Security News

Microsoft has confirmed a new known issue impacting Windows 11 customers and triggering to blue screens of death on affected systems. The new issue is caused by compatibility issues between Intel Smart Sound Technology audio drivers and Windows 11, version 21H2. Intel SST is an integrated audio DSP that works with the latest Intel Core and Intel Atom processors to handle audio, voice, and speech interactions.

Certain Intel processors can be slipped into a test mode, granting access to low-level keys that can be used to, say, unlock encrypted data stored in a stolen laptop or some other device. This vulnerability, identified by Positive Technologies, a security firm just sanctioned by the US, affects various Intel Atom, Celeron, and Pentium chips that were made in the past few years.

A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content. "[The] hardware allows activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access," according to Intel's advisory, issued last week.

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device. The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component.

Researchers uncovered a vulnerability in Intel Processors that could affect laptops, cars and embedded systems. The flaw enables testing or debugging modes on multiple Intel processor lines, which could allow an unauthorized user with physical access to obtain enhanced privileges on the system.

AMD alone dropped 50 new CVEs on Thursday, 23 of them rated of "High" concern, meaning they're rated at between 7.0 and 8.9 on the the-point Common Vulnerability Scoring System. Let's start with the 27 flaws in the AMD Graphics Driver for Windows 10 - 18 of them rated High - because at least they're in software and Microsoft and Adobe's patch issuance cadence means readers could be in the mood to fix code.

New Zealand's Government Communications Security Bureau - the nation's signals intelligence and infosec agency - will retire its Waihopai satellite communications interception station because it's no longer needed. "The nature of telecommunications has changed, and other needs and capabilities have overtaken the sort of satellite communication interception that has been done at Waihopai," said Andrew Little, the minister responsible for the GCSB. "The GCSB's own statement on the matter reads"Changes in global telecommunications and information technology mean the interception of satellite communications from Waihopai has declined over the years to the point where dish use is now virtually obsolete.

The vulnerability was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense Technology in early May 2021, who used it to stage a confidential data disclosure attack called "SmashEx" that can corrupt private data housed in the enclave and break its integrity. Introduced with Intel's Skylake processors, SGX allows developers to run selected application modules in a completely isolated secure compartment of memory, called an enclave or a Trusted Execution Environment, which is designed to be protected from processes running at higher privilege levels like the operating system.

Right after officially releasing Windows 11, Microsoft has added three know issues to the Windows 11 12H2 release health dashboard. Microsoft has released Windows 11 worldwide yesterday and is now rolling it out via Windows Update to new Windows 10 devices and those pre-loaded with Windows 11.

The U.S. government has entered a Deferred Prosecution Agreement with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government. "These services included the provision of support, direction and supervision in the creation of sophisticated"Zero-click" computer hacking and intelligence gathering systems - i.e., one that could compromise a device without any action by the target" - the U.S. Department of Justice.