Security News

A sad-faced Microsoft engineer has had to reset the "Days since we last shot ourselves in the foot" counter at the company's HQ after a security update broke Microsoft Defender for Endpoint on Windows Server Core. The latter included the LTSC editions of Windows 10 as Microsoft pointed out, only devices with a Windows Server Core installation were affected.

Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems. The enterprise endpoint security platform might fail to start or run on devices with a Windows Server Core installation.

Microsoft has released the optional KB5007253 Preview cumulative update for Windows 10 2004, Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. Microsoft claims this update fixes network printing issues causing 0x000006e4, 0x0000007c, or 0x00000709 error codes to be displayed. The KB5007253 cumulative update preview is part of Microsoft's September 2021 monthly "C" update, allowing admins to test fixes coming as part of the December 2021 Patch Tuesday.

A new stealthy JavaScript loader named RATDispenser is being used to infect devices with a variety of remote access trojans in phishing attacks. Once launched, the loader will write a VBScript file to the %TEMP% folder, which is then executed to download the malware payload. These layers of obfuscation help the malware evade detection 89% of the time, based on VirusTotal scan results.

Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer elevation-of-privilege vulnerability tracked as CVE-2021-41379 that Microsoft patched a couple of weeks ago as part of its November Patch Tuesday updates.

A local elevation of privilege vulnerability in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day Initiative, has analyzed the patch for CVE-2021-41379 and found that the bug was "Not fixed correctly."

Malware creators have already started testing a proof-of-concept exploit targeting a new Microsoft Windows Installer zero-day publicly disclosed by security researcher Abdelhamid Naceri over the weekend. On Sunday, Naceri published a working proof-of-concept exploit for this new zero-day, saying it works on all supported versions of Windows.

The day has a 'y' in it, so it must be time for another zero day to drop for a Microsoft product. To be clear, one does need to be logged into a Windows box to elevate one's privileges, and it looks like Edge also needs to be installed - which is hard to avoid in most modern Windows installations these days.

Microsoft has released the optional KB5007262 Preview cumulative update for Windows 11 with 70 fixes or improvements. This Windows 11 cumulative update is part of Microsoft's November 2021 monthly "C" update, allowing users to test the upcoming updates and fixes in the December 2021 Patch Tuesday.

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.