Security News

Microsoft has resolved a newly acknowledged issue causing Windows apps that use WebView2 to render Internet content incorrectly outside their windows after installing the March optional preview cumulative updates. The WebView2 control allows developers to embed and render web content in native apps using the Microsoft Edge web browser, including JavaScript, HTML, and CSS. According to a new entry added to the Window Health dashboard, "Some apps might render content incorrectly or outside of the app's window" on systems where the March non-security preview releases have been installed.

Microsoft has removed a compatibility hold blocking Windows 11 upgrades for Windows 10 customers after fixing a known issue leading to problems importing Internet Explorer 11 data into Microsoft Edge. The only customers impacted by the now-fixed known issue were those who didn't import their IE11 information into Microsoft Edge before starting the Windows 11 upgrade process.

Microsoft now allows enterprise admins to re-enable the MSIX ms-appinstaller protocol handler disabled after Emotet abused it to deliver malicious Windows App Installer packages. App Installer allows users to install Windows applications directly from a web server using an MSIX package or App Installer file without first downloading the installers to their computer.

Microsoft has added a new safeguard hold blocking Windows 11 upgrades for Windows 10 customers who don't import their Internet Explorer 11 data into Microsoft Edge before trying to install the newest Windows version. "After upgrading to Windows 11, saved information and data from Internet Explorer 11 might not be accessible if you did not accept to import it into Microsoft Edge before the upgrade," Microsoft explained in the Windows health dashboard.

The Chinese hacking group Deep Panda is targeting VMware Horizon servers with the Log4Shell exploit to deploy a novel rootkit named 'Fire Chili. In a recent Deep Panda campaign discovered by Fortinet, the hacking group is deploying the new 'Fire Chili' rootkit to evade detection on compromised systems.

Microsoft has released the optional KB5011563 cumulative update preview for Windows 11, with fixes for stop errors triggering blue screens of death and other issues. As mentioned in the beginning, today's Windows 11 optional update highlights are fixes for two BSODs triggered by stop errors in DirectX and the SMB Server.

Microsoft now allows Windows users to block drivers with known vulnerabilities with the help of Windows Defender Application Control and a vulnerable driver blocklist. It works on devices running Windows 10, Windows 11, and Windows Server 2016 and above with hypervisor-protected code integrity enabled and on Windows 10 systems in S mode.

Unlike the original Windows 11 release, it won't be a massive update with radical design changes. Microsoft also noted that updated media controls reflect the Windows 11 design principles, and more flyouts will be updated in future preview releases.

Microsoft says Windows 7 recovery discs created using the Control Panel Backup and Restore app will fail to start after installing Windows updates released since January 11, 2022. While Microsoft did not explain why this happens, it said the recovery discs would work on systems where the problematic updates weren't installed.

Microsoft has addressed a new known issue causing DNS stub zones loading failures that could lead to DNS resolution issues on Windows Server 2019 systems. DNS stub zones are copies of DNS zones containing resource records needed to determine the authoritative DNS servers for a specific zone and resolve names between separate DNS namespaces.