Security News

The big feature update is currently available for download as an optional update and if you've already upgraded to the new operating system, you can try some new third-party programs to customize the experience and get the most out of Windows 11. Windows 11 is essentially Windows 10 with a new design, so it also comes with the same bloatware problem.

The big feature update is currently available for download as an optional update and if you've already upgraded to the new operating system, you can try some new third-party programs to customize the experience and get the most out of Windows 11. Windows 11 is essentially Windows 10 with a new design, so it also comes with the same bloatware problem.

Microsoft has fixed a new Windows RPC CVE-2022-26809 vulnerability that is raising concerns among security researchers due to its potential for widespread, significant cyberattacks once an exploit is developed.If exploited, any commands will be executed at the same privilege level as the RPC server, which in many cases has elevated or SYSTEM level permissions, providing full administrative access to the exploited device.

A popular Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts, Chrome extensions, and potentially other malware. While there were ways to use ADB to sideload Android apps, users began looking for methods that let them add the Google Play Store to Windows 11.

The China-linked Hafnium cyber-gang is using a strain of malware to maintain a persistent presence in compromised Windows systems by creating hidden tasks that maintain backdoor access even after reboots. Researchers within Microsoft's Detection and Response Team and Threat Intelligence Center spotted the software nasty, dubbed Tarrask, creating undesirable scheduled tasks via Windows Task Scheduler, which is typically used by IT administrators to automate such chores as updating programs, tidying up file systems, and starting certain applications.

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. Microsoft Threat Intelligence Center, which dubbed the defense evasion malware "Tarrask," characterized it as a tool that creates "Hidden" scheduled tasks on the system.

The Cybersecurity and Infrastructure Security Agency has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severity local privilege escalation bug in the Windows Common Log File System Driver. According to a binding operational directive issued in November, all Federal Civilian Executive Branch Agencies agencies must secure their systems against this security flaw after being added to CISA's catalog of Known Exploited Vulnerabilities.

After a hefty Patch Tuesday comes news of an update for Git to deal with a vulnerability for the source shack when run on Microsoft's Windows. The update is solely concerned with CVE-2022-24765, an interesting bug which afflicts the Git for Windows fork of Git.

The updates are in addition to 26 other flaws resolved by Microsoft in its Chromium-based Edge browser since the start of the month. The actively exploited flaw relates to an elevation of privilege vulnerability in the Windows Common Log File System.

Microsoft says Windows admins can now opt into automatic updates for. NET 6.0 to the Automatic Updates channel as a third option on top of Windows Server Update Services and Microsoft Update Catalog.