and selling them to others for access. The new feature is rolling out to Windows 11 in a recent Insider test build, but the feature is also being backported to Windows 10 desktop and server, according to Dave Weston, vice president of OS Security and Enterprise at Microsoft. `Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks - this control will make brute forcing much harder which is awesome!,` Weston tweeted. Weston emphasized `default` because the policy is already an option in Windows 10 but isn`t enabled by default. That`s big news and is a parallel to Microsoft`s default block on internet macros in Office on Windows devices, which is also a major avenue for malware attacks on Windows systems through email attachments and links.... The defaults will be visible in the Windows Local Computer Policy directory `Account Lockout Policy`. The default `account lockout duration` is 10 minutes; the `account lockout threshold` is set to a maximum of 10 invalid logon attempts; a setting to `allow administrator account lockout` is enabled; and the `reset account lockout counter after` setting is set to 10 minutes.\n \n\n \n

MICROSOFT WILL BLOCK OFFICE MACROS BY DEFAULT STARTING JULY 27
2022-07-23 08:00:00       Slashdot
Microsoft confirmed this week that it will soon start blocking Visual Basic Applications (VBA) macros in Office apps by default after quietly rolling back the change earlier this month. From a report: In a new update, the technology giant said that it will start blocking Office macros by default starting from July 27. This comes shortly after Microsoft halted the rollout of the macros-blocking feature citing unspecified `user feedback.` It`s thought the initial rollout, which kicked off at the beginning of June, caused issues for organizations using macros to automate routine processes, such as data collection or running certain tasks. In a statement given to TechCrunch, Microsoft said it paused the rollout while it `makes some additional changes to enhance usability.` The company has since updated its documentation with step-by-step instructions for end users and IT admins explaining how Office determines whether to block or run macros, which Office versions are affected by the new rules, how to allow VBA macros in trusted files and how to prepare for the change.\n \n\n \n

CHROME FLAW EXPLOITED BY ISRAELI SPYWARE FIRM ALSO IMPACTS EDGE, SAFARI
2022-07-22 11:30:23       Security Week
\n A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsofts Edge and Apples Safari web browsers. \n \n read more \n

OUTLOOK EMAIL USERS ALERTED TO SUSPICIOUS ACTIVITY FROM MICROSOFT-OWNED IP ADDRESS
2022-07-21 10:27:09       The Register
People turn amateur sleuths to discover that the source of all those sign-ins seems to be in Redmond \nStrange things are afoot in the world of Microsoft email with multiple users reporting unusual sign-in notifications for their Outlook accounts.\n \n \n

MICROSOFT WILL END SUPPORT FOR MOST VERSIONS OF INTERNET EXPLORER ON JUNE 15
2022-06-13 15:00:00       Slashdot
It`s finally happening. Microsoft will be ending support for most versions of its Internet Explorer (IE) 11 browser on June 15. ZDNet: Microsoft announced more than a year ago that IE would be removed from most versions of Windows 10 this year and has spent months encouraging customers to get ready by proactively retiring the browser from their organizations. IE 11 will be retired for Windows 10 client SKUs (version 20H2 and later) and Windows 10 IoT (version 20H2 and later). Products not affected by this retirement include IE Mode in Edge; IE 11 desktop on Windows 8.1, Windows 7 (with Extended Security Updates), Windows Server LTSC (all versions), Windows Server 2022, Windows 10 client LTSC (all versions), Windows 10 IoT LTSC (all versions). The IE 11 desktop app is not available on Windows 11, as Edge is the default browser for Windows 11. IE Mode in Microsoft Edge will be supported through at least 2029 to give web developers eight years to modernize legacy apps and eventually remove the need for IE mode, officials have said. According to Net Applications, a web monitoring tool, Internet Explorer still has a market share of 5.21% on desktops and laptops, far behind Chrome at over 69%, to be sure, but still ahead of Apple`s Safari, which commands 3.73% market share.\n \n\n \n

MICROSOFT TRYING TO KILL HDD BOOT DRIVES BY 2023, REPORT SAYS
2022-06-08 19:50:00       Slashdot
A recent executive brief from data storage industry analyst firm Trendfocus reports that OEMs have disclosed that Microsoft is pushing them to drop HDDs as the primary storage device in pre-built Windows 11 PCs and use SSDs instead, with the current deadlines for the switchover set for 2023. Tom`s Hardware reports: Interestingly, these actions from Microsoft come without any firm SSD requirement listed for Windows 11 PCs, and OEMs have pushed back on the deadlines. [...] Microsoft`s most current(opens in new tab) list of hardware requirements calls for a `64 GB or larger storage device` for Windows 11, so an SSD isn`t a minimum requirement for a standard install. However, Microsoft stipulates that two features, DirectStorage and the Windows Subsystem for Android(opens in new tab), require an SSD, but you don`t have to use those features. It is unclear whether or not Microsoft plans to change the minimum specifications for Windows 11 PCs after the 2023 switchover to SSDs for pre-built systems. As always, the issue with switching all systems to SSDs boils down to cost: Trendfocus Vice President John Chen tells us that replacing a 1TB HDD requires stepping down to a low-cost 256 GB SSD, which OEMs don`t consider to be enough capacity for most users. Conversely, stepping up to a 512 GB SSD would `break the budget` for lower-end machines with a strict price limit. `The original cut-in date based on our discussions with OEMs was to be this year, but it has been pushed out to sometime next year (the second half, I believe, but not clear on the firm date),` Chen told Tom`s Hardware. `OEMs are trying to negotiate some level of push out (emerging market transition in 2024, or desktop transition in 2024), but things are still in flux.` The majority of PCs in developed markets have already transitioned to SSDs for boot drives, but there are exceptions. Chen notes that it is possible that Microsoft could make some exceptions, but the firm predicts that dual-drive desktop PCs and gaming laptops with both an SSD for the boot drive and an HDD for bulk storage will be the only mass-market PCs with an HDD. [...] It`s unclear what measures, if any, Microsoft would take with OEMs if they don`t comply with its wishes, and the company has decided not to comment on the matter. Trendfocus says the switchover will have implications for HDD demand next year.\n \n\n \n

THIS ZERO-DAY WINDOWS FLAW OPENS A BACKDOOR TO HACKERS VIA MICROSOFT WORD. HERE'S HOW TO FIX IT
2022-05-31 06:45:06       ZDNet
Microsoft recommends disabling a protocol used for troubleshooting Windows bugs that attackers are abusing with a malicious Word document.

