Security News

Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to...

On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but - welcome news! - none of them are currently publicly known or actively exploited. One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.

Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws.

Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. "Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 or upgrade to Windows 11 to remain supported."

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. At the SO-CON security conference today, SpecterOps researchers Chris Thompson and Duane Michael announced the release of Misconfiguration Manager, a repository with attacks based on faulty MCM configurations that also provides resources for defenders to harden their security stance.

Midnight Blizzard, a group of Russian hackers tied to the country's Foreign Intelligence Service, has leveraged information stolen from Microsoft corporate email systems to burrow into the company's source code repositories and internal systems."It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures," the company's Security Response Center shared on Friday.

Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "Holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem. Avast claims Lazarus Group used the vulnerability to obtain read/write primitive on the Windows kernel and install their FudModule rootkit, but Microsoft's opinion on the severity of admin-to-kernel exploits meant it didn't prioritize the matter, waiting until February's patch Tuesday to fix the issue, which it tagged as CVE-2024-21338, with a CVSS score of 8/10. "Some Windows components and configurations are explicitly not intended to provide a robust security boundary," Microsoft states on its Security Servicing criteria page.

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal...

Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.

Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January...