Security News
In user tests of endpoint detection and response tools, CrowdStrike is generally considered to be easier to use and deploy than Microsoft Defender for Endpoint; however, Microsoft Defender is easily integrated into an existing Microsoft technology stack. Not only does Microsoft Defender fold neatly into the already existing Microsoft technology stack, but it provides best-in-class security alerting and attack mitigation.
Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. "After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server, Routing and Remote access Service, Radius, Extensible Authentication Protocol, and Protected Extensible Authentication Protocol," Microsoft reported.
Windows admins have been expressing their dismay at Microsoft's decision to move the Quick Assist remote assistance tool to the Microsoft Store. Quick Assist allows Windows 10 and Windows 11 users to receive or give assistance to other Windows users by taking control of their computer remotely, as we reported four years ago.
A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. While Microsoft did not share too many details about the bug, they stated that the fix affected the EFS API OpenEncryptedFileRaw(A/W) function, which indicated that this might be another unpatched vector for the PetitPotam attack.
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. "The new variant, which we call Sysrv-K, sports additional exploits and can gain control of web servers" by exploiting various vulnerabilities, the Microsoft Security Intelligence team said in a Twitter thread. "These vulnerabilities, which have all been addressed by security updates, include old vulnerabilities in WordPress plugins, as well as newer vulnerabilities like CVE-2022-22947."
Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. Microsoft says the known issue is only triggered after installing the updates on servers used as domain controllers.
Microsoft says multiple editions of Windows 10 20H2 and Windows 10 1909 have reached their end of service on this month's Patch Tuesday, on May 10, 2022. This announcement comes after multiple reminders, including those issued this year in February and April, prompting customers to upgrade since Windows 10 20H2 will reach EOS for Windows 10 Home, Pro, Pro Education, and Pro for Workstations users.
Microsoft has revealed 73 new patches for May's monthly update of security fixes, including a patch for one flaw-a zero-day Windows LSA Spoofing Vulnerability rated as "Important"-that is currently being exploited with man-in-the-middle attacks. The software giant's monthly update of patches that comes out every second Tuesday of the month-known as Patch Tuesday-also included fixes for seven "Critical" flaws, 65 others rated as "Important," and one rated as "Low."
Microsoft has addressed a known issue causing apps using Direct3D 9 to experience problems after installing April 2022 cumulative updates, including crashes and errors on systems using certain GPUs. The problems affect systems running Windows 11 and Windows 10, where users have installed the KB5012643 and KB5011831 optional preview cumulative updates.
Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography. The researchers observed IceApple being deployed after the threat actor obtains initial access to the network belonging to organizations in various activity sectors: technology, academic, and government.