Security News

Windows 365 exposes Microsoft Azure credentials in plaintext
2021-08-13 18:24

A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. On August 2nd, Microsoft launched their Windows 365 cloud-based desktop service, allowing users to rent Cloud PCs and access them via remote desktop clients or a browser.

Microsoft confirms another Windows Print Spooler bug, offers workaround (CVE-2021-36958)
2021-08-13 09:15

A day after the August 2021 Patch Tuesday, Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability. Microsoft says that CVE-2021-36958 is a remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.

Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities
2021-08-13 01:32

Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems. "Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will continue to see more widespread adoption and incorporation by various adversaries moving forward," Cisco Talos said in a report published Thursday, corroborating an independent analysis from CrowdStrike, which observed instances of Magniber ransomware infections targeting entities in South Korea.

Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities
2021-08-13 01:32

Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems. "Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will continue to see more widespread adoption and incorporation by various adversaries moving forward," Cisco Talos said in a report published Thursday, corroborating an independent analysis from CrowdStrike, which observed instances of Magniber ransomware infections targeting entities in South Korea.

Windows 11 gets new versions of Snipping Tool, Mail, and Calculator
2021-08-12 17:51

Microsoft is rolling out its first Windows 11 app updates with new versions of the Calculator, Mail and Calendar, and the Snipping Tool apps. "In Windows 11, both the classic Snipping Tool and Snip & Sketch apps have been replaced by a new Snipping Tool app that represents the best experiences of both apps in the next evolution of screen capture for Windows," announced Microsoft in a new blog post.

Ransomware gang uses PrintNightmare to breach Windows servers
2021-08-12 09:03

Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads. PrintNightmare is a class of security vulnerabilities impacting the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.

Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability
2021-08-11 23:19

A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. Tracked as CVE-2021-36958, the unpatched flaw is the latest to join a list of bugs collectively known as PrintNightmare that have plagued the printer service and come to light in recent months.

Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability
2021-08-11 23:19

A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," the company said in its out-of-band bulletin, echoing the vulnerability details for CVE-2021-34481.

Microsoft confirms another Windows print spooler zero-day bug
2021-08-11 22:10

Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. This vulnerability is part of a class of bugs known as 'PrintNightmare,' which abuses configuration settings for the Windows print spooler, print drivers, and the Windows Point and Print feature.

Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability
2021-08-10 22:31

Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. Chief among the patched issues is CVE-2021-36948, an elevation of privilege flaw affecting Windows Update Medic Service - a service that enables remediation and protection of Windows Update components - which could be abused to run malicious programs with escalated permissions.