Security News

Microsoft has linked a threat group it tracks as Knotweed to a cyber mercenary outfit named DSIRF, targeting European and Central American entities using a malware toolset dubbed Subzero. Using passive DNS data while investigating Knotweed attacks, threat intelligence firm RiskIQ also found that infrastructure actively serving malware since February 2020 linked to DSIRF, including its official website and domains likely used to debug and stage the Subzero malware.

Microsoft has released the optional KB5015878 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. This update includes numerous bug fixes and enhancements, including gaming and Windows Autopilot fixes and a new Focus Assist feature. The KB5015878 cumulative update preview is part of Microsoft's July 2022 monthly "C" update, allowing admins to test upcoming fixes released in the August 2022 Patch Tuesday.

A strong account lockout policy is one of the most effective tools for stopping brute force authentication attempts on Windows domains. As an alternative, you can force an account lockout to remain in effect until an administrator unlocks the account by setting the account lockout duration value to 0.

Microsoft is now taking steps to prevent Remote Desktop Protocol brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors," David Weston, Microsoft's vice president for OS security and enterprise, said in a series of tweets last week.

Microsoft has addressed a known issue that was causing the start menu on some Windows 11 to malfunction after installing recent updates. This known issue affects only devices running Windows 11, version 21H2, and it was acknowledged on Friday after Redmond received customer reports of start menu issues affecting some systems.

Microsoft is warning customers that Windows updates released since June 28 will trigger printing issues on devices connected using USB. "Microsoft has received reports of issues affecting some printing devices following installation of Windows updates released June 28 and later," Redmond explained. "Normal printer usage might be interrupted for either scenario, resulting in failure of printing operations," the company said in a notice on the Windows health dashboard.

The operators of the QBot malware have been using the Windows Calculator to side-load the malicious payload on infected computers. Security researcher ProxyLife recently discovered that Qakbot, has been abusing the the Windows 7 Calculator app for DLL side-loading attacks since at least July 11.

Microsoft has reminded customers once again that Windows Server, version 20H2, will be reaching its End of Service in less than a month, on August 9. "On August 9, 2022, all editions of Windows Server, version 20H2 will reach end of servicing. The upcoming August 2022 security update, to be released on August 9, 2022, will be the last update available for this version," Microsoft said in a Windows message center update this week.

Microsoft warned that starting with this week's optional preview updates, temporary mitigation provided one year ago to address Windows Server printing issues on non-compliant devices will be removed, potentially breaking printing. As Redmond explained last year, a known issue might cause print and scan failures on multiple Windows Server versions after installing the July 2021 security updates on Windows domain controllers.

Microsoft has released the optional KB5015882 Preview cumulative update for Windows 11 with 20 fixes or improvements, including new Focus Assist and OS upgrade features. This Windows 11 cumulative update is part of Microsoft's July 2022 monthly "C" update, allowing users to test the upcoming updates and fixes in the August 2022 Patch Tuesday.