Security News

A Windows 11 vulnerability, part of Microsoft's Patch Tuesday roundup of fixes, is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency to advise patching of the elevation of privileges flaw by August 2. The recommendation is directed at federal agencies and concerns CVE-2022-22047, a vulnerability that carries a CVSS score of high and exposes Windows Client Server Runtime Subsystem used in Windows 11 and also Windows Server 2022 to attack.

Trend Micro Research has published an anatomy of a Windows remote code execution vulnerability lurking in the Network File System. The vulnerability in question, CVE-2022-30136, was patched by Microsoft in June but the research makes for interesting reading both in terms of the vulnerability itself and the potential for exploitation.

Windows 8.1 is now displaying full-screen alerts when logging into the operating system, warning that the OS is reaching the end of support in January 2023 and will no longer receive security updates. "January 10, 2023 is the last day Microsoft will offer security updates and technical support for PCs that run Windows 8.1. We are reaching out now to thank you for your loyalty and help you prepare for what's next," reads the Windows 8.1 notification below.

Remote Help relies on Azure Active Directory for that, showing the profile photo, company details, job title, email address and other information from Azure AD, so users know they can trust the person helping them, and IT staff know more about who they're helping, which may be useful for solving their problem. Remote Help uses Endpoint Manager's role-based access controls, so admins can manage permissions to choose who can help which users and what they can do.

CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem to its list of bugs abused in the wild.This high severity security flaw impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases.

The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows' Client/Server Runtime Subsystem. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft noted, but the attacker must first gain access to the system, usually by exploiting a separate code execution bug.

Microsoft has released the Windows 11 KB5015814 cumulative update with security updates, improvements, and the new Search Highlights feature. KB5015814 is a mandatory cumulative update containing the July 2022 Patch Tuesday security updates for vulnerabilities discovered in previous months.

Microsoft has released the Windows 11 KB5015814 cumulative update with security updates, improvements, and the new Search Highlights feature. KB5015814 is a mandatory cumulative update containing the July 2022 Patch Tuesday security updates for vulnerabilities discovered in previous months.

Microsoft reminded customers today that Windows Server, version 20H2 will be reaching its End of Service next month, on August 9. This comes after a May 2022 reminder that Windows Server 20H2 will reach the mainstream support end date for Standard Core and Datacenter Core users.

Microsoft has released the Windows 10 KB5015807 and KB5015811 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolve bugs and performance issues. This update is unavailable for Windows 10 1909 or Windows 10 2004, which reached the end of service.