Security News

An update to the Insiders version of Windows 11 includes a massive list of bug fixes, many of them serious, showing the wisdom of holding back on an early upgrade from Windows 10. Windows 11 was released on 5 October but has proved a problematic upgrade due to onerous system requirements and certain user interface decisions, with some features chopped in the Start menu and a confusing new right-click menu in File Explorer.

Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers running supported versions of Windows Server. These issues affect systems running Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. The emergency updates address "a known issue that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self," a Microsoft announcement explained on Sunday.

Microsoft has fixed a long list of issues impacting Windows 11 in a newly released build for Windows Insiders in the Beta and Release Preview Channels. Another printing issue fixed in today's Windows 11 preview build caused 0x000006e4, 0x0000007c, and 0x00000709 error codes when connecting to remote printers shared on Windows print servers.

A partially unpatched security bug in Windows that could allow local privilege escalation from a regular user to System remains unaddressed fully by Microsoft - but an unofficial micropatch from oPatch has hit the scene. "The vulnerability lies in the User Profile Service, specifically in the code responsible for creating a temporary user profile folder in case the user's original profile folder is damaged or locked for some reason," explained 0Patch's Mitja Kolsek in a Thursday writeup.

A free and unofficial patch is now available for a zero-day local privilege escalation vulnerability in the Windows User Profile Service that lets attackers gain SYSTEM privileges under certain conditions. The bad news is that it impacts fully-updated devices running all Windows versions, including Windows 10, Windows 11, and Windows Server 2022.

Microsoft has started rolling out Windows 11's new Microsoft Store to Windows 10, allowing users a greater option of apps for users to install. With Windows 11, Microsoft introduced a redesigned Microsoft Store with a modern design and a more open ecosystem.

The TrickBot gang operators are now abusing the Windows 10 App Installer to deploy their BazarLoader malware on the systems of targets who fall victim to a highly targeted spam campaign. When clicking the button, the browser will first show a warning asking the victim if they want to allow the site to open App Installer.

A Windows security update released in October caused widespread Windows 10 and Windows 11 issues where users experience 0x0000007c errors when adding or printing to network printers. Once again, these fixes caused a wide range of network printing problems, where Windows users started receiving 0x00000709 and 0x0000007c errors when attempting to print.

AMD has fixed a long list of security vulnerabilities found in its graphics driver for Windows 10 devices, allowing attackers to execute arbitrary code and elevate privileges on vulnerable systems. "In a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege, denial of service, information disclosure, KASLR bypass, or arbitrary write to kernel memory," AMD explained.

Microsoft says users might experience authentication issues on Domain Controllers running Windows Server. These authentication issues impact systems running Windows Server 2019 and lower versions with certain Kerberos delegation scenarios.