Security News

Researchers have discovered a drive-by remote code-execution bug in Windows 10 via Internet Explorer 11/Edge Legacy - the EdgeHTML-based browser that's currently the default browser on Windows 10 PCs - and Microsoft Teams. In this case, the issue lies in the Windows 10/11 default Uniform Resource Identifier handler for ms-officecmd: URIs are used by the Microsoft Office Universal Windows Platform app to launch other Office desktop applications.

Researchers have discovered a drive-by remote code-execution bug in Windows 10 via Internet Explorer 11/Edge Legacy - the EdgeHTML-based browser that's currently the default browser on Windows 10 PCs - and Microsoft Teams. In this case, the issue lies in the Windows 10/11 default Uniform Resource Identifier handler for ms-officecmd: URIs are used by the Microsoft Office Universal Windows Platform app to launch other Office desktop applications.

Microsoft has started rolling out the new and wholly redesigned Notepad for Windows 11 to all Windows Insiders in the Dev Channel. "First, you will notice a completely updated UI that aligns with the new visual design of Windows 11, including rounded corners, Mica, and more," said today Dave Grochocki, Microsoft's Principal Program Manager Lead for Windows Inbox Apps.

Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. Deployed via cracked software, the latest attack involves the malware masquerading as KMSPico.

Microsoft has shared a solution for Outlook users who have been experiencing search issues after upgrading to Windows 11. "This issue will happen with any account where the emails and other items are stored locally in PST or OST files such as POP and IMAP accounts," Microsoft says on its list of recent issues impacting Outlook for PC. "For Exchange and Microsoft 365 hosted accounts, this issue will affect offline search for the data in the locally stored OST files."

Microsoft has reversed a Windows 11 design change that made it highly annoying to change the default browser used by the operating system. Previously, web browsers could configure themselves as the default browser by modifying the Windows Registry.

Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation on vulnerable systems. Tracked as CVE-2021-24084, the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files.

The Emotet malware is now distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software.The threat actors behind Emotet are now infecting systems by installing malicious packages using a built-in feature of Windows 10 and Windows 11 called App Installer.

Microsoft has addressed a long list of issues and added more Windows 11 start menu customization options with the release of Windows 11 Insider Preview Build 22509 to the Dev Channel. The most critical issues fixed in this new development build led to update and installation problems that blocked Windows 11 users from deploying new builds.

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Tracked as CVE-2021-41379 and discovered by security researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Windows Installer software component was originally resolved as part of Microsoft's Patch Tuesday updates for November 2021.