Security News

Microsoft has addressed a known issue causing apps using Direct3D 9 to experience problems after installing April 2022 cumulative updates, including crashes and errors on systems using certain GPUs. The problems affect systems running Windows 11 and Windows 10, where users have installed the KB5012643 and KB5011831 optional preview cumulative updates.

Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code.

Hackers have carried out over 65,000 attacks through Windows' Print Spooler exploit. A new report, from cybersecurity company Kaspersky, has found that cybercriminals conducted approximately 65,000 attacks through Windows' Print Spooler application between July 2021 and April 2022.

May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack and two publicly known vulnerabilities. First and foremost, we have CVE-2022-26925, an "Important" spoofing vulnerability in Windows Local Security Authority that may turn into a "Critical" one if combined with NTLM relay attacks.

Microsoft has addressed an actively exploited Windows LSA spoofing zero-day that unauthenticated attackers can exploit remotely to force domain controllers to authenticate them via the Windows NT LAN Manager security protocol. The vulnerability, tracked as CVE-2022-26925 and reported by Bertelsmann Printing Group's Raphael John, has been exploited in the wild and seems to be a new vector for the PetitPotam NTLM relay attack.

Microsoft has released the Windows 11 KB5013943 cumulative update with security updates, improvements, and fixes for screen flickers in Safe Mode and a bug causing some NET 3.5 apps not to open. KB5013943 is a mandatory cumulative update as it contains the May 2022 Patch Tuesday security updates for vulnerabilities discovered in previous months.

Microsoft has released Windows 10 KB5013945 and KB5013942 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1909 to fix security vulnerabilities and resolve bugs. This update is not available for May 2020 Update if you use the consumer edition, but the same update will be offered on devices using enterprise or education SKUs.

Kaspersky uncovers fileless malware inside Windows event logs. The cybersecurity company published a blog on May 4 detailing that, for the first time ever, hackers have placed shellcode into Windows event logs, hiding Trojans as fileless malware.

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed to keep the activity as stealthy as possible.

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. The adversary simulation software modules are then used as a launchpad to inject code into Windows system processes or trusted applications.