Security News

Microsoft released today a new Windows Terminal version that comes with a long-awaited feature making it possible to launch profiles that will automatically run as Administrator. To launch auto-elevated profiles, you have two options: configure the app to open a specific profile in an Admin terminal window automatically or open it as Administrator by Ctrl +clicking the profile on the dropdown menu.

Cloud directory specialist JumpCloud is moving into the crowded patch management market with an extension to its platform to automate patch updates. Companies such as Apple or Microsoft already have varying levels of patch management tools in their armoury.

Image: ESET. Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above. ZDI's advisory says attackers are only required to "Obtain the ability to execute low-privileged code on the target system," which matches ESET's CVSS severity rating also showing that the bug can be exploited by threat actors with low privileges.

Optional updates for Windows 10 and Windows 11 released in January have fixed performance problems when playing games, using the operating system, or even opening folders in File Explorer. Microsoft later released out-of-band updates to fix these issues, whose fixes were also rolled into the optional preview updates.

Security teams might have skipped January's Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It's a bug that now has a proof-of-concept exploit available in the wild.

A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. The vulnerability affects all supported support versions of Windows 10 before the January 2022 Patch Tuesday updates.

The amount of time devices running Windows are powered on and connected to Windows Update is tracked by Microsoft as 'Update Connectivity. "One of the most impactful things we explored was how much time a device needs to be powered on and connected to Windows Update to be able to successfully install quality and feature updates," said Guyer.

The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North Korea-based nation-state hacking group that's been active since at least 2009.

Lazarus Group is using Windows Update to spray malware in a campaign powered by a GitHub command-and-control server, researchers have found. Lazarus did the same thing last July: At that time, the APT was identified as being behind a campaign that was spreading malicious documents to job-seeking engineers, impersonating defense contractors who were purportedly seeking job candidates at Airbus, General Motors and Rheinmetall.

North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries and is now actively using it to execute malicious code on Windows systems. In the next stage, the LNK file is used to launch the WSUS / Windows Update client to execute a command that loads the attackers' malicious DLL. "This is an interesting technique used by Lazarus to run its malicious DLL using the Windows Update Client to bypass security detection mechanisms," Malwarebytes said.