Security News

Mozilla released a security update to address a high severity privilege escalation vulnerability found in the Mozilla Maintenance Service. The Mozilla Maintenance Service is an optional Firefox and Thunderbird service that makes application updates possible in the background.

Case in point: One of the most stressful remote work experiences involves mandated Windows password changes on a company-issued laptop. You can't get into your workstation to launch the VPN to try to correct the problem with another password reset on your own.

CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability. The move means that Federal Civilian Executive Branch agencies have until Feb. 18, 2022 to remediate the vulnerability, which affects all unpatched versions of Windows 10.

Microsoft says it has fixed a known issue triggered by last month's Windows updates that would cause apps using Microsoft. "After installing updates released January 11, 2022 or later, apps using Microsoft.NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows," Microsoft explained in an update to the Windows health dashboard.

The U.S. Cybersecurity and Infrastructure Security Agency is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882 to the Known Exploited Vulnerabilities Catalog, necessitating that Federal Civilian Executive Branch agencies patch all systems against this vulnerability by February 18, 2022.

Later this year, Microsoft is planning to launch the first big update for Windows 11. The update is reportedly codenamed "Sun Valley 2," and it is expected to ship with a new Task Manager, improvements to Start Menu and Taskbar, and more.

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch their systems against an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges. Per a binding operational directive issued in November and today's announcement, all Federal Civilian Executive Branch Agencies agencies are now required to patch all systems against this vulnerability, tracked as CVE-2022-21882 within two weeks, until February 18th. While BOD 22-01 only applies to FCEB agencies, CISA strongly urges all private and public sector organizations to reduce their exposure to ongoing cyberattacks by adopting this Directive and prioritizing mitigation of vulnerabilities included in its catalog of actively exploited security flaws.

Microsoft released today a new Windows Terminal version that comes with a long-awaited feature making it possible to launch profiles that will automatically run as Administrator. To launch auto-elevated profiles, you have two options: configure the app to open a specific profile in an Admin terminal window automatically or open it as Administrator by Ctrl +clicking the profile on the dropdown menu.

Cloud directory specialist JumpCloud is moving into the crowded patch management market with an extension to its platform to automate patch updates. Companies such as Apple or Microsoft already have varying levels of patch management tools in their armoury.

Image: ESET. Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above. ZDI's advisory says attackers are only required to "Obtain the ability to execute low-privileged code on the target system," which matches ESET's CVSS severity rating also showing that the bug can be exploited by threat actors with low privileges.