Security News

Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords. First discovered by security researcher Oliver Hough, when the fake DirectX 12 installers are launched, they will quietly download malware from a remote site and execute it.

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm Cybereason said in an analysis summarizing its findings.

Microsoft has launched the first commercial preview releases for Microsoft Office Long Term Servicing Channel for Windows and Office 2021 for Mac. These are the next versions of non-subscription Office products and are made available only for commercial customers.

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero cryptocurrency mining bots. Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.

A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. "We're investigating a potential issue with Exchange Online mailflow in North America," Microsoft shared on the company's Microsoft 365 Status Twitter account.

A recent update to Microsoft's Sysinternals Autoruns program is causing the program to crash as its scans for autostarts in Windows. For those not familiar with Autoruns, it is a free utility from Microsoft that enumerates all the programs that automatically start on a Windows machine.

Microsoft has partially fixed a local privilege escalation vulnerability impacting all Windows 7 and Server 2008 R2 devices. Security researcher Clément Labro discovered that insecure permissions on the registry keys of the RpcEptMapper and DnsCache services enable attackers to trick the RPC Endpoint Mapper service to load malicious DLLs on Windows 7 and Windows Server 2008R2.

Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers. When users click on the ad, they are brought to a fake Microsoft Store page for a fake 'xChess 3' online chess application, which is automatically downloaded from an Amazon AWS server.

Microsoft is backporting their upcoming Windows 10 News and Interests taskbar feature to Windows 10 20H2 and Windows 10 21H1, allowing far more people to access the new feature. In January, Microsoft began testing a new taskbar news feed feature called 'News and Interests' that builds an interest profile for a user and displays stories based upon those interests.

Microsoft has disabled Google's controversial FLoC browser-based tracking feature in their Chromium-based Microsoft Edge browser. This month, Google began testing a new tracking platform called Federated Learning of Cohorts, or FLoC, that places users in anonymous buckets, or cohorts, based on their interest and browsing behavior.