Security News

Windows 10 KB5004296 Cumulative Update released with gaming fixes
2021-07-29 21:30

Microsoft has released the optional KB5004296 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes Windows 10 gaming issues that have been plaguing users since March. Windows users can install this update by going into Settings, clicking on Windows Update, and selecting 'Check for Updates.

Windows 11 closer to release, latest build enters Beta Channel
2021-07-29 17:59

Microsoft today announced that Windows 11 is getting more stable and closer to release, with the latest Insider build being promoted to the Beta Channel. "If you are in the Dev Channel, now would be the right time to consider switching to the Beta Channel if you want to stay on more stabilized builds of Windows 11," the Windows Insider team said.

LockBit ransomware now encrypts Windows domains using group policies
2021-07-27 21:10

A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. After ransomware topics were banned on hacking forums [1, 2], LockBit began promoting the new LockBit 2.0 ransomware-as-a-service operation on their data leak site.

LockBit ransomware automates Windows domain encryption via group policies
2021-07-27 21:10

A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. After ransomware topics were banned on hacking forums [1, 2], LockBit began promoting the new LockBit 2.0 ransomware-as-a-service operation on their data leak site.

New Windows 10 KB5005394 emergency update fixes printing issues
2021-07-27 18:01

Microsoft has released a cumulative out-of-band update to fix a known printing issue preventing some printers and scanners from working correctly. "Noncompliant printers, scanners, and multifunction devices might not work when you use smart card authentication. This issue occurs after you install the July 13, 2021 update on domain controllers in your environment."

Microsoft warns of credential-stealing NTLM relay attacks against Windows domain controllers
2021-07-27 14:09

To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller. Microsoft is sounding an alert about a threat against Windows domain controllers that would allow attackers to capture NTLM credentials and certificates.

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
2021-07-26 22:19

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authentication information.

You, too, can be a Windows domain controller and do whatever you like, with this one weird WONTFIX trick
2021-07-26 20:31

Specifically, security researcher Gilles Lionel found it was possible to use MS-EFSRPC to force a device, including Windows domain controllers, to authenticate with a remote attacker-controlled NTLM relay. "PetitPotam takes advantage of servers," said Microsoft, "Where the Active Directory Certificate Services is not configured with protections for NTLM Relay Attacks."

Windows “PetitPotam” network attack – how to protect against it
2021-07-26 18:10

The hack, which he has dubbed PetitPotam, involves what's known as an NTLM relay attack, which is a form of manipulator-in-the-middle attack against Microsoft's NTLM authentication system. Microsoft has been advising everyone to avoid NTLM, short for NT LAN Manager, for more than a decade, because it doesn't meet modern cryptographic security standards.

Enterprises Warned of New PetitPotam Attack Exposing Windows Domains
2021-07-26 11:14

Enterprises have been warned of a new attack method that can be used by malicious actors to take complete control of a Windows domain. An unauthenticated attacker can use PetitPotam to get a targeted server to connect to their server and perform NTLM authentication.