Security News

Microsoft is relaxing its app store policies for Windows and the redesigned marketplace will meet the needs of customers and developers across a variety of app experiences. With Windows 11, Microsoft has opened up its store to developers using different types of frameworks, packaging technologies, and commerce platforms.

Commercially developed FinFisher malware now can infect Windows devices using a UEFI bootkit that it injects in the Windows Boot Manager. "During our research, we found a UEFI bootkit that was loading FinSpy. All machines infected with the UEFI bootkit had the Windows Boot Manager replaced with a malicious one," Kasperksy researchers revealed today.

A new script allows you to install Windows 11 on devices with incompatible hardware, such as missing TPM 2.0, incompatible CPUs, or the lack of Secure Boot. When Windows 11 was first announced, Microsoft released the operating system's new system requirements, which included a TPM 2.0 security processor, Secure Boot, newer CPUs, and at least 64 GB of hard drive space.

Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services servers. The malware, dubbed by Microsoft Threat Intelligence Center researchers FoggyWeb, is a "Passive and highly targeted" backdoor that abuses the Security Assertion Markup Language token.

In addition to these design overhauls, Windows 11 also comes with a new File Explorer and Settings app. File Explorer is getting a new header menu, modern context menu and minor improvements.

Microsoft has released an emergency fix for freezing and crashing app issues caused by September's KB5005565 and KB5005101 cumulative updates. With the release of the Windows 10 KB5005101 preview update and the KB5005565 cumulative update, Microsoft states that users may have experienced app freezes, app crashes, and the inability to launch an application.

Security researchers have found a flaw in the Microsoft Windows Platform Binary Table that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012. WPBT is a fixed firmware ACPI table introduced by Microsoft starting with Windows 8 to allow vendors to execute programs every time a device boots.

Cybersecurity researchers have disclosed a novel technique adopted by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads. "Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code - which is used in a number of security scanning products," Google Threat Analysis Group's Neel Mehta said in a write-up published on Thursday.

Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers from Eclypsium said in a report published on Monday.

An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in plain text that are being transferred over the wire," Guardicore's Amit Serper said in a technical report.