WINDOWS PRINT SPOOLER VULNERABILITIES INCREASINGLY EXPLOITED IN ATTACKS
2022-05-11 06:09:56       Security Week
The number of attacks targeting Windows Print Spooler vulnerabilities has been increasing, according to cybersecurity firm Kaspersky.

MICROSOFT RECOMMENDS PEOPLE UNINSTALL OPTIONAL WINDOWS 11 UPDATE KB5012643
2022-05-09 21:25:00       Slashdot
DrunkenTerror shares a report from ExtremeTech: Microsoft is advising Windows 11 users to uninstall a recent update. Reports indicated the optional update KB5012643 is causing various apps to crash. The problem involves an interaction between the update and the .Net Framework that`s part of Windows. At this time it`s unclear which apps are affected by the issue, leaving uninstallation as the `only` viable solution. `Affected apps are using certain optional components in .NET Framework 3.5, such as Windows Communication Foundation (WCF) and Windows Workflow (WWF) components.` This update also broke Safe Mode. Microsoft says when users booted into `Safe Mode without networking` users might see the screen flicker. Per MS, `Components that rely on explorer.exe, such as File Explorer, the Start menu, and the taskbar, can be affected and appear unstable.` Microsoft issued a Known Issue Rollback (KiR) for this already so it should be fixed. If you encounter it, you should be able to resolve it by enabling network support in Safe Mode.\n \n\n \n

HACKERS ARE NOW HIDING MALWARE IN WINDOWS EVENT LOGS
2022-05-09 18:40:00       Slashdot
Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. BleepingComputer reports: The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed to keep the activity as stealthy as possible. [...] The dropper copies the legitimate OS error handling file [...] and then drops an encrypted binary resource to the `wer.dll` (Windows Error Reporting) in the same location, for DLL search order hijacking to load malicious code. DLL hijacking is a hacking technique that exploits legitimate programs with insufficient checks to load into memory a malicious Dynamic Link Library (DLL) from an arbitrary path. [Denis Legezo, lead security researcher at Kaspersky] says that the dropper`s purpose is to loader on the disk for the side-loading process and to look for particular records in the event logs (category 0x4142 - `AB` in ASCII. If no such record is found, it writes 8KB chunks of encrypted shellcode, which are later combined to form the code for the next stager. `The dropped wer.dll is a loader and wouldn`t do any harm without the shellcode hidden in Windows event logs,` says Legezo. The new technique analyzed by Kaspersky is likely on its way to becoming more popular as Soumyadeep Basu, currently an intern for Mandiant`s red team, has created and published on GitHub source code for injecting payloads into Windows event logs.\n \n\n \n

PCWORLD: SIX MONTHS SINCE RELEASE, WINDOWS 11 STILL `UNNECESSARY`
2022-05-03 12:40:00       Slashdot
UnknowingFool writes: In October 2021, PC World reviewed Windows 11 and labeled it as an `unnecessary replacement` to Windows 10 and did not recommend it for Windows 10 users. PC World noted that it was a `mixed bag of improved features and unnecessary changes.` Six months later they reviewed it again. While MS has made improvements, PC World does not feel the improvements warrant a recommendation for Windows 10 users to upgrade.\n \n\n \n

MICROSOFT EDGE IS GETTING A BUILT-IN VPN POWERED BY CLOUDFLARE
2022-04-29 09:00:00       Slashdot
An anonymous reader quotes a report from XDA Developers: Microsoft is testing a VPN-like service for its Edge browser, adding a new layer of security and privacy to the browsing experience. A recently-discovered support page on Microsoft`s website details the `Microsoft Edge Secure Network` feature, which provides data encryption and prevents online tracking, courtesy of Cloudflare. While it isn`t available yet, even if you have the latest Dev channel build, the Microsoft Edge Secure Network feature appears to be similar in nature to Cloudflare`s 1.1.1.1 service. This is essentially a proxy or VPN service, which encrypts your browsing data so that it`s safe from prying eyes, including your ISP. It also keeps your location private, so you can use it to access geo-restricted websites, or content that`s blocked in your country. Microsoft Edge`s Secure Network mode will require you to be signed into your Microsoft account, and that`s because the browser keeps track of how much data you`ve used in this mode. You get 1GB of free data per month, and that`s tied to your Microsoft account. Most VPN services aren`t free, so this shouldn`t come as a surprise. Cloudflare itself doesn`t keep any personally-identifiable user data, and any data related to browsing sessions is deleted every 25 hours. Information related to your data usage is also deleted at the end of each monthly period.\n \n\n \n

