Security News

Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. "Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets," Berman Enconado and Laurie Kirk of the Microsoft 365 Defender Research Team said in a new report.

Microsoft has reminded customers today that Windows Server, version 20H2, will be reaching the end of service on August 9, 2022. In a support document published today, Microsoft says that Windows Server 20H2 will reach the mainstream support end date for Datacenter Core and Standard Core users.

Microsoft says Defender for Endpoint now comes with a new 'troubleshooting mode' that will help Windows admins test Defender Antivirus performance and run compatibility scenarios without getting blocked by tamper protection. The new mode is available in public preview and it enables admins to disable or change the tamper protection setting while diagnosing false-positive application blocks or performing performance troubleshooting.

In user tests of endpoint detection and response tools, CrowdStrike is generally considered to be easier to use and deploy than Microsoft Defender for Endpoint; however, Microsoft Defender is easily integrated into an existing Microsoft technology stack. Not only does Microsoft Defender fold neatly into the already existing Microsoft technology stack, but it provides best-in-class security alerting and attack mitigation.

Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. "After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server, Routing and Remote access Service, Radius, Extensible Authentication Protocol, and Protected Extensible Authentication Protocol," Microsoft reported.

Windows admins have been expressing their dismay at Microsoft's decision to move the Quick Assist remote assistance tool to the Microsoft Store. Quick Assist allows Windows 10 and Windows 11 users to receive or give assistance to other Windows users by taking control of their computer remotely, as we reported four years ago.

A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. While Microsoft did not share too many details about the bug, they stated that the fix affected the EFS API OpenEncryptedFileRaw(A/W) function, which indicated that this might be another unpatched vector for the PetitPotam attack.

Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. "The new variant, which we call Sysrv-K, sports additional exploits and can gain control of web servers" by exploiting various vulnerabilities, the Microsoft Security Intelligence team said in a Twitter thread. "These vulnerabilities, which have all been addressed by security updates, include old vulnerabilities in WordPress plugins, as well as newer vulnerabilities like CVE-2022-22947."

Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. Microsoft says the known issue is only triggered after installing the updates on servers used as domain controllers.

Microsoft says multiple editions of Windows 10 20H2 and Windows 10 1909 have reached their end of service on this month's Patch Tuesday, on May 10, 2022. This announcement comes after multiple reminders, including those issued this year in February and April, prompting customers to upgrade since Windows 10 20H2 will reach EOS for Windows 10 Home, Pro, Pro Education, and Pro for Workstations users.