Security News

Critical Microsoft vulnerabilities decreased 47% in 2021.Overall vulnerabilities across all Microsoft products decreased five percent in 2021, according to the annual BeyondTrust Microsoft Vulnerabilities 2022 report.

Microsoft's Windows Hardware Compatibility Program has confirmed that Windows 11 22H2 build 22621 is the Released to Manufacturing build, meaning that the development of Window's 11 next feature update is ready for release. Microsoft confirmed the build in a new post by the Windows Hardware Compatibility Program, listing new policies and development kits for hardware developers creating drivers for Windows 11 22H2. This blog post lists the requirements and timeline for when developers can start submitting new drivers for Windows 11 22H2. As part of this information, Microsoft states that the minimum acceptable build for Windows 11 22H2 is the RTM build, 22621.

Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. Attackers can launch this attack using the KrbRelayUp tool developed by security researcher Mor Davidovich as an open-source wrapper for Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn privilege escalation tools.

Microsoft Defender vs Trellix: EDR software comparison We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. Microsoft Defender for Endpoint is an endpoint security tool that provides threat alerts and attack mitigation for phishing, malware and ransomware.

Microsoft has announced that Windows Subsystem for Linux distros are now supported on Windows Server 2022 after installing this week's cumulative update previews. To install the Windows Server 2022 KB5014021 update, you must go to Settings > Windows Update and manually 'Check for updates.

Microsoft has improved the account settings in the latest Windows 11 preview build, a settings page that now lists Office subscriptions linked to the user's Microsoft 365 account. The Windows Insider team started rolling out a new 'Your Microsoft account' settings page within Windows 11's Settings in October 2021.

Figures from the National Vulnerability Database of the US National Institute of Standards and Technology show last year broke all records for security vulnerabilities. Just 1,212 vulnerabilities were reported in Microsoft products last year, said BeyondTrust, a 5 percent drop on the previous year.

BeyondTrust announced the release of a report which includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a six-year trend analysis, providing a holistic understanding of the evolving threat landscape. Microsoft groups vulnerabilities that apply to one or more of their products into the following main categories: Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Tampering, Information Disclosure, Denial of Service, and Spoofing.

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. "Tracker Radar automatically blocks hidden third-party trackers we can find lurking on websites you visit in DuckDuckGo, which stops the companies behind those trackers from collecting and selling your data," explains the Apple App Store page for the DuckDuckGo Privacy Browser.

Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. Last year, Malwarebytes disclosed a campaign wherein malicious actors were observed delivering PHP-based web shells embedded within website favicons to load the skimmer code.