Security News

Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept tool on December 12. The two vulnerabilities - tracked as CVE-2021-42278 and CVE-2021-42287 - have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw affecting the Active Directory Domain Services component.

A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. Both vulnerabilities are described as a "Windows Active Directory domain service privilege-escalation" bugs and are of high severity, with a CVSS criticality score of 7.5 out of 10.

Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit.The highlight of the new Windows 10 security baseline is the addition of tamper protection as a setting to enable by default.

Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.Redmond's warning to immediately patch the two bugs - both allowing attackers to impersonate domain controllers - comes after a proof-of-concept tool that can leverage these vulnerabilities was shared on Twitter and GitHub on December 11.

A new malware named 'DarkWatchman' has emerged in the cybercrime underground, and it's a lightweight and highly-capable JavaScript RAT paired with a C# keylogger. A stealthy 'file-less' RAT. DarkWatchman is a very light malware, with the JavaScript RAT measuring just 32kb in size and the compiled only taking using 8.5kb of space.

Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library. KnownSec 404 Team's Heige first reported these attacks on Twitter on Monday after observing that the ransomware was dropped on old Windows systems using exploits targeting the flaw tracked as CVE-2021-44228 and known as Log4Shell.

Dubbed DarkWatchman by researchers from Prevailion's Adversarial Counterintelligence Team, the malware uses a resilient domain generation algorithm to identify its command-and-control infrastructure and utilizes the Windows Registry for all of its storage operations, thereby enabling it to bypass antimalware engines. The RAT "Utilizes novel methods for fileless persistence, on-system activity, and dynamic run-time capabilities like self-updating and recompilation," researchers Matt Stafford and Sherman Smith said, adding it "Represents an evolution in fileless malware techniques, as it uses the registry for nearly all temporary and permanent storage and therefore never writes anything to disk, allowing it to operate beneath or around the detection threshold of most security tools."

Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. It's worth noting that this is in addition to the 21 flaws resolved in the Chromium-based Microsoft Edge browser.

Microsoft is working on making Windows Terminal the default terminal emulator program in Windows 11 instead of the Windows Console Host, starting next year. Unlike the current default app, the Windows Terminal app comes with support for multiple console tabs in a single window and choosing between the cmd shell, PowerShell, and Linux distro shells installed via the Windows Subsystem for Linux.

Microsoft has addressed a known issue that plagued Windows Server customers for weeks, preventing the Defender for Endpoint enterprise security platform from launching on some systems. The issue only impacts devices where customers installed Windows Server 2019 and Windows Server 2022 security updates issued during last month's Patch Tuesday.