MICROSOFT FIXES POINT OF SALE BUG THAT DELAYED WINDOWS 11 STARTUP FOR 40 MINUTES
2022-04-28 06:00:00       Slashdot
`The Register reports Microsoft fixed a Point of Sale bug that delayed Windows 11 startup for 40 minutes,` writes Slashdot reader ellithligraw. `So much for the express lane at check-out.` From the report: A fresh Windows 11 patch slipped out overnight as an optional update, but contains an impressively long list of fixes for Microsoft`s flagship operating system. One bug addressed in KB5012643 could leave Point of Sale terminals hanging for up to 40 minutes during startup. Microsoft stated, `We fixed an issue that delays OS startup by approximately 40 minutes.` `Microsoft described the fixes as `improvements` [and chose to highlight the fact that temperature would now be displayed on top of the weather icon on the taskbar],` added Slashdot reader ellithligraw. `[Y]eah, Windows 11 is great as a PoS.`\n \n\n \n

IS MICROSOFT REALLY GOING TO CUT OFF SECURITY UPDATES FOR MY `UNSUPPORTED` WINDOWS 11 PC? [ASK ZDNET]
2022-04-22 08:00:02       ZDNet
Got a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer. This week: Decoding Microsoft's confusing update policies, finding advanced 2FA options, and getting Google Fiber into your apartment building.

MICROSOFT IS DISABLING SMB1 FILE-SHARING PROTOCOL IN WINDOWS 11 HOME
2022-04-21 20:01:00       Slashdot
joshuark shares a report: Microsoft`s Windows 10 operating system already disables by default SMB (Server Message Block) version 1, the 30-year-old file-sharing protocol. Now the company is doing the same with Windows 11 Home Dev Channel test builds, announced officials on April 19. SMB1 is considered outdated and not secure. However, some users with very old equipment may be in for a surprise if their Windows 11 laptops can`t connect to an old networked hard drive, as officials said in a blog post about the SMB1 phase out plan. `There is no edition of Windows 11 Insider that has any part of SMB1 enabled by default anymore. At the next major release of Windows 11, that will be the default behavior as well,` said Ned Pyle, Principal Program Manager. `Like always, this doesn`t affect in-place upgrades of machines where you were already using SMB1. SMB1 is not gone here, an admin can still intentionally reinstall it,` Pyle added.\n \n\n \n

IS WINDOWS 11 LESS POPULAR THAN WINDOWS XP?
2022-04-17 03:54:00       Slashdot
`A new survey claims Windows 11 adoption is so low it`s actually less popular than the 20-year-old Windows XP,` reports PC Magazine: The survey comes from an IT management provider called Lansweeper. Through its own software products, the company scanned 10 million Windows devices this month to determine which OS they were using. The results found that only 1.44% of the devices had Windows 11 installed, which is lower than the 1.71% for Windows XP. In contrast, Windows 10 maintains a dominant share at 80.34%. Although Windows 11`s adoption is low at 1.44%, the number actually went up almost three times from 0.52% back in January. It`s also important to note that other surveys have found much higher Windows 11 adoption numbers. Last month, the app advertising platform AdDuplex found Windows 11 usage was at 19.4%, although this represented a mere 0.1% growth from the previous month. Meanwhile, the Steam hardware survey from Valve estimates Windows 11 usage has reached 16.8%.\n \n\n \n

WHY GAMERS ARE ADOPTING WINDOWS 11 MORE SLOWLY THAN WINDOWS 10
2022-04-15 09:00:00       Slashdot
Ars Technica`s Andrew Cunningham combed through Steam Hardware and amp; Software Survey data `to see how Windows 11 is fairing with enthusiasts.` An anonymous reader shares an excerpt from the report: Steam users are migrating to Windows 11 about half as quickly as they moved to Windows 10. Six months after its release, Windows 10 ran on 31 percent of all Steam computers -- nearly one in three. As of March 2022, Windows 11 runs on just under 17 percent of Steam computers -- about one in six. Three-quarters of all Steam computers in 2022 are still running Windows 10. It`s easy to interpret these results as an indictment of Windows 11, which generated some controversy with its relatively stringent (and often poorly explained) security-oriented system requirements. At least some of this slow adoption is caused by those system requirements -- many of the PCs surveyed by Steam probably can`t install Windows 11. That could be because users have an older unsupported CPU or have one or more of the required security features disabled; Secure Boot and the firmware TPM module were often turned off by default on new motherboards for many years. But there are other compelling explanations. Windows 11`s adoption looks slow compared to Windows 10, but Windows 10`s adoption was also exceptionally good. Windows 8 and 8.1 were not well-loved, to put it mildly, and Windows 10 was framed as a response to (and a fix for) most of Windows 8`s user interface changes. And people who were still on Windows 7 were missing out on some of the nice quality-of-life additions and under-the-hood improvements that Windows 8 added. You can see that pent-up demand in the jump between July 2015 and September 2015. In the first two months of Windows 10`s availability, Windows 8 hemorrhaged users, falling from around 35 percent usage to 19 percent. Virtually all of those users -- and a smaller but still notable chunk of Windows 7 users -- were moving to Windows 10. Windows 11 also got a decent early adopter bump in November 2021, but its gains every other month were much smaller. In contrast, Windows 11 was announced with little run-up, and it was replacing what users had been told was the `last version of Windows.` Where Windows 10 replaced one new, unloved OS and one well-liked but aging OS, Windows 11 replaced a modern OS that nobody really complained about (Windows 10 ran on over 90 percent of all Steam computers in September 2021 -- even Windows 7 in its heyday couldn`t boast that kind of adoption). It`s also worth noting that Microsoft didn`t try to re-create that initial burst of adoption for Windows 11. Following some turbulence after early Windows 10 servicing updates, Microsoft began rolling updates out more methodically, starting with small numbers of PCs and then expanding availability gradually as problems were discovered and ironed out. Windows 11 only entered `its final phase of availability` in February, ensuring that anyone with a compatible PC could get Windows 11 through Windows Update if they wanted it.\n \n\n \n

