Security News

Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability
2024-03-11 04:28

Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "Holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem. Avast claims Lazarus Group used the vulnerability to obtain read/write primitive on the Windows kernel and install their FudModule rootkit, but Microsoft's opinion on the severity of admin-to-kernel exploits meant it didn't prioritize the matter, waiting until February's patch Tuesday to fix the issue, which it tagged as CVE-2024-21338, with a CVSS score of 8/10. "Some Windows components and configurations are explicitly not intended to provide a robust security boundary," Microsoft states on its Security Servicing criteria page.

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
2024-03-09 04:01

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal...

Microsoft confirms Russian spies stole source code, accessed internal systems
2024-03-08 16:56

Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.

Microsoft says Russian hackers breached its systems, accessed source code
2024-03-08 15:31

Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January...

Microsoft is killing off the Android apps in Windows 11 feature
2024-03-05 19:23

Microsoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th. The Windows Subsystem for Android allows users to run native Android apps in a virtualized environment with sound, graphics, and network connectivity. Released in October 2021, WSA quickly became a novelty for allowing users to install apps from the Amazon App Store in Windows 11.

Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs
2024-03-03 15:11

Starting next month, Microsoft nag screens pushing Windows 11 will also show up on non-managed enterprise devices running Windows 10 Pro and Pro Workstation. After receiving the prompts, the users can upgrade to Windows 11 23H2 or keep using Windows 10.

CISA warns of Microsoft Streaming bug exploited in malware attacks
2024-03-01 19:18

CISA ordered U.S. Federal Civilian Executive Branch agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service that's actively exploited in attacks. Redmond patched the bug during the June 2023 Patch Tuesday, with proof-of-concept exploit code dropping on GitHub three months later, on September 24.

Microsoft fixes Outlook clients not syncing over Exchange ActiveSync
2024-03-01 16:05

Microsoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. Exchange ActiveSync is a synchronization protocol used by Microsoft Exchange to allow users to access their email, calendar, contacts, and tasks.

Microsoft pulls Edge update causing 'Out of Memory' crashes
2024-03-01 15:44

Microsoft has pulled the Microsoft Edge 122.0.2365.63 update after users reported receiving "Out of memory" errors when browsing the web or accessing the browser settings. Microsoft released Edge 122.0.2365.63 yesterday, and soon after, users began reporting across multiple sites that the browser was crashing repeatedly with memory errors.

Microsoft rolls back decision to stop Windows 11 22H2 preview updates
2024-02-29 17:50

Microsoft says that systems running Windows 11 22H2 will continue to receive non-security preview updates after initially stating they would no longer receive them after February 2024. Under the new schedule revealed this week, Windows 11 22H2 optional updates will keep rolling out until mid-June 2025, depending on your Windows edition.