Security News

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory certificate authentication issues caused by Microsoft's May 2022 updates. The flaw is an actively exploited Windows LSA spoofing vulnerability tracked as CVE-2022-26925 and confirmed to be a new PetitPotam Windows NTLM Relay attack vector.

Microsoft has reminded customers that Windows Server 2012/2012 R2 will reach its extended end-of-support date next year, on October 10, 2023. Released in October 2012, Windows Server 2012 has entered its tenth year of service and has already reached the mainstream end date over three years ago, on October 9, 2018.

Microsoft has released the optional KB5014666 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. This update includes numerous bug fixes and new, unexpected printing features. The KB5014666 cumulative update preview is part of Microsoft's June 2022 monthly "C" update, allowing admins to test fixes in the July 2022 Patch Tuesday.

Microsoft has finally confirmed Internet connectivity issues affecting servers with Routing and Remote Access Service enabled after installing Windows updates released as part of this month's Patch Tuesday. Microsoft has now revealed that these issues have been addressed in last week's optional Windows cumulative update previews.

Microsoft says it addressed a known issue that was causing all Microsoft Edge tabs running IE mode to stop responding if one of the opened sites displayed a modal dialog box after issuing a window. The IE mode problems affect devices running Windows 11, Windows 10, and Windows Server 2022 after installing the KB5014019, KB5014023, and KB5014021 optional preview cumulative updates.

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "Multiple payloads per.LNK" file.

Microsoft has accidentally leaked that Windows 10 22H2 is on its way by including an enablement package in the latest Windows 10 KB5014666 preview update available to Insiders on the Release channel. Today, Microsoft has released the Windows 10 KB5014666 cumulative update preview to Windows Insiders on the Release channel, allowing them to test upcoming fixes before they are previewed by the larger Windows 10 user base next week.

Redmond published three cumulative updates as part of its scheduled June 2022 monthly "C" updates to allow customers to test upcoming fixes: KB5014668, KB5014665, and KB5014669. As the company revealed on Thursday in updates to known issue entries in the Windows health dashboard [1, 2, 3], the updates also address connectivity issues when using Wi-Fi hotspots after installing Windows updates released as part of the June 2022 Patch Tuesday.

Microsoft has released the optional KB5014668 cumulative update previews for Windows 11 with fixes for issues leading to game crashes and failed upgrades to the latest Windows version. This cumulative update is part of Microsoft's scheduled June 2022 monthly "C" updates that enables Windows customers to test upcoming fixes before they're released for all users on July 12th as part of the next Patch Tuesday.

LNKs are Windows shortcut files that can contain malicious code to abuse legitimate tools on the system, the so-called living-off-the-land binaries, such as PowerShell or the MSHTA that is used to execute Microsoft HTML Application files. Researchers at Cyble have spotted a new tool for creating malicious LNKs called Quantum, which features a graphical interface and offers convenient file building through a rich set of options and parameters.