MICROSOFT DETAILS HOW CHINA-LINKED CREW`S MALWARE HIDES SCHEDULED WINDOWS TASKS
2022-04-14 07:45:14       The Register
All so that it can maintain backdoor access across reboots \nThe China-linked Hafnium cyber-gang is using a strain of malware to maintain a persistent presence in compromised Windows systems by creating hidden tasks that maintain backdoor access even after reboots.\n

MICROSOFT: MOVING WINDOWS 11 TASKBAR MAY NEVER BE AN OPTION AGAIN
2022-04-11 19:20:00       Slashdot
If you are waiting for Windows 11 side-taskbar support before upgrading to the latest operating system, you may be waiting for a long time, according to a recent Microsoft Ask Me Anything (AMA) session. BleepingComputer reports: As first reported by Neowin, in a recent Microsoft Ask Me Anything (AMA) session, a user asked whether Microsoft would be bringing back the ability to move the sidebar to the sides. The response was not very promising, with Tali Roth, Microsoft`s Head of Product, explaining that a small amount of Windows users use the feature and that it is unsure whether the feature will ever be brought back: `When it comes to something like actually being able to move the taskbar to different locations on the screen, there`s a number of challenges with that. When you think about having the taskbar on the right or the left, all of a sudden the reflow and the work that all of the apps have to do to be able to understand the environment is just huge. And when you look at the data, while we know there is a set of people that love it that way and, like, really appreciate it, we also recognize that this set of users is really small compared to the set of other folks that are asking for other features. So at the moment we are continuing to focus on things that I hear more pain around. It is one of those things that we are still continuing to look at, and we will keep looking to feedback, but at the moment we do not have a plan or a set date for when we would, or if we would, actually build the side taskbar.` You can watch the entire discussion about this feature on YouTube.\n \n\n \n

NEW WINDOWS 11 SECURITY FEATURE WILL REQUIRE A PC RESET
2022-04-08 14:45:00       Slashdot
Microsoft has rolled out a new security feature called Smart App Control with Windows 11. From a report: `Smart App Control is a major enhancement to the Windows 11 security model that prevents users from running malicious applications on Windows devices that default blocks untrusted or unsigned applications,` Microsoft vice president David Weston explains. `It goes beyond previous built-in browser protections and is woven directly into the core of the OS at the process level. Using code signing along with AI, our new Smart App Control only allows processes to run that are predicted to be safe based on either code certificates or an AI model for application trust within the Microsoft cloud. Model inference occurs 24 hours a day on the latest threat intelligence that provides trillions of signals.` Smart App Control is interesting because it will be enabled by default on new Windows PCs in the future. But if you upgrade to whatever version of Windows 11 that enables this feature on an existing install, you will have to use Reset this PC to reset Windows 11 and clean install it. That is, I believe, unprecedented.\n \n\n \n

MICROSOFT: HERE ARE THE KEY WINDOWS 11 SECURITY UPGRADES COMING YOUR WAY
2022-04-06 07:33:00       ZDNet
Microsoft has detailed a number of security upgrades coming to Windows 11, from the chip to the cloud.

MICROSOFT IS FINALLY MAKING IT EASIER TO SWITCH DEFAULT BROWSERS IN WINDOWS 11
2022-03-29 13:35:00       Slashdot
Microsoft is finally making it easier to change your default browser in Windows 11. A new update (KB5011563) has started rolling out this week that allows Windows 11 users to change the default browser with a single click. After testing the changes in December, this new one-click method is rolling out to all Windows 11 users. From a report: Originally, Windows 11 shipped without a simple button to switch default browsers that was always available in Windows 10. Instead, Microsoft forced Windows 11 users to change individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, or you had to tick a checkbox that only appeared when you clicked a link from outside a browser. Microsoft defended its decision to make switching defaults harder, but rival browser makers like Mozilla, Brave, and even Google`s head of Chrome criticized Microsoft`s approach.\n \n\n \n

MICROSOFT IS ADDING A NEW DRIVER-BLOCKLIST FEATURE TO WINDOWS DEFENDER ON WINDOWS 10 AND 11
2022-03-28 13:24:00       ZDNet
Microsoft is adding a new security option to Windows Defender that is meant to help protect against malicious drivers on Windows 10 and 11 devices.

WINDOWS 11 GETS A DESKTOP WATERMARK ON UNSUPPORTED HARDWARE
2022-03-21 11:23:00       Slashdot
Microsoft is pushing ahead with plans to warn Windows 11 users that have installed the operating system on unsupported hardware. In a new update to Windows 11, a watermark has appeared on the desktop wallpaper for unsupported systems, alongside a similar warning in the landing page of the settings app. From a report: Microsoft had been testing these changes last month, but they`re now rolling out to Release Preview just ahead of a full release to all Windows 11 users in the coming days. While Microsoft doesn`t mention the addition of a watermark in its `improvements` list for this update, testers have noticed it`s included. If Windows 11 is running on unsupported hardware, a new desktop watermark will state `System requirements not met. Go to settings to learn more.` It`s similar, but far less prominent, to the semi-transparent watermark that appears in Windows if you haven`t activated the OS.\n \n\n \n

MICROSOFT'S LATEST WINDOWS PATCHES FIX THE BUG CAUSING USER DATA NOT TO BE ERASED
2022-03-08 17:34:00       ZDNet
Microsoft is rolling out a fix for the Windows reset bug discovered a few weeks ago as part of its Windows 10 and 11 Patch Tuesday updates.

