Security News

Attackers Actively Target Windows Installer Zero-Day
2021-11-24 14:09

Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer elevation-of-privilege vulnerability tracked as CVE-2021-41379 that Microsoft patched a couple of weeks ago as part of its November Patch Tuesday updates.

After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
2021-11-24 11:28

A local elevation of privilege vulnerability in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day Initiative, has analyzed the patch for CVE-2021-41379 and found that the bug was "Not fixed correctly."

Malware now trying to exploit new Windows Installer zero-day
2021-11-23 21:09

Malware creators have already started testing a proof-of-concept exploit targeting a new Microsoft Windows Installer zero-day publicly disclosed by security researcher Abdelhamid Naceri over the weekend. On Sunday, Naceri published a working proof-of-concept exploit for this new zero-day, saying it works on all supported versions of Windows.

Zero-day proof-of-concept exploit lands for Windows make-me-admin vulnerability
2021-11-23 20:21

The day has a 'y' in it, so it must be time for another zero day to drop for a Microsoft product. To be clear, one does need to be logged into a Windows box to elevate one's privileges, and it looks like Edge also needs to be installed - which is hard to avoid in most modern Windows installations these days.

Windows 11 KB5007262 Cumulative Update Preview Released
2021-11-22 23:49

Microsoft has released the optional KB5007262 Preview cumulative update for Windows 11 with 70 fixes or improvements. This Windows 11 cumulative update is part of Microsoft's November 2021 monthly "C" update, allowing users to test the upcoming updates and fixes in the December 2021 Patch Tuesday.

New Windows zero-day with public exploit lets you become an admin
2021-11-22 22:40

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.

How to download a Windows 10 21H2 ISO from Microsoft
2021-11-21 19:07

Microsoft released Windows 10 21H2, the November 2021 Update, last week and you can now download an ISO image for the new version to put aside for emergencies or clean installs. If you plan on upgrading to the new version of Windows it is always recommended that you download or create an ISO to have on hand for troubleshooting problems or performing clean installs of Windows.

New Windows 11 build fixes Microsoft Installer issue breaking apps
2021-11-19 18:54

Microsoft has fixed a recently confirmed Windows 11 issue in a newly released build for Windows Insiders in the Beta and Release Preview channels. This issue would prevent apps from opening on multiple client and server Windows versions after being repaired or updated using the Windows Installer system tool.

Microsoft: Windows Installer breaks apps after updates, repairs
2021-11-19 11:36

Microsoft has confirmed a new known issue impacting client and server Windows versions that breaks apps after updating or repairing them using the Windows Installer. This issue affects systems where Windows users have installed cumulative updates released during this month's Patch Tuesday.

How to install the OpenSSH server on Windows with PowerShell
2021-11-18 19:54

If you've ever had a need to SSH into a Windows machine, Jack Wallen shows you how to make that possible with the help of PowerShell. I'm going to walk you through the process of installing the OpenSSH Server on Windows 10, configuring it to start at boot, and then show you how to log in from a Linux machine.