Security News

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. Microsoft said attackers have seized upon CVE-2021-36948, which is a weakness in the Windows Update Medic service.

Microsoft's August 2021 Patch Tuesday is pretty lightweight, through it covers a wide variety of Microsoft solutions. 44 CVE-numbered security holes have been plugged, seven of which are critical, and one is actively exploited.

Now is the winter of our discontent made glorious summer by the fact that it's August and Patch Tuesday brings word of only 44 vulnerabilities in Microsoft's software. There's a bit of selective counting here however, given that Microsoft has been patching Edge's Chromium bugs separately.

The zero-day attacks against Microsoft's software products continue to pile up with a new warning from Redmond about a zero-day attack hitting a security defect in the Windows Update Medic Service. The Windows Update Medic Service is used to repair Windows Update components from damage so that Windows machines can continue to receive software updates.

Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches. Microsoft has fixed 44 vulnerabilities with today's update, with seven classified as Critical and 37 as Important.

After weeks of struggling to properly resolve security defects in the Windows Print Spooler utility, Microsoft is making a major default change to the way Windows interacts with the problematic Point and Print driver. This move is meant to be a more comprehensive fix for dangerous security flaws publicly known as PrintNightmare that expose users to remote code execution and privilege escalation attacks.

Microsoft has fixed the PrintNightmare vulnerability in the Windows Print Spooler by requiring users to have administrative privileges when using the Point and Print feature to install printer drivers. In June, a security researcher accidentally disclosed a zero-day Windows print spooler vulnerability dubbed PrintNightmare.

McAfee announced that MVISION Cloud, part of its secure access service edge offering - MVISION Unified Cloud Edge, now provides enhanced security coverage for Microsoft Dynamics 365, a line of enterprise resource planning and customer relationship management software applications. MVISION Cloud for Dynamics 365 provides an advanced set of security tools that are delivered via API, enabling holistic security controls across Dynamics 365.

Microsoft says that the Azure Sentinel cloud-native SIEM platform is now able to detect potential ransomware activity using the Fusion machine learning model. Microsoft announced today that its cloud-based SIEM now supports Fusion detections for possible ransomware attacks and triggers high severity Multiple alerts possibly related to Ransomware activity detected incidents.

This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard. Researchers at the security consultancy Dolos...