MOZILLA FIXES FIREFOX ZERO-DAYS EXPLOITED IN THE WILD
2022-03-07 05:46:20       Net-Security
\nMozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities (CVE-2022-26485, CVE-2022-26486) exploited by attackers in the wild. About the vulnerabilities (CVE-2022-26485, CVE-2022-26486) The two patched zero-days are both memory corruption bugs of the “use-after-free” kind, meaning that they may allow attackers to use memory that has been freed by the program. CVE-2022-26485 affects XSLT parameter processing and can be used to achieve remote code execution within the … More → \n \nThe post Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486) appeared first on Help Net Security .\n

NEW WINDOWS 11 TEST BUILD WANTS YOUR CREDIT CARD INFO
2022-03-03 05:00:00       Slashdot
Microsoft`s latest Windows 11 test build is another substantial one, adding two important features: payment information, and a new security feature called Smart App Control that will watch over new apps and games that you add to your PC. PCWorld reports: Microsoft released Windows 11 Insider Preview Build 22567 for the Dev Channel on Wednesday with other changes, too and #226;`including a tweak to Windows Update, so that now you can configure your PC to turn on an update when renewable energy is at its most plentiful. (Remember, code that Microsoft tests within the Dev Channel may make its way to your PC eventually -- or not.) Asking for credit-card information within Windows isn`t that startling, as you`ve probably already entered payment information into the Microsoft ecosystem either for buying apps or movies on the Microsoft Store app or for making similar purchases via your Xbox. Still, those transactions are normally performed via your Microsoft Account web page, which manages all of that online and behind the scenes. (You can reach them via the Windows 11 Settings and gt; Accounts and gt; Your Microsoft account.) Microsoft considers the additional credit-card info as part of the subscription option it added last month. Now, if your subscription risks falling through because of an expired credit card, Microsoft will alert you. Conceptually, however, it implies that your PC is as much a tool to make purchases as it is to simply work and game. Another interesting addition is what Microsoft calls Smart App Control, or SAC. Microsoft describes it as a `new security feature for Windows 11 that blocks untrusted or potentially dangerous applications.` What those applications are, apparently, is up to Microsoft. And yes, there`s always a concern that SAC would flag otherwise innocuous applications that it simply hasn`t seen before. But Microsoft is gently easing SAC onto your PC. For one thing, you`ll need to perform a clean install to enable it. For another, SAC won`t immediately insert itself. Other tweaks and changes include the ability to have Windows update your PC when clean energy is more commonly available (via Microsoft`s partners electricityMap or WattTime) and better integration between your Android phone and PC via Windows 11 OOBE (Out of the Box Experience). Additionally, `Microsoft now offers wider availability of speech packs to improve transcription, the ability to choose a mic for dictation/ transcription, and the ability to mute your speakers by simply clicking the volume icon in the hardware indicator for volume,` reports PCWorld.\n \n\n \n

WINDOWS 10 AND 11 21H2 DATA WIPING TOOL LEAVES USER DATA ON DISK
2022-02-22 17:40:00       Slashdot
Microsoft MVP Rudy Ooms has discovered that the built-in Windows data wiping functions leave user data behind in the latest versions of Windows 10 and Windows 11. `This error applies to both local and remote wiping of PCs running Windows 10 version 21H2 and Windows 11 version 21H2,` reports Tom`s Hardware. From the report: Ooms first discovered that there were problems with the disk wipe functionality provided by Microsoft when doing a remote wipe via Microsoft Intune system management. However, he has tested several Windows versions and both local and remote wiping over the weekend to compile the following summary table [embedded in the article]. At the bottom of the table you can see that both Wipe and Fresh Start options appear to work as expected in Windows 10 and 11 version 21H1, but are ineffectual in versions 21H2. Ooms installed and tested these four OSes, with local and remote wipe operations, then checked the results. The most common issue was the leaving behind of user data in a folder called Windows.old on the `wiped` or `fresh start` disk. This is despite Microsoft warning users ahead of the action that `This removes all personal and company data and settings from this device.` In his blog post, Oooms notes that some users might feel assured that their personal data was always stored on a Bitlocker drive. However, when a device is wiped, Bitlocker is removed, and he discovered that the Windows.old folder contained previously encrypted data, now non-encrypted. It was also noted that OneDrive files, which had been marked as `Always Keep on this device` in Windows previously, remained in Windows.old too. Ooms has kindly put together a PowerShell Script to fix this security blunder by Microsoft. One needs to run the script ahead of wiping/resetting your old device. Hopefully Microsoft will step up and fix this faulty behavior in the coming weeks, so you don`t need to remember to run third party scripts.\n \n\n \n

WINDOWS 11 PRO NOW REQUIRES MICROSOFT ACCOUNT AND INTERNET DURING SETUP
2022-02-17 19:02:00       Slashdot
An anonymous reader quotes a report from Ars Technica: Now that Windows 11`s first major post-release update has been issued, Microsoft has started testing a huge collection of new features, UI changes, and redesigned apps in the latest Windows Insider preview for Dev channel users. By and large, the changes are significant and useful -- there`s an overhauled Task Manager, folders for pinned apps in the Start menu, the renewed ability to drag items into the Taskbar (as you could in Windows 10), improvements to the Do Not Disturb and Focus modes, new touchscreen gestures, and a long list of other fixes and enhancements. But tucked away toward the bottom of the changelog is one unwelcome addition: like the Home edition of Windows 11, the Pro version will now require an Internet connection and a Microsoft account during setup. In the current version of Windows 11, you could still create a local user account during setup by not connecting your PC to the Internet -- something that also worked in the Home version of Windows 10 but was removed in 11. That workaround will no longer be available in either edition going forward, barring a change in Microsoft`s plans. While most devices do require a sign-in to fully enable app stores, cloud storage, and cross-device sharing and syncing, Windows 11 will soon stand alone as the only major consumer OS that requires account sign-in to enable even basic functionality.\n \n\n \n

