Security News

Microsoft has yanked the Windows Server updates it issued on Patch Tuesday after admins found that the updates had critical bugs that break three things: They trigger spontaneous boot loops on Windows servers that act as domain controllers, break Hyper-V and render ReFS volume systems unavailable. The shattering of Windows was first reported by BornCity on Tuesday, as in, on the same day that Microsoft released a mega-dump of 97 security updates in its January 2022 Patch Tuesday update.

Microsoft has pulled the January Windows Server cumulative updates after critical bugs caused domain controllers to reboot, Hyper-V to not work, and ReFS volume systems to become unavailable. Tuesday, Microsoft released the January 2022 Patch Tuesday updates for Windows Server that includes numerous security updates and bug fixes.

Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there. Like any antivirus solution, Microsoft Defender lets users add locations on their systems that should be excluded from malware scans.

Microsoft is now rolling out redesigned hardware indicator flyouts that align with Windows 11's design to all Windows Insiders in the Dev Channel. "We have updated the flyout design for the hardware indicators for brightness, volume, camera privacy, camera on/off and airplane mode, to align with Windows 11 design principles," Microsoft's Amanda Langowski and Brandon LeBlanc said.

For its first Patch Tuesday of 2022, Redmond has bestowed 96 new CVEs affecting its Windows products. If you include 24 Chromium CVEs published earlier this month and now addressed in Microsoft's Edge browser, in addition to two CVEs in open source projects, you get 122 fixes that need to be applied.

Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022. The bug, tracked as CVE-2022-21907 and patched during this month's Patch Tuesday, was discovered in the HTTP Protocol Stack used as a protocol listener for processing HTTP requests by the Windows Internet Information Services web server.

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update - nine of them rated critical - including six that are listed as publicly known zero-days.The fixes cover a swath of the computing giant's portfolio, including: Microsoft Windows and Windows Components, Microsoft Edge, Exchange Server, Microsoft Office and Office Components, SharePoint Server,.

The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server. Among the publicly known flaws are a "Critical" RCE in curl and "Important" RCE in libarchive open source libraries, which have now been "Fixed" in Windows 10, 11 and Server with the inclusion of the most recent versions of the libraries.

During this year's first Patch Tuesday, Microsoft has addressed a critical severity Office vulnerability that can let attackers execute malicious code remotely on vulnerable systems. The security flaw, tracked as CVE-2022-21840, is a remote code execution bug that attackers can exploit with no privileges on the targeted devices as part of low complexity attacks that require user interaction.

Today is Microsoft's January 2022 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 97 flaws. [...]