Security News

Microsoft says it has suspended several third-party developer accounts that submitted malicious Windows drivers for the IT giant to digitally sign so that the code could be used in cyberattacks. These moves come after eggheads at Google-owned Mandiant, SentinelOne, and Sophos told Microsoft in October that multiple cybercrime gangs were using malicious third-party-developed Microsoft-signed kernel-mode hardware drivers to help spread ransomware.

Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver payloads in Magniber ransomware attacks. The attackers used malicious standalone JavaScript files to exploit the CVE-2022-44698 zero-day to bypass Mark-of-the-Web security warnings displayed by Windows to alert users that files originating from the Internet should be treated with caution.

Multiple editions of Windows 10 21H1 have reached their end of service on this month's Patch Tuesday, as Microsoft reminded customers yesterday. Since Windows 10 21H1 will no longer receive security updates, customers are advised to upgrade to the latest release as soon as possible to avoid exposing their systems to attacks exploiting unpatched security vulnerabilities.

Microsoft has addressed an LSASS memory leak issue on some domain controllers that led to freezes and restarts after installing Windows Server updates released during last month's Patch Tuesday. LSASS enforces Windows security policies and handles user logins.

Microsoft on Tuesday disclosed it took steps to suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program were used to sign malware. One notable aspect of these attacks was that the adversary had already obtained administrative privileges on compromised systems before using the drivers.

Microsoft says Windows Server updates released during December's Patch Tuesday will trigger errors when trying to create new virtual machines on some Hyper-V hosts. [...]

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

For its final Patch Tuesday of the year, Microsoft fixed one bug that's already been exploited and another that's publicly known, bringing its total patched to 49 vulnerabilities, six of which are rated critical. "An attacker can craft a malicious file that would evade Mark of the Web defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging," Redmond explained in today's security update.

Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents. "Microsoft was informed that drivers certified by Microsoft's Windows Hardware Developer Program were being used maliciously in post-exploitation activity. In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers," explains the advisory from Microsoft.

It's December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw exploited by attackers to deliver a variety of malware. "A threat actor can craft a malicious file that would evade Mark of the Web defenses, resulting in a limited loss of integrity and availability of security features, which rely on MOTW tagging - for example, 'Protected View' in Microsoft Office. This zero-day has a moderate CVSS risk score of 5.4, because it only helps to avoid the Microsoft Defender SmartScreen defense mechanism, which has no RCE or DoS functionality."