FIREFOX AND CHROME VERSIONS `100` MAY BREAK SOME WEBSITES
2022-02-17 09:41:00       Slashdot
As both the Chrome and Firefox browsers approach their 100th versions, what should be a reason for the developers to celebrate could turn into a bit of a mess. From a report: It turns out that much like the Y2K bug, the triple-digit release numbers coded in the browsers` User-Agents (UAs) could cause issues with a small number of sites, Bleeping Computer reported. Mozilla launched an experiment last year to see if version number 100 would affect sites, and it just released a blogpost with the results. It did affect a small number of sites (some very big ones, though) that couldn`t parse a user-agent string containing a three-digit number. Notable ones still affected included HBO Go, Bethesda and Yahoo, according to a tracking site. The bugs include `browser not supported` messages, site rendering issues, parsing failures, 403 errors and so on.\n \n\n \n

WINDOWS 11`S FIRST BIG UPDATE ARRIVES WITH ANDROID APPS AND TASKBAR CHANGES
2022-02-15 12:22:00       Slashdot
Microsoft is releasing its first big update to Windows 11 today, and it includes a lot of new additions. From a report: A public preview of Android apps on Windows 11 will be available today in the US, alongside redesigned Notepad and Media Player apps. The first big Windows 11 update will also include a bunch of improvements to the taskbar. The public preview of Android apps on Windows 11 will allow users to install apps from Amazon`s Appstore. The Verge points to workarounds to get Google Play Store running on Windows 11 unofficially. Back to more changes: The biggest changes in this Windows 11 update are related to the taskbar. The time and date will finally be available on multiple monitors in Windows 11, something that was missing at launch. The weather widget also returns to the taskbar in this update, and a new mute / unmute feature in the taskbar will be available for Microsoft Teams calls. You`ll also be able to quickly screen share a specific app or window from the taskbar directly into a Microsoft Teams call. Microsoft has also redesigned the Media Player and Notepad apps for Windows 11. Notepad now includes multi-step undo, an improved search interface, and dark mode support. The new Media Player app is designed to replace Groove Music and Windows Media Player and includes support for both audio and video and a design that better matches Windows 11`s UI improvements.\n \n\n \n

MICROSOFT DEFENDER WILL SOON BLOCK WINDOWS PASSWORD THEFT
2022-02-14 19:50:00       Slashdot
Microsoft is enabling a Microsoft Defender `Attack Surface Reduction` security rule by default to block hackers` attempts to steal Windows credentials from the LSASS process. BleepingComputer reports: When threat actors compromise a network, they attempt to spread laterally to other devices by stealing credentials or using exploits. One of the most common methods to steal Windows credentials is to gain admin privileges on a compromised device and then dump the memory of the Local Security Authority Server Service (LSASS) process running in Windows. This memory dump contains NTLM hashes of Windows credentials of users who had logged into the computer that can be brute-forced for clear-text passwords or used in Pass-the-Hash attacks to login into other devices. While Microsoft Defender block programs like Mimikatz, a LSASS memory dump can still be transferred to a remote computer to dump credentials without fear of being blocked. To prevent threat actors from abusing LSASS memory dumps, Microsoft has introduced security features that prevent access to the LSASS process. One of these security features is Credential Guard, which isolates the LSASS process in a virtualized container that prevents other processes from accessing it. However, this feature can lead to conflicts with drivers or applications, causing some organizations not to enable it. As a way to mitigate Windows credential theft without causing the conflicts introduced by Credential Guard, Microsoft will soon be enabling a Microsoft Defender Attack Surface Reduction (ASR) rule by default. The rule, ` Block credential stealing from the Windows local security authority subsystem,` prevents processes from opening the LSASS process and dumping its memory, even if it has administrative privileges. While enabling the ASR rule by default will significantly impact the stealing of Windows credentials, it is not a silver bullet by any means. This is because the full Attack Surface Reduction feature is only supported on Windows Enterprise licenses running Microsoft Defender as the primary antivirus. However, BleepingComputer`s tests show that the LSASS ASR rule also works on Windows 10 and Windows 11 Pro clients. Unfortunately, once another antivirus solution is installed, ASR is immediately disabled on the device. Furthermore, security researchers have discovered built-in Microsoft Defender exclusion paths allowing threat actors to run their tools from those filenames/directories to bypass the ASR rules and continue to dump the LSASS process. Mimikatz developer Benjamin Delpy told BleepingComputer that Microsoft probably added these built-in exclusions for another rule, but as exclusions affect ALL rules, it bypasses the LSASS restriction.\n \n\n \n

BEWARE FAKE WINDOWS 11 UPGRADE INSTALLERS BRINGING REDLINE MALWARE
2022-02-12 10:34:00       Slashdot
Slashdot reader joshuark writes: Beware fake Windows 11 upgrades install RedLine malware, reports Bleeping Computer. `Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware.` Bleeping Computer advises, `...these dangerous sites are promoted via forum and social media posts or instant messages, so don`t trust anything but the official Windows upgrade system alerts.` Bleeping Computer points out that hardware incompatibilities rule out upgrades for many Windows 10 users from official distribution channels - `something that malware operators see as an excellent opportunity for finding new victims.` The timing of the attacks coincides with the moment that Microsoft announced Windows 11`s broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize their operation`s success. RedLine stealer is currently the most widely deployed password, browser cookies, credit card, and cryptocurrency wallet info grabber, so its infections can have dire consequences for the victims. According to researchers at HP, who have spotted this campaign, the actors used the seemingly legitimate `windows-upgraded.com` domain for the malware distribution part of their campaign. The site appears like a genuine Microsoft site and, if the visitor clicked on the `Download Now` button, they received a 1.5 MB ZIP archive named `Windows11InstallationAssistant.zip,` fetched directly from a Discord CDN... Although the distribution site is down now, nothing stops the actors from setting up a new domain and restarting their campaign. In fact, this is very likely already happening in the wild.\n \n\n \n

