Security News

Microsoft Office LTSC 2024 preview available for Windows, Mac
2024-04-18 16:49

A preview of Microsoft Office LTSC 2024, a volume-licensed and perpetual version of Office for commercial customers, is now available for Windows and macOS users. Office LTSC 2024 for commercial preview, Visio 2024 preview, and Project 2024 preview.

Microsoft: Copilot ‘app’ on Windows Server mistakenly added by Edge
2024-04-17 12:16

Microsoft says the new Copilot app, mistakenly added to the list of installed Windows apps by recent Edge updates, doesn't collect or relay data to its servers. For this reason, they were surprised to see a new 8KB Microsoft Copilot app added to the list of installed programs on live production builds of Windows Server 2022.

Microsoft lifts Windows 11 block on some Intel systems after 2 years
2024-04-15 11:42

Microsoft has finally lifted a compatibility hold blocking Windows 10 users from updating to Windows 11 on systems with Intel Smart Sound Technology audio drivers and Intel 11th Gen Core processors. The company first acknowledged in November 2021 that some Intel audio drivers were triggering blue screens back on Windows 11 21H2 devices when it also added safeguard holds blocking Windows 11 upgrades from being offered to customers on affected systems.

Microsoft now testing app ads in Windows 11's Start menu
2024-04-12 20:13

Microsoft has started testing ads in the Windows 11 Start menu, a new experiment the company says will help users find new "Great" apps in the Microsoft Store. Microsoft says the app ads will appear only on Windows Insiders systems in the U.S. and not on managed devices in enterprise environments.

Telegram fixes Windows app zero-day used to launch Python scripts
2024-04-12 18:46

Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts. The next day, a proof of concept exploit was shared on the XSS hacking forum explaining that a typo in the source code for Telegram for Windows could be exploited to send Python.

Telegram fixes Windows app zero-day caused by file extension typo
2024-04-12 18:46

This caused the file to automatically be executed by Python without a warning from Telegram like it does for other executables, and was supposed to do for this file if it wasn't for a typo. In a statement to BleepingComputer, Telegram rightfully disputes that the bug was a zero-click flaw but confirmed they fixed the "Issue" in Telegram for Windows to prevent Python scripts from automatically launching when clicked.

Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib
2024-04-10 13:15

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks
2024-04-10 03:05

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score...

Microsoft fixes two Windows zero-days exploited in malware attacks
2024-04-09 22:06

Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. "Just as we did in 2022, we immediately reported our findings to the Microsoft Security Response Center. After validating our discovery, the team at Microsoft has added the relevant files to its revocation list," Budd said.

Critical Rust flaw enables Windows command injection attacks
2024-04-09 20:20

Threat actors can exploit a security vulnerability in the Rust standard library to target Windows systems in command injection attacks. Tracked as CVE-2024-24576, this flaw is due to OS command and argument injection weaknesses that can let attackers execute unexpected and potentially malicious commands on the operating system.