Security News

A Windows security update released in January and now fully enforced this month is causing Windows users to experience 0x0000011b errors when printing to network printers. It did add a new Registry key that admins could use to increase the RPC authentication level used for network printing to mitigate the vulnerability.

For added security, Windows 11 will forgo the older MBR partition scheme and use GPT instead. That may require users to convert their older hard drives. Current users of Windows 10 who plan to update their operating systems to Windows 11 when it is released in October 2021 will first have to meet several non-negotiable and stringent prerequisites.

Windows 11 is no longer compatible with the immensely popular Oracle VirtualBox virtualization platform after Microsoft changed its hardware requirement policies for virtual machines. "Microsoft recognizes that the user experience when running the Windows 11 in virtualized environments may vary from the experience when running non-virtualized. So, while Microsoft recommends that all virtualized instances of the Windows 11 follow the same minimum hardware requirements as described in Section 1.2, the Windows 11 does not apply the hardware-compliance check for virtualized instances either during setup or upgrade," explains Microsoft in their Windows 11 minimum hardware requirements document.

Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem for Linux to install unwelcome payloads. On Thursday, Black Lotus Labs, the threat research group at networking biz Lumen Technologies, said it had spotted several malicious Python files compiled in the Linux binary format ELF for Debian Linux.

A number of malicious samples have been created for the Windows Subsystem for Linux with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. "These files acted as loaders running a payload that was either embedded within the sample or retrieved from a remote server and was then injected into a running process using Windows API calls," researchers from Lumen Black Lotus Labs said in a report published on Thursday.

Microsoft on Wednesday disclosed details of a targeting phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. "These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders," Microsoft Threat Intelligence Center said in a technical write-up.

Microsoft today started rolling out Office LTSC for Windows and macOS, the non-subscription Office version for commercial and government customers. Office LTSC 2021 is specifically designed for organizations running regulated devices where feature updates can't be installed for years at a time, for devices without internet connections, as well as specialty systems that require a long-term servicing channel.

Security researchers have discovered malicious Linux binaries created for the Windows Subsystem for Linux, indicating that hackers are trying out new methods to compromise Windows machines. The next step is to inject the malware into a running process using Windows API calls, a technique that is neither new nor sophisticated.

Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates. Many Windows system administrators are now reporting [1, 2] that their computers can no longer print to network printers after installing the PrintNightmare fixes on their print servers.

Microsoft says multiple threat actors, including ransomware affiliates, are targeting the recently patched Windows MSHTML remote code execution security flaw.In the wild exploitation of this vulnerability began on August 18 according to the company, more than two weeks before Microsoft published a security advisory with a partial workaround.