A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "Opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.
Microsoft says a new Windows 11 preview build rolling out today will allow Insiders to test the company's adaptive brightness feature on more systems. While Content Adaptive Brightness Control could previously only be used on laptops while running on battery, CABC can now also be toggled on plugged-in devices.
A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally," Recorded Future told The Hacker News. The use of KEYPLUG by Chinese threat actors was first disclosed by Google-owned Manidant in March 2022 in attacks targeting multiple U.S. state government networks between May 2021 and February 2022.
Valve announced that its Steam online game platform will officially drop support for the Windows 7, Windows 8, and Windows 8.1 platforms starting January 1st, 2024. Once it reaches the end-of-support date, the Steam Client software will stop working on these out-of-support Windows versions, with Valve recommending users to upgrade to a more recent Windows version to continue playing their games via Steam.
Microsoft is investigating a known issue triggered by the KB5023774 March 2023 preview update and causing Red Dead Redemption 2 to stop opening on some devices. This issue affects only users who launch the game via the Rockstar Games Launcher on Windows 11 21H2 systems where the KB5023774 optional update was installed.
Microsoft has released the optional March 2023 non-security preview update for Windows 11 with a search box that matches the current color scheme and a new feature the company describes as "Notifications for Microsoft accounts." Th KB5023778 Windows 11 non-security release also has many improvements and bug fixes with the list, including new Microsoft Defender for Endpoint features and a fix for a Microsoft PowerPoint freeze issue.
Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. "If you take a screenshot of your bank statement, save it to your desktop, and crop out your account number before saving it to the same location, the cropped image could still contain your account number in a hidden format that could be recovered by someone who has access to the complete image file," Microsoft explains.
Microsoft released an emergency security update for the Windows 10 and Windows 11 Snipping tool to fix the Acropalypse privacy vulnerability. With this bug, both the Google Pixel's Markup Tool and the Windows Snipping Tool were found to be leaving the cropped data within the original file.
On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting Windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software. The highlight of the day was the Ubuntu Desktop operating system getting hacked three times by three different teams, although one of them was a collision with the exploit being previously known.
Microsoft announced that the new Windows 11 build rolling out to Insiders in the Canary channel comes with increased protection against phishing attacks and support for SHA-3 cryptographic hash functions. Enhanced Phishing Protection is a Defender SmartScreen feature introduced with the release of Windows 11 22H2 in September 2022 and is designed to protect user credentials against phishing attacks.