Security News

A months-long global operation led by Microsoft's Digital Crimes Unit has taken down dozens of domains used as command-and-control servers by the notorious ZLoader botnet. The court order obtained by Microsoft allowed it to sinkhole 65 hardcoded domains used by the ZLoader cybercrime gang to control the botnet and another 319 domains registered using the domain generation algorithm used to create fallback and backup communication channels.

Microsoft's massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed. While its severity score didn't rank as high as some on today's list - it received a 7.8 CVSS score aka "Important" - Microsoft stated its attack complexity low.

The updates are in addition to 26 other flaws resolved by Microsoft in its Chromium-based Edge browser since the start of the month. The actively exploited flaw relates to an elevation of privilege vulnerability in the Windows Common Log File System.

Microsoft says Windows admins can now opt into automatic updates for. NET 6.0 to the Automatic Updates channel as a third option on top of Windows Server Update Services and Microsoft Update Catalog.

Microsoft has released patches for 128 security vulnerabilities for its April 2022 monthly scheduled update - ten of them rated critical. It's listed as a "Windows Common Log File System Driver Execution Vulnerability," and was reported to Microsoft by the National Security Agency.

On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild and another for which there's already a PoC and a Metasploit module. CVE-2022-24521 is a vulnerability in the Windows Common Log File System Driver that was reported to Microsoft by the National Security Agency and Adam Podlosky and Amir Bazine of Crowdstrike.

Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws. [...]

Microsoft has discovered a new malware used by the Chinese-backed Hafnium hacking group to maintain persistence on compromised Windows systems by creating and hiding scheduled tasks. "Further investigation reveals forensic artifacts of the usage of Impacket tooling for lateral movement and execution and the discovery of a defense evasion malware called Tarrask that creates 'hidden' scheduled tasks, and subsequent actions to remove the task attributes, to conceal the scheduled tasks from traditional means of identification."

In a blog post outlining the actions, Microsoft reported attackers used the domains to target Ukrainian media organizations, government institutions and foreign policy think tanks based in the U.S. and Europe. "We obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks," said Tom Burt, corporate vice president of Customer Security and Trust at Microsoft.

If you are waiting for Windows 11 side-taskbar support before upgrading to the latest operating system, you may be waiting for a long time, according to a recent Microsoft Ask Me Anything session. When Windows was first released, the most controversial changes were the new centered Start Menu and the reduced functionality of the Windows taskbar.