Security News

Microsoft has released the Windows 11 KB5012592 cumulative update with security updates, quality improvements, and a fix that makes it easier to switch your default browser. KB5012592 is a mandatory cumulative update as it contains the April 2022 Patch Tuesday security updates for vulnerabilities discovered in previous months.

Microsoft has released Windows 10 KB5012599 and KB5012591 cumulative updates for versions 21H2, version 21H1, version 20H2 and 1909 to fix security vulnerabilities and resolve bugs. This update is not available for May 2020 Update if you use the consumer edition, but the same update will be offered on devices using enterprise or education SKUs.

Microsoft has discovered a new malware used by the Chinese-backed Hafnium hacking group to maintain persistence on compromised Windows systems by creating and hiding scheduled tasks. "Further investigation reveals forensic artifacts of the usage of Impacket tooling for lateral movement and execution and the discovery of a defense evasion malware called Tarrask that creates 'hidden' scheduled tasks, and subsequent actions to remove the task attributes, to conceal the scheduled tasks from traditional means of identification."

The Qbot botnet is now pushing malware payloads via phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages. This is the first time the Qbot operators are using this tactic, switching from their standard way of delivering the malware via phishing emails dropping Microsoft Office documents with malicious macros on targets' devices.

If you are waiting for Windows 11 side-taskbar support before upgrading to the latest operating system, you may be waiting for a long time, according to a recent Microsoft Ask Me Anything session. When Windows was first released, the most controversial changes were the new centered Start Menu and the reduced functionality of the Windows taskbar.

Windows Autopatch is an automated, managed service by Microsoft to keep Windows and Office always up-to-date. "Windows Autopatch manages all aspects of deployment groups for Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates. Drivers and firmware that are published to Windows Update as Automatic will be delivered as part of Windows Autopatch," Lior Bela, a Senior Product Marketing Manager on the Microsoft 365 team, explained.

During the Hybrid work event, Microsoft officially teased new features coming to the operating system this year. This new feature uses Microsoft Defender SmartScreen to alert users when they try to store passwords in plain texts in apps like Notepad. The feature will also warn users if they accidentally enter the Microsoft account passwords on phishing sites.

Microsoft announced that Windows Autopatch, a service designed to automatically keep Windows and Office software up to date, will be released in July 2022. Windows Autopatch is a new managed service offered for free to all Microsoft customers who already have a Windows 10/11 Enterprise E3 or above license.

Microsoft has reminded customers today that multiple editions of Windows 10 20H2 and Windows 10 1909 are reaching the end of service on May 10, 2022. In a support document, Microsoft says that Windows 10 20H2 will reach EOS for Windows 10 Home, Pro, Pro Education, and Pro for Workstations users.

While there are some malicious drivers that are deliberately crafted to compromise PCs, the most problems come from a small number of legitimate drivers with accidental flaws in, said David Weston, VP of Enterprise and OS Security at Microsoft. "Think about some of the driver cases recently where a certificate leaked from a giant vendor. If we revoke that, everyone's devices may stop working. We need more of a precision mechanism to do blocking while we work towards the longer approach of revocation. The Vulnerable Driver Block List allows the user to do that with a very precise list that Microsoft has validated. We look at things like how many devices would stop working? Have we worked with a vendor to have a fix? We think the list is a good balance for folks who want security, but also want the confidence that Microsoft has done the telemetry and analysis."