Security News
A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "Won't fix." Kerberos has superseded NTLM, the current default auth protocol for domain-connected devices for all Windows 2000 and later.
The bug dates back at least to Windows Server 2012 R2, CyberArk software architect and security champion Gabriel Sztejnworcel wrote, leading the firm to conclude that the latest versions of Windows - including client and server editions - are affected. Sztejnworcel's writeup goes into great detail about how the attack works, but some basics on RDP plumbing include the fact that RDP splits a single connection into multiple logical connections called virtual channels for handling different types of data.
A new cross-platform backdoor called "SysJoker" has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that's believed to have been initiated during the second half of 2021. "SysJoker masquerades as a system update and generates its by decoding a string retrieved from a text file hosted on Google Drive," Intezer researchers Avigayil Mechtinger, Ryan Robinson, and Nicole Fishbein noted in a technical write-up publicizing their findings.
The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back. The most serious issue introduced by these updates is that Windows domain controllers enter a boot loop, with servers getting into an endless cycle of Windows starting and then rebooting after a few minutes.
Microsoft is now rolling out redesigned hardware indicator flyouts that align with Windows 11's design to all Windows Insiders in the Dev Channel. "We have updated the flyout design for the hardware indicators for brightness, volume, camera privacy, camera on/off and airplane mode, to align with Windows 11 design principles," Microsoft's Amanda Langowski and Brandon LeBlanc said.
As you can imagine, some classes of RCE bug are considered much more wormable than others, especially bugs that can be triggered directly via a simple network interaction. HTTP.sys is part of Windows and is available to any program that uses ASP.NET. HTTP.sys works on Windows 7 clients and later.
Windows 10 users and administrators report problems making L2TP VPN connections after installing the recent Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates. These updates include KB5009566 for Windows 11 and KB5009543 for Windows 10 2004, 20H1, and 21H1. After installing yesterday's updates, Windows users find their L2TP VPN connections broken when attempting to connect using the Windows VPN client.
Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022. The bug, tracked as CVE-2022-21907 and patched during this month's Patch Tuesday, was discovered in the HTTP Protocol Stack used as a protocol listener for processing HTTP requests by the Windows Internet Information Services web server.
The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server. Among the publicly known flaws are a "Critical" RCE in curl and "Important" RCE in libarchive open source libraries, which have now been "Fixed" in Windows 10, 11 and Server with the inclusion of the most recent versions of the libraries.
The new update is now available for Windows 10 version 21H2, version 21H1, and version 20H2 As per the official release notes, Microsoft has published two main cumulative updates for Windows 10 - KB5009543 and KB5009545. This month's cumulative updates include security fixes for November 2021 Update, May 2021 Update, October 2020 Update.