Security News

During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform. The first to fall was Microsoft Teams in the enterprise communications category after Hector Peralta exploited an improper configuration flaw.

Microsoft has released the first ISO image for the new Windows 11 Preview builds in the Dev channel, allowing Windows Insiders to perform clean installs of the operating system. Last week, Microsoft again started offering different Windows 11 builds in the 'Dev' and 'Beta' channels, with the beta channel receiving Windows 11 build 22621 and the Dev channel receiving Windows 11 build 25115.

Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server database servers using weak passwords. Similar attacks against MSSQL servers were reported in March when they were targeted to deploy Gh0stCringe remote access trojans.

Microsoft has advised its reseller community it needs to pay attention to the debut of improve security tooling aimed at making it harder for attackers to worm their way into your systems through partners. Microsoft reckons that users with regulatory requirements to only offer outsiders least-privileged access will appreciate GDAP. GDAP will become generally available "By early June 2022" according to a Microsoft notice for partners.

Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. "Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets," Berman Enconado and Laurie Kirk of the Microsoft 365 Defender Research Team said in a new report.

Microsoft has reminded customers today that Windows Server, version 20H2, will be reaching the end of service on August 9, 2022. In a support document published today, Microsoft says that Windows Server 20H2 will reach the mainstream support end date for Datacenter Core and Standard Core users.

Microsoft says Defender for Endpoint now comes with a new 'troubleshooting mode' that will help Windows admins test Defender Antivirus performance and run compatibility scenarios without getting blocked by tamper protection. The new mode is available in public preview and it enables admins to disable or change the tamper protection setting while diagnosing false-positive application blocks or performing performance troubleshooting.

In user tests of endpoint detection and response tools, CrowdStrike is generally considered to be easier to use and deploy than Microsoft Defender for Endpoint; however, Microsoft Defender is easily integrated into an existing Microsoft technology stack. Not only does Microsoft Defender fold neatly into the already existing Microsoft technology stack, but it provides best-in-class security alerting and attack mitigation.

Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. "After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server, Routing and Remote access Service, Radius, Extensible Authentication Protocol, and Protected Extensible Authentication Protocol," Microsoft reported.

Windows admins have been expressing their dismay at Microsoft's decision to move the Quick Assist remote assistance tool to the Microsoft Store. Quick Assist allows Windows 10 and Windows 11 users to receive or give assistance to other Windows users by taking control of their computer remotely, as we reported four years ago.