Security News > 2022 > February

Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022. The shortcoming, tracked CVE-2022-0609, is described as a use-after-free vulnerability in the Animation component that, if successfully exploited, could lead to corruption of valid data and the execution of arbitrary code on affected systems.

Microsoft has released the optional KB5010414 cumulative update preview for Windows 11, with highly anticipated taskbar enhancements and fixes for 19 issues, including printing and driver problems. The cumulative update preview is part of Microsoft's scheduled February 2022 monthly "C" updates, making it possible for Windows 11 users to test the upcoming fixes released on March 8th as part of next month's Patch Tuesday.

Microsoft has released the optional KB5010415 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. This update includes a wide variety of bug fixes, including those for Microsoft Edge's Internet Explorer mode, printing, memory leaks, and more. The KB5010415 cumulative update preview is part of Microsoft's January 2022 monthly "C" update, allowing admins to test upcoming fixes to be released in the March 2022 Patch Tuesday.

The websites of the Ukrainian military and at least two of the nation's biggest banks were knocked offline in a cyberattack today. On social media, it reported "Technical works on restoration of regular functioning" are underway after it was "Probably attacked by DDoS: an excessive number of requests per second was recorded." Other military sites are also apparently suffering outages.

A distributed denial-of-service cyber-attack today took down Ukrainian defense military websites - and at least two of the nation's biggest banks were knocked offline, too. Ukraine's Ministry of Defense website is still unavailable at time of publication.

In the past few days, both Apple and Adobe have published software updates to close off zero-day security holes that were already being exploited by attackers. In other words, now matter how quickly you update against a zero-day once the patch is announced, you know that someone - and you have to hope that it wasn't you! - has already been attacked and pwned, even if they're accustomed to patching promptly themselves.

The Ukrainian Ministry of Defense, whose site has been taken down following the attacks, said that its "Website was probably attacked by DDoS: an excessive number of requests per second was recorded." "Starting from the afternoon of February 15, 2022, there is a powerful DDOS attack on a number of information resources of Ukraine," Ukraine's State Service for Special Communication and Information Protection added.

The Ukrainian Ministry of Defense, whose site has been taken down following the attacks, said that its "Website was probably attacked by DDoS: an excessive number of requests per second was recorded. Technical works on restoration of regular functioning are carried out." While the Ukrainian defense ministry site has been knocked out, Oschadbank's website is still accessible although customers cannot log in to their online banking accounts.

Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that's actively being jumped on by attackers in the wild. To fix the Animation problem, along with 10 other security issues, Google released Chrome 98.0.4758.102 for Windows, Mac, and Linux, due to roll out over coming days or weeks.

The public preview for the Android apps for Windows 11 is now live in the US, allowing users to run Android apps natively on the Windows desktop. The feature relies on a new platform called Windows Subsystem for Android that runs Android apps in a virtual machine to provide compatibility with the Android Open Source Project and hardware input devices.