Security News

Microsoft disables telemetry in Windows 11 Subsystem for Android by default
2022-05-20 18:20

Microsoft has updated the Windows Subsystem for Android in Windows 11 to make telemetry collection optional and announced an upgrade to Android 12.1. "To help us make Windows Subsystem for Android better and provide useful telemetry about Android app usage, please enable this setting in the Windows Subsystem for Android Settings app!".

Emergency Windows 10 updates fix Microsoft Store app issues
2022-05-20 15:21

Microsoft has released out-of-band updates on Thursday evening to address a newly acknowledged issue impacting Microsoft Store apps. This known issue affects devices running Windows 10 where users have installed the KB5011831 optional preview cumulative update or other updates released since April 25th. "After installing KB5011831 or later updates, you might receive an error code: 0xC002001B when attempting to install from the Microsoft Store," Microsoft explained on the Windows health dashboard.

Microsoft patches the patch that broke Windows authentication
2022-05-20 13:00

Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update. Multiple administrators complained last week that after installing the May 10 patch, they experienced authentication failures across several systems.

Microsoft Bing censors politically sensitive Chinese terms
2022-05-20 10:37

Microsoft search engine Bing censors terms deemed sensitive in China from its autosuggestion feature internationally, according to research from Citizen Lab. The University of Toronto research organization analyzed the search engine's autosuggestion system for censorship of nearly 100,000 names in the United States, Canada and China in both English letters and Chinese characters.

Microsoft emergency updates fix Windows AD authentication issues
2022-05-19 21:41

Microsoft has released emergency out-of-band updates to address Active Directory authentication issues after installing Windows Updates issued during the May 2022 Patch Tuesday on domain controllers. "After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server, Routing and Remote access Service, Radius, Extensible Authentication Protocol, and Protected Extensible Authentication Protocol," Microsoft explained.

Microsoft detects massive surge in Linux XorDDoS malware activity
2022-05-19 17:45

A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today. XorDDoS is known for targeting a multitude of Linux system architectures, from ARM to x64, and compromising vulnerable ones in SSH brute-force attacks.

Microsoft Teams, Windows 11 hacked on first day of Pwn2Own
2022-05-19 11:39

During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform. The first to fall was Microsoft Teams in the enterprise communications category after Hector Peralta exploited an improper configuration flaw.

Microsoft releases first ISO image for new Windows 11 Dev builds
2022-05-18 22:27

Microsoft has released the first ISO image for the new Windows 11 Preview builds in the Dev channel, allowing Windows Insiders to perform clean installs of the operating system. Last week, Microsoft again started offering different Windows 11 builds in the 'Dev' and 'Beta' channels, with the beta channel receiving Windows 11 build 22621 and the Dev channel receiving Windows 11 build 25115.

Microsoft warns of brute-force attacks targeting MSSQL servers
2022-05-18 13:27

Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server database servers using weak passwords. Similar attacks against MSSQL servers were reported in March when they were targeted to deploy Gh0stCringe remote access trojans.

Microsoft warns partners to revoke unused authorizations that drive your software
2022-05-18 09:45

Microsoft has advised its reseller community it needs to pay attention to the debut of improve security tooling aimed at making it harder for attackers to worm their way into your systems through partners. Microsoft reckons that users with regulatory requirements to only offer outsiders least-privileged access will appreciate GDAP. GDAP will become generally available "By early June 2022" according to a Microsoft notice for partners.