Security News

Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML, to compromise Windows/Office users in "a limited number of targeted attacks," Microsoft has warned on Tuesday. CVE-2021-40444 is a set of logical flaws that can be leveraged by remote, unauthenticated attackers to execute code on the target system.

Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," the company said.

Incident responders and blue teams have a new tool called Chainsaw that speeds up searching through Windows event log records to identify threats. Windows event logs are a ledger of the system's activities, comprising details about applications and user logins.

A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale service provider located in the U.S. The attacks, which are believed to have taken place between late June to late July 2021, have been attributed with "Moderate confidence" to a financially motivated threat actor dubbed FIN7, according to researchers from cybersecurity firm Anomali. "The group's goal appears to have been to deliver a variation of a JavaScript backdoor used by FIN7 since at least 2018.".

Windows 11 brings a redesigned user interface and an overhaul to the system sounds, including different sounds for Light Mode and Dark Mode. Unlike all previous versions of Windows, Microsoft also created different versions of the system sounds for Windows 11, depending on whether you are in Light Mode or Dark Mode.

Relying on a simple recipe that has proved successful time and time again, threat actors have deployed a malware campaign recently that used a Windows 11 theme to lure recipients into activating malicious code placed inside Microsoft Word documents. Security researchers believe that the adversary behind the campaign may be the FIN7 cybercrime group, also known as Carbanak and Navigator, that specializes in stealing payment card data.

Microsoft is turning a blind eye to a loophole that allows you to install Windows 11 on incompatible hardware but warns that your device may no longer receive security updates. These system requirements, including a TPM 2.0 processor and newer CPUs, leave many Windows 10 users unable to upgrade to Windows 11 without purchasing new hardware.

Microsoft accidentally broke the Start menu and taskbar on systems of Windows Insiders after pushing a Teams promo to the desktops of users running Windows 11 preview builds. While the company didn't explain the reason behind Dev and Beta Channel Insiders experiencing Start menu and taskbar unresponsive and having issues accessing other OS areas, including Settings, developer Daniel Aleksandersen discovered that a buggy promo deployment caused the problem.

The FIN7 financial cybercrime gang is back, delivering JavaScript backdoors using Word documents themed around the next version of Windows. That's according to researchers at Anomali, who observed a recent campaign from the group that leveraged six different docs, all referencing "Windows 11 Alpha" - the "Insider Preview" version of the upcoming Windows 11 operating system from Microsoft.

Microsoft has released Windows 11 and Windows 10, version 21H2 feature updates for enterprise testing before their general release later this year. "Organizations enrolled in the Windows Insider Program for Business can access these builds through all standard channels, including Windows Update, Windows Server Update Services, Azure Marketplace, and the Windows Insider Program ISO download page," Microsoft said.