Security News

Microsoft is doubling its efforts to court the gaming community with a new feature, "Edge for Gamers" mode, which promises to elevate the user experience inside and outside gaming sessions. In the initial descriptions provided by Microsoft, the Edge for Gamers mode will enable a variety of enhancements.

A financially motivated cybercriminal group known as FIN7 resurfaced last month, with Microsoft threat analysts linking it to attacks where the end goal was the deployment of Clop ransomware payloads on victims' networks. "The group was observed deploying the Clop ransomware in opportunistic attacks in April 2023, its first ransomware campaign since late 2021.".

Microsoft has decided to allow customers to choose when the last bits of Internet Explorer 11 will be removed from their devices. "Over the coming months a small subset of exceptional scenarios where IE11 is still accessible will be redirected to Edge, ensuring users access a supported and more secure Microsoft browser," the company added.

Microsoft wants to take the decision of which multi-factor authentication method to use out of the users' hands and into its own. The software maker this week is rolling out what it calls system-preferred authentication for MFA, which will present individuals signing in with the most secure method and then alternatives if that method is unavailable.

Microsoft has pulled a recent Microsoft Defender update that was supposed to fix a known issue triggering persistent restart alerts and Windows Security warnings that Local Security Authority Protection is off. Microsoft acknowledged the issue on March 21, after widespread user reports regarding Windows 11 systems warning that LSA protection was off.

Cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times. According to Check Point, whose analysts discovered the malicious extensions and reported them to Microsoft, the malware enabled the threat actors to steal credentials, system information, and establish a remote shell on the victim's machine.

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections.

Microsoft is investigating major speed issues affecting L2TP/IPsec VPN connections after installing recent Windows 11 updates. Based on reports seen by BleepinComputer since the updates have been available, both updates are triggering the L2TP/IPsec VPN speed issues after deployment.

Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkitFor May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug and a Secure Boot bypass flaw exploited by attackers in the wild. MSI's firmware, Intel Boot Guard private keys leakedThe cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company's private code signing keys on their dark web site.

If a miscreant carefully crafted a mail with that sound path set to a remote SMB server, when Outlook fetched and processed the message, and automatically followed the path to the file server, it would hand over the user's Net-NTLMv2 hash in an attempt to log in. The patch from a couple of months ago made Outlook use the Windows function MapUrlToZone to inspect where a notification sound path was really pointing, and if it was out to the internet, it would be ignored and the default sound would play.