Security News

If you are waiting for Windows 11 side-taskbar support before upgrading to the latest operating system, you may be waiting for a long time, according to a recent Microsoft Ask Me Anything session. When Windows was first released, the most controversial changes were the new centered Start Menu and the reduced functionality of the Windows taskbar.

Microsoft last week announced that it intends to make generally available a feature called Autopatch as part of Windows Enterprise E3 in July 2022."This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost," said Lior Bela, senior product marketing manager at Microsoft, in a post last week.

Microsoft has tweaked the Microsoft Edge sleeping tabs feature to improve the web browser's overall responsiveness and performance. "Beginning in Microsoft Edge 100, we've updated sleeping tabs to enable pages that are sharing a browsing instance with another page to now go to sleep," the Microsoft Edge Team said earlier this week.

Microsoft on Thursday disclosed that it obtained a court order to take control of seven domains used by APT28, a state-sponsored group operated by Russia's military intelligence service, with the goal of neutralizing its attacks on Ukraine. "We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable victim notifications," Tom Burt, Microsoft's corporate vice president of customer security and trust, said.

Microsoft announced that Windows Autopatch, a service designed to automatically keep Windows and Office software up to date, will be released in July 2022. Windows Autopatch is a new managed service offered for free to all Microsoft customers who already have a Windows 10/11 Enterprise E3 or above license.

The seizure is also part of a long-running legal and technical hunt by Microsoft to disrupt the work of Strontium - aka APT28 and FancyBear, among other names - via an expedited court process that enables the company to quickly get judicial approval for such actions, according to Tom Burt, corporate vice president of customer security and trust at Microsoft. Before the latest seizures, Microsoft had used this process 15 times to take over more than 100 domains controlled by Strontium, which is thought to be run by the GRU, Russia's foreign military intelligence agency.

Microsoft has reminded customers today that multiple editions of Windows 10 20H2 and Windows 10 1909 are reaching the end of service on May 10, 2022. In a support document, Microsoft says that Windows 10 20H2 will reach EOS for Windows 10 Home, Pro, Pro Education, and Pro for Workstations users.

Microsoft has successfully disrupted attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking down seven domains used as attack infrastructure. Strontium, linked to Russia's military intelligence service GRU, used these domains to target multiple Ukrainian institutions, including media organizations.

While there are some malicious drivers that are deliberately crafted to compromise PCs, the most problems come from a small number of legitimate drivers with accidental flaws in, said David Weston, VP of Enterprise and OS Security at Microsoft. "Think about some of the driver cases recently where a certificate leaked from a giant vendor. If we revoke that, everyone's devices may stop working. We need more of a precision mechanism to do blocking while we work towards the longer approach of revocation. The Vulnerable Driver Block List allows the user to do that with a very precise list that Microsoft has validated. We look at things like how many devices would stop working? Have we worked with a vendor to have a fix? We think the list is a good balance for folks who want security, but also want the confidence that Microsoft has done the telemetry and analysis."

NET Framework versions signed using the insecure Secure Hash Algorithm 1 will reach their end of life this month. NET. "On April 26, 2022, the.NET Framework 4.5.2, 4.6, and 4.6.1 will reach end of support, and after this date, Microsoft will no longer provide updates including security fixes and technical support for these versions," Microsoft said in a Windows message center update.