Security News

Technology distributor SYNNEX has admitted that its systems and Microsoft accounts it tends have been attacked, after the National Committee of the US Republican Party named it as the source of a recent security incident. In response to the Bloomberg report, the RNC quickly named mega-distributor SYNNEX as the source of the breach, said no data was accessed, and that it has worked with Microsoft to get the situation is under control.

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

Microsoft late Tuesday pushed out an emergency patch to cover the Windows 'PrintNightmare' security flaw. The issue caused major headaches in security research circles because the exploit targets CVE-2021-1675, a vulnerability that was patched by Microsoft on June 8 and originally misdiagnosed as a low-risk privilege escalation issue.

Microsoft has released the KB5004945 emergency security update to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. Windows 7 SP1 and Windows Server 2008 R2 SP1. Windows Server 2008 SP2. Security updates have not yet been released for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012, but they will also be released soon, according to Microsoft.

Microsoft has released the KB5004945 emergency security update to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. Windows 7 SP1 and Windows Server 2008 R2 SP1. Windows Server 2008 SP2. Security updates have not yet been released for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012, but they will also be released soon, according to Microsoft.

Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability - known as "PrintNightmare" - that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems. "The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system," the CERT Coordination Center said of the issue.

Microsoft released the July 2021 non-security Microsoft Office updates with improvements and fixes for crashes and issues affecting Windows Installer editions of Office 2016 products. One week ago, Microsoft resolved issues and updated features for Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, and the subscription versions of the desktop apps for Project and Visio.

The Pentagon said Tuesday it is canceling a cloud-computing contract with Microsoft that could eventually have been worth $10 billion and will instead pursue a deal with both Microsoft and Amazon. "With the shifting technology environment, it has become clear that the JEDI Cloud contract, which has long been delayed, no longer meets the requirements to fill the DoD's capability gaps," the Pentagon said in a statement.

Microsoft is updating Microsoft Defender for Identity to allow security operations teams to block attacks by locking a compromised user's Active Directory account. Microsoft Defender for Identity is a cloud security service that leverages on-premises Active Directory signals to detect and analyze advanced threats, compromised identities, and malicious insider activity targeting enrolled organizations.

Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting. The issue, tracked as CVE-2021-26701, affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively.