Security News

Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software. Roughly a month ago, Google Threat Analysis Group security researcher Neel Mehta discovered that the developers of an unwanted software known as OpenSUpdater started signing their samples with legitimate but intentionally malformed certificates, accepted by Windows but rejected by OpenSSL. By breaking certificate parsing for OpenSSL, the malicious samples would not be detected by some security solutions that use OpenSSL-powered detection rules and allowed to perform their malicious tasks on victims' PCs. "Since mid-August, OpenSUpdater samples have carried an invalid signature, and further investigation showed this was a deliberate attempt to evade detection," Mehta said.

Surface Duo 2 is based on the original Surface Duo, but this new model pushes the boundaries of what a mobile device could be. With Surface Duo 2, Microsoft is introducing a new camera and gaming experience, and editing controls for creators.

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide.In a new report by Amit Serper, Guardicore's AVP of Security Research, the researcher reveals how the incorrect implementation of the Autodiscover protocol, rather than a bug in Microsoft Exchange, is causing Windows credentials to be sent to third-party untrusted websites.

Microsoft has released an updated PC Health Check tool that provides detailed information about whether a device's hardware is compatible with Windows 11. "Based on the feedback so far, we acknowledge that it was not fully prepared to share the level of detail or accuracy you expected from us on why a Windows 10 PC doesn't meet upgrade requirements," explained Microsoft in a blog post.

Microsoft's Patch Tuesday update last week was meant to fix print vulnerabilities in Windows but also broke network printing for many, with some admins disabling security or removing the patch to get it working. Microsoft's fix was in two phases, first to add a registry setting to increase the authorization level for remote access to printers and second, to inform admins that "The release transitions into the enforcement phase on September 14, 2021. Enforcement phase enforces the changes to address CVE-2021-1678 by increasing the authorization level without having to set the registry value." That September date was "Patch Tuesday" last week - though some admins were already having issues with network printing caused by Microsoft's other mitigation efforts.

A Windows security update released in January and now fully enforced this month is causing Windows users to experience 0x0000011b errors when printing to network printers. It did add a new Registry key that admins could use to increase the RPC authentication level used for network printing to mitigate the vulnerability.

For added security, Windows 11 will forgo the older MBR partition scheme and use GPT instead. That may require users to convert their older hard drives. Current users of Windows 10 who plan to update their operating systems to Windows 11 when it is released in October 2021 will first have to meet several non-negotiable and stringent prerequisites.

Windows 11 is no longer compatible with the immensely popular Oracle VirtualBox virtualization platform after Microsoft changed its hardware requirement policies for virtual machines. "Microsoft recognizes that the user experience when running the Windows 11 in virtualized environments may vary from the experience when running non-virtualized. So, while Microsoft recommends that all virtualized instances of the Windows 11 follow the same minimum hardware requirements as described in Section 1.2, the Windows 11 does not apply the hardware-compliance check for virtualized instances either during setup or upgrade," explains Microsoft in their Windows 11 minimum hardware requirements document.

Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem for Linux to install unwelcome payloads. On Thursday, Black Lotus Labs, the threat research group at networking biz Lumen Technologies, said it had spotted several malicious Python files compiled in the Linux binary format ELF for Debian Linux.

A number of malicious samples have been created for the Windows Subsystem for Linux with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. "These files acted as loaders running a payload that was either embedded within the sample or retrieved from a remote server and was then injected into a running process using Windows API calls," researchers from Lumen Black Lotus Labs said in a report published on Thursday.