HIDING WINDOWS 11`S TEAMS ICON DOESN`T JUST SAVE TASKBAR SPACE -- IT ALSO SAVES RAM
2022-02-01 22:30:00       Slashdot
An anonymous reader quotes a report from Ars Technica: Plenty of apps that you install on your computer have a setting that tells them to launch when you initially log in to save you the trouble of launching your most commonly used apps yourself. Leaving this setting on can also allow apps to check for updates or launch more quickly when you start them for the first time. The difference for some of the preinstalled Microsoft apps in Windows 10 and 11 is that they use some of these resources by default, whether you actually use the apps or not. Developer and IT admin Michael Niehaus drew attention to some of these apps in recent blog posts examining the resource usage of Windows 11`s widgets, Microsoft Teams, and Microsoft Edge in a fresh install of Windows 11 (the Edge observations apply to Windows 10, too). Both Widgets and Teams spawn a number of Microsoft Edge WebView2 processes in order to work-WebView2 is a way to use Edge and its rendering engine without launching Edge or using its user interface. Collectively, these processes use a few hundred megabytes of memory to work. The widget-related processes don`t start unless you actually click the widgets button, though they remain in the background afterward, even if you`re not actively viewing your widgets. But the Teams processes all launch automatically, whether you actually use Teams or not. Uninstalling Teams will prevent this from happening, but Niehaus points out that simply removing the Teams icon from Windows 11`s Taskbar in the Taskbar settings is enough to keep these WebView2 processes from launching when you log in. Ars Technica`s Andrew Cunningham also recommends disabling System Boost in the Edge settings if you don`t use it as your default browser. Otherwise, it too will use a couple hundred megabytes of memory.\n \n\n \n

MICROSOFT MOVES MORE SETTINGS AWAY FROM THE CONTROL PANEL ON WINDOWS 11
2021-12-17 09:41:00       Slashdot
An anonymous reader shares a report: Microsoft started shifting options from the Control Panel to the Settings app in Windows 8. The company has gradually moved settings away from the Control Panel since then. Quite a few options migrated over with the rollout of Windows 11, but a recent Insider build of Windows 11 moved a small handful of settings to the Settings app. Microsoft outlined the changes in the release notes of Windows 11 build 22509, which came out on December 1, 2021. The moves garnered attention from several outlets over the last week: 1. We have moved the advanced sharing settings (such as Network discovery, File and printer sharing, and public folder sharing) to a new page in Settings app under Advanced Network Settings. 2. We`ve made some updates to the device specific pages under Printers and amp; Scanners in Settings to show more information about your printer or scanner directly in Settings when available. 3. Some of the entry points for network and devices settings in Control Panel will now redirect to the corresponding pages in Settings.\n \n\n \n

FIREFOX FIXES PASSWORD LEAK VIA WINDOWS CLOUD CLIPBOARD FEATURE
2021-12-16 16:25:00       Slashdot
Mozilla has fixed an issue in its Firefox browser where usernames and passwords were being recorded in the Windows Cloud Clipboard feature, in what the organization categorized as a severe security risk that could have exposed credentials to non-owners whenever users copied or cut a password. From a report: The issue was fixed in Firefox 94, released last month, but was detailed in more depth this week by Mozilla developers. At its core, the bug is related to Windows Cloud Clipboard, a feature added to Windows 10 in September 2018 (v1809 release), a feature that allows users to sync their local clipboard history to their Microsoft accounts. The feature is disabled by default, but once enabled, it allows users to access the cloud clipboard section by pressing the Windows+V shortcut. This grants users access to clipboard data from all devices, but the feature is also used for its clipboard history capabilities, allowing users to go through past items they copied or cut and re-paste the same data in new contexts, making it extremely useful for most IT workers. In a blog post on Wednesday, Mozilla said that they have now modified the Firefox browser so that usernames and passwords copied from the browser`s password section (about:logins) won`t be stored in the Windows Cloud Clipboard feature, but instead will be stored only locally, in a separate clipboard section.\n \n\n \n

MICROSOFT TO MAKE WINDOWS TERMINAL THE DEFAULT WINDOWS 11 COMMAND LINE EXPERIENCE
2021-12-15 11:02:00       Slashdot
Microsoft is planning to make its Windows Terminal the default command line experience in Windows 11 next year. From a report: While Windows 11 currently supports setting Windows Terminal as default, the default terminal emulator has always been the Windows Console Host. Microsoft hasn`t ever officially supported replacing this console host, meaning that command prompt and PowerShell always open in Windows Console Host. `Over the course of 2022, we are planning to make Windows Terminal the default experience on Windows 11 devices,` explains Kayla Cinnamon, a program manager for Windows Terminal at Microsoft. `We will start with the Windows Insider Program and start moving through rings until we reach everyone on Windows 11.`\n \n\n \n

MOZILLA PATCHES HIGH-SEVERITY VULNERABILITIES IN FIREFOX, THUNDERBIRD
2021-12-09 09:45:45       Security Week
Mozilla this week released security updates for the Firefox browser and Thunderbird mail client to address multiple vulnerabilities, including several bugs rated high severity .

