Security News
Optional updates for Windows 10 and Windows 11 released in January have fixed performance problems when playing games, using the operating system, or even opening folders in File Explorer. Microsoft later released out-of-band updates to fix these issues, whose fixes were also rolled into the optional preview updates.
Security teams might have skipped January's Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It's a bug that now has a proof-of-concept exploit available in the wild.
A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. The vulnerability affects all supported support versions of Windows 10 before the January 2022 Patch Tuesday updates.
The amount of time devices running Windows are powered on and connected to Windows Update is tracked by Microsoft as 'Update Connectivity. "One of the most impactful things we explored was how much time a device needs to be powered on and connected to Windows Update to be able to successfully install quality and feature updates," said Guyer.
The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North Korea-based nation-state hacking group that's been active since at least 2009.
Lazarus Group is using Windows Update to spray malware in a campaign powered by a GitHub command-and-control server, researchers have found. Lazarus did the same thing last July: At that time, the APT was identified as being behind a campaign that was spreading malicious documents to job-seeking engineers, impersonating defense contractors who were purportedly seeking job candidates at Airbus, General Motors and Rheinmetall.
North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries and is now actively using it to execute malicious code on Windows systems. In the next stage, the LNK file is used to launch the WSUS / Windows Update client to execute a command that loads the attackers' malicious DLL. "This is an interesting technique used by Lazarus to run its malicious DLL using the Windows Update Client to bypass security detection mechanisms," Malwarebytes said.
Microsoft says Windows 11 has now entered the broad deployment phase, making it available for everyone with an eligible device via Windows Update. "The upgrade offer to Windows 11 is entering its final phase of availability and is designated for broad deployment for eligible devices," the company said in a Windows Health dashboard status update.
Microsoft announced today that they would be releasing new Windows 11 features next month, including a preview of the long-awaited Android Apps on Windows 11 feature, a new windows sharing feature, taskbar improvements, and redesigned Notepad and Media Player apps. "Next month we're bringing new experiences to Windows that include a public preview of how you can use Android apps on Windows 11 through the Microsoft Store and our partnerships with Amazon and Intel, taskbar improvements with call mute and unmute, easier window sharing and bringing weather to the taskbar, plus the introduction of two new redesigned apps, Notepad and Media Player," Panay shared in a new blog post.
Microsoft has fixed a known issue affecting systems running Windows 11, version 21H2, where applications may have problems rendering colors correctly high dynamic range displays when using Win32 APIs. Microsoft has addressed the HDR color rendering bug with the release of Windows 11 KB5008353 cumulative update issued part of January 2022 monthly non-security "C" preview.