Security News

Microsoft has confirmed that Windows Update won't offer optional updates in December, with the software giant only focusing on security updates due to the holiday season. That means Windows 10 and all supported versions of Windows 11, including Server versions, and even Windows 8, won't get additional updates this month.

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP!An unauthenticated remote code execution flaw is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller deployments, the US National Security Agency has warned. Microsoft fixes exploited zero-day, revokes certificate used to sign malicious driversIt's December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw exploited by attackers to deliver a variety of malware.

Microsoft says that Windows 10 updates released in late September are causing Windows taskbar flicker issues and app instability. "After installing updates released September 20, 2022 or later, taskbar elements might flicker and cause system instability," Microsoft said in a new issue added to the Windows health dashboard on Friday.

Microsoft announced today that a future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February."The out-of-support Internet Explorer 11 desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated," Redmond said on Friday.

A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers. "Our analysis of the DDoS botnet revealed functionalities specifically designed to target private Minecraft Java servers using crafted packets, most likely as a service sold on forums or darknet sites," explains the new report by Microsoft.

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts.

In August 2022, the commissioner sent Transparency Requests requiring seven service providers - Apple, Meta, WhatsApp, Microsoft, Snap, Skype, and anonymous chat service Omegle - to explain the tools, policies and processes they use to address child sexual exploitation and abuse material and actions. Among the findings assessing the orgs' responses, the commissioner found Microsoft isn't using the PhotoDNA image-detection technology it helped to develop and promotes as a tool "To stop the spread of online child sexual abuse photos."

Microsoft has addressed a known issue that made parts of the Task Manager unreadable after installing the KB5020044 November preview update on Windows 11 22H2 systems. As Redmond explained when confirming the issue two weeks ago, affected users see some user interface elements of the Task Manager displayed using unexpected colors that make them unreadable.

Microsoft has removed a compatibility hold after fixing lower-than-expected performance or stuttering in some games affecting some Windows 11, version 22H2 systems. Compatibility holds are added by Redmond based on diagnostic data and known issues to block Windows upgrades on affected devices.

Microsoft now has an advisory out that's blaming rogue partners. The problem with certified kernel drivers, of course, is because they have to be signed by Microsoft, and because driver signing is compulsory on Windows, it means that if you can get your kernel driver signed, you don't need hacks or vulnerabilities or exploits to be able to load one as part of a cyberattack.