Security News

Microsoft today reminded customers that some editions of Windows 10, version 1809 will reach its end of service next week. "On November 10, 2020, the Home, Pro, Pro for Workstation, and IoT Core editions of Windows 10, version 1809 will reach end of service," Microsoft explains on the Windows 10 1809 Health Dashboard.

Microsoft is investigating a known issue leading to missing system and user certificates after updating certain managed Windows 10 systems using outdated installation media through update management tools, physical media, or ISO images. "System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10," Microsoft explains.

Microsoft this week revealed that it continues to receive reports from customers of attacks targeting the Zerologon vulnerability. The vulnerability came into the spotlight after the DHS ordered federal agencies to immediately apply available patches, with both Microsoft and CISA publishing information on attackers actively exploiting the bug.

Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that's been a persistent worry to both the company and the U.S. government over the last few months. Despite patching awareness efforts, Microsoft said it is still receiving "a small number of reports from customers and others" about active exploits of the bug tracked as CVE-2020-1472, or Zerologon, according to a blog post by Aanchal Gupta, vice president of engineering for MSRC, on Thursday.

Upcoming changes to how Windows 10 automatically installs driver updates may cause plug-and-play to break for some devices. Windows Update is also used to deliver automatic drivers to allow hardware developers to quickly deploy fixes to Windows 10 users encountering bugs in an existing driver.

Microsoft today warned that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol. Zerologon is a critical flaw that enables attackers to elevate privileges to a domain admin, thus allowing them to take full control over the entire domain, to change any user's password, and to execute any arbitrary command.

Microsoft this week announced the availability of a new vulnerability management report in Microsoft Defender, to provide information on vulnerable devices. The new built-in report complements existing Microsoft Defender for Endpoint threat and vulnerability management capabilities and is catered for those looking to gain insights on devices that pose potential risks due to unpatched vulnerabilities.

Microsoft has released the KB4580364 non-security update that fixes bugs causing responsiveness issues on affected Windows 10 2004 devices. Windows 10 users who install the KB4580364 release preview update might experience issues with input, might not be able to enter text, or receive unexpected results if using the Microsoft Input Method Editor for Japanese or Chinese languages.

The Iran-linked state-sponsored threat group known as Charming Kitten was observed targeting potential attendees of two major international conferences, Microsoft reports. Recently observed attacks, Microsoft says, targeted over 100 high-profile individuals, potential attendees of two upcoming global policy conferences, namely the Munich Security Conference and the Think 20 Summit, which is held in Saudi Arabia.

Microsoft rushed to take action on Wednesday after Defender Advanced Threat Protection users reported getting Cobalt Strike and Mimikatz alerts that turned out to be false positives. It's not surprising that some Microsoft Defender ATP users had a small heart attack on Wednesday when they saw multiple high-severity alerts for Cobalt Strike.