Security News

Redmond shared a technical incident response write-up on Saturday - titled "Windows Security best practices for integrating and managing security tools" - in which veep for enterprise and OS security David Weston explained how Microsoft measured the impact of the disaster: By accessing crash reports shared by customers. Weston's post justifies how Windows performed, on the grounds that kernel-level drivers - like those employed by CrowdStrike - can improve performance and prevent tampering with security software.

Microsoft has admitted that its estimate of 8.5 million machines crashed by CrowdStrike's faulty software update was almost certainly too low, and vowed to reduce infosec vendors' reliance on the kernel drivers at the heart of the issue. Redmond posted an incident response blog on Saturday - titled "Windows Security best practices for integrating and managing security tools" - in which veep for enterprise and OS security David Weston explained how Microsoft measured the impact of the incident: by accessing crash reports shared by customers.

Did the EU force Microsoft to let third parties like CrowdStrike run riot in the Windows kernel as a result of a 2009 undertaking? This is the implication being peddled by the Redmond-based cloud and software titan. As the tech industry deals with the fallout from the CrowdStrike incident, Microsoft is facing questions.

CrowdStrike's now-infamous Falcon Sensor software, which last week led to widespread outages of Windows-powered computers, has also caused crashes of Linux machines. A second issue titled "System crashed at cshook network ops inet6 sockraw release+0x171a9" advised users "For assistance with troubleshooting potential issues with the falcon lsm serviceable kernel module provided from the CrowdStrike Falcon Sensor/Agent security software suite." Red Hat also advised that "Disabling the CrowdStrike Falcon Sensor/Agent software suite will mitigate the crashes and provide temporary stability to the system in question while the issue is investigated." The issue was "Observed but not limited to release 6 and 7.".

Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer, according to new findings from ESET. The installer "Deploys a driver capable of injecting code into remote processes, and two libraries capable of intercepting and tampering with browsers' network traffic," ESET researcher Romain Dumont said in a technical analysis published today.

Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild. The security issue is tracked as CVE-2024-4610 and is a use-after-free vulnerability that impacts all versions of Bifrost and Valhall drivers from r34p0 through r40p0.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence...

Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the...

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "Holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem. Avast claims Lazarus Group used the vulnerability to obtain read/write primitive on the Windows kernel and install their FudModule rootkit, but Microsoft's opinion on the severity of admin-to-kernel exploits meant it didn't prioritize the matter, waiting until February's patch Tuesday to fix the issue, which it tagged as CVE-2024-21338, with a CVSS score of 8/10. "Some Windows components and configurations are explicitly not intended to provide a robust security boundary," Microsoft states on its Security Servicing criteria page.