MICROSOFT BACKTRACKS ON WINDOWS 11`S CONTROVERSIAL DEFAULT BROWSER CHANGES
2021-12-03 10:21:00       Slashdot
Microsoft is backtracking on changes it made to Windows 11 that made it more difficult to switch default browsers. From a report: A new test build of Windows 11 now allows users of Chrome, Firefox, and other browsers to set a default browser with a single button, which is a far simpler process. Rafael Rivera, developer of the excellent EarTrumpet Windows app, discovered the new Windows 11 changes earlier this week. Instead of having to change individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, Windows 11 now offers a simple button that lets people switch default browsers in a similar way to Windows 10. Microsoft has confirmed the changes are intentional and are currently being tested. `In the Windows 11 Insider Preview Build 22509 released to the Dev Channel on Wednesday, we streamlined the ability for a Windows Insider to set the `default browser` to apps that register for HTTP:, HTTPS:, .HTM, and .HTML,` explains Aaron Woodman, vice president of Windows marketing, in a statement to The Verge. `Through the Windows Insider Program you will continue to see us try new things based on customer feedback and testing.`\n \n\n \n

MICROSOFT`S NEW WINDOWS PROMPTS TRY TO STOP PEOPLE DOWNLOADING CHROME
2021-12-02 09:41:00       Slashdot
Microsoft has never been a fan of Windows users downloading Chrome instead of using Edge, but the company has now stepped up its campaign to keep people using its built-in browser. From a report: Windows 10 and Windows 11 have both started displaying new prompts when people navigate to the Chrome download page, in an effort to discourage people from installing Google`s rival browser. These new prompts, spotted by Neowin, include messages like: `Microsoft Edge runs on the same technology as Chrome, with the added trust of Microsoft.` `That browser is so 2008! Do you know what`s new? Microsoft Edge.` ``I hate saving money,` said no one ever. Microsoft Edge is the best browser for online shopping.`\n \n\n \n

NEW WINDOWS ZERO-DAY WITH PUBLIC EXPLOIT LETS YOU BECOME AN ADMIN
2021-11-23 19:45:00       Slashdot
A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. BleepingComputer reports: As part of the November 2021 Patch Tuesday, Microsoft fixed a `Windows Installer Elevation of Privilege Vulnerability` vulnerability tracked as CVE-2021-41379. This vulnerability was discovered by security researcher Abdelhamid Naceri, who found a bypass to the patch and a more powerful new zero-day privilege elevation vulnerability after examining Microsoft`s fix. Yesterday, Naceri published a working proof-of-concept exploit for the new zero-day on GitHub, explaining that it works on all supported versions of Windows. `This variant was discovered during the analysis of CVE-2021-41379 patch. the bug was not fixed correctly, however, instead of dropping the bypass,` explains Naceri in his writeup. `I have chosen to actually drop this variant as it is more powerful than the original one.` Furthermore, Naceri explained that while it is possible to configure group policies to prevent `Standard` users from performing MSI installer operations, his zero-day bypasses this policy and will work anyway. BleepingComputer tested Naceri`s `InstallerFileTakeOver` exploit, and it only took a few seconds to gain SYSTEM privileges from a test account with `Standard` privileges, as demonstrated in [this video]. When BleepingComputer asked Naceri why he publicly disclosed the zero-day vulnerability, we were told he did it out of frustration over Microsoft`s decreasing payouts in their bug bounty program. A Microsoft spokesperson said in a statement: `We are aware of the disclosure and will do what is necessary to keep our customers safe and protected. An attacker using the methods described must already have access and the ability to run code on a target victim`s machine.` Naceri recommends users wait for Microsoft to release a security patch, as attempting to patch the binary will likely break the installer.\n \n\n \n

IS MICROSOFT STEALING PEOPLE`S BOOKMARKS?
2021-11-17 15:05:00       Slashdot
Z00L00K writes: From Schneier on Security I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it`s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it? (Not that `user error` is a good justification. Any system where making a simple mistake means that you`ve forever lost your privacy isn`t a good one. We see this same situation with sharing contact lists with apps on smartphones. Apps will repeatedly ask, and only need you to accidentally click `okay` once.) EDITED TO ADD: It`s actually worse than I thought. Edge urges users to store passwords, ID numbers, and even passport numbers, all of which get uploaded to Microsoft by default when synch is enabled. Also from one comment:Ted November 17, 2021 8:29 AM It looks like Microsoft released some documentation on `Microsoft Edge -- Policies` for Enterprise on 11-9-21. It is only a 472 minute read, but there is some info on Forced Synching, for example: ForceSync Force synchronization of browser data and do not show the sync consent prompt https://docs.microsoft.com/en-...\n \n\n \n

MICROSOFT WILL CONTINUE SUPPORTING WINDOWS 10 WITH YEARLY FEATURE UPDATES
2021-11-16 20:25:00       Slashdot
Along with the release of Windows 10`s November 2021 update, Microsoft announced that it will no longer provide Windows 10 updates twice per year. Instead, it`s switching to a once-per-year schedule. As Ars Technica notes, `This is meant to sync Windows 10`s update schedule with Windows 11`s, which is also going to receive major feature updates once per year.` From the report: Microsoft hasn`t committed to the number of yearly updates it will provide for Windows 10, but the company will support `at least one version` of the OS until update support ends in October of 2025. Microsoft is promising 18 months of support for Windows 10 21H2, so it seems safe to assume that we`ll at least see 22H2 and 23H2 releases for Windows 10. For businesses using Windows 10 Enterprise, version 21H2 is also a Long-Term Servicing Channel (LTSC) update and will receive update support for five years instead of 18 months. While more Windows 10 updates will be welcome news for anyone who isn`t ready to move to Windows 11 or whose hardware doesn`t support the new OS, it`s not clear what `feature updates` will entail for an operating system that has been replaced.\n \n\n \n