Security News

A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The spyware exploits two elevation-of-privilege security vulnerabilities in Windows, CVE-2021-31979 and CVE-2021-33771, both of which were addressed in Microsoft's July Patch Tuesday update this week.

Microsoft will continue to release Windows 10 feature updates, such as Windows 10 21H2, through October 2025 to allow businesses and consumers time to switch to Windows 11. As most of the development for new features is going into Windows 11, Microsoft will be releasing limited features for Windows 10 going forward.

Microsoft has warned of yet another vulnerability that's been discovered in its Windows Print Spooler that can allow attackers to elevate privilege to gain full user rights to a system. The company released the advisory late Thursday for the latest bug, a Windows Print Spooler elevation-of-privilege vulnerability tracked as CVE-2021-34481.

Microsoft is sharing mitigation guidance on a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight. Microsoft released an advisory Thursday night for a new CVE-2021-34481 elevation of privilege vulnerability in the Windows Print Spooler that Dragos security researcher Jacob Baines discovered.

Microsoft will continue to release Windows 10 feature updates, such as Windows 10 21H2, through October 2025 to allow businesses and consumers time to switch to Windows 11. As most of the development for new features is going into Windows 11, Microsoft will be releasing limited features for Windows 10 going forward.

71 is now live in the Dev Channel of the Windows Insider program and it comes with visual improvements for the context menu and various right-click menus. As part of the latest update, Microsoft is refreshing the right-click menu within File Explorer and other apps with Fluent Design acrylic effect.

Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. This vulnerability is tracked as CVE-2021-34527 and is a missing permission check in the Windows Print Spooler that allows for installing malicious print drivers to achieve remote code execution or local privilege escalation on vulnerable systems.

Microsoft and Citizen Lab have linked Israeli spyware company Candiru to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities. The investigation into Candiru's attacks started after Citizen Labs shared malware samples found on a victim's systems and led to the discovery of CVE-2021-31979 and CVE-2021-33771, two zero-day vulnerabilities fixed by Microsoft during this month's Patch Tuesday.

Microsoft has reminded Windows Server 2012 and SQL Server 2012 users that the products will reach their extended support end dates during the next two years, urging them to update to avoid security and compliance gaps. Even though Windows Server 2012 has reached its mainstream support end date in September 2018, the end date for extended support was pushed back five years for this exact reason: to allow organizations to migrate to newer, under-support Windows Server versions.

Microsoft has addressed the Windows 10 printing issues caused by changes introduced in the June 2021 cumulative update preview with an update issued during this month's Patch Tuesday. To resolve the printing issues, Microsoft released an emergency fix for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1 on July 9, rolling it out via the Known Issue Rollback feature.