Security News

It's the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good news is that none of the vulnerabilities are being actively exploited in the wild, according to Microsoft, though three are listed as publicly known. CVE-2021-26419: A scripting-engine memory corruption vulnerability in Internet Explorer 11 and 9 allowing RCE. CVE-2021-31194: An RCE bug in the Microsoft Windows Object Linking and Embedding Automation.

As part of the May Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows. The cumulative update with security fixes is rolling out to PCs with October 2020 Update and May 2020 Update.

Adobe on Tuesday warned that a gaping security hole in one of the most widely deployed software products has been exploited in the wild in "Limited attacks targeting Adobe Reader users on Windows." Adobe's confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affected Adobe Acrobat and Reader on both Windows and MacOS platforms.

VideoLan has released VLC Media Player 3.0.14 to fix an issue affecting Window users and causing the software's auto-updater not to launch the new version's installer automatically. "VLC users on Windows might encounter issues when trying to auto update VLC from version 3.0.12 and 3.0.13," VideoLan explained.

Researchers at anti-malware vendor Kaspersky are documenting a previously unknown Windows rootkit being used in the toolkit of an APT actor currently targeting diplomatic entities in Asia and Africa. Dubbed Moriya, the rootkit provides the threat actor with the ability to intercept network traffic and hide commands sent to the infected machines, thus allowing the attackers to stay hidden within the compromised networks for months.

Some DDoS attacks are leveraging RDP servers to amplify their effect, and malware like Trickbot is employing scanners to identify vulnerable open RDP ports. RDP needs to be well protected, and direct access should never be provided to an RDP server.

The Windows 10 Notepad will soon include a built-in notification that alerts users when a new version is available. Finally, in March 2021, Microsoft announced with the release of Windows Insider build 21337 that Notepad is becoming an inbox app, which is updateable via the Microsoft Store outside regular Windows 10 updates.

Windows 10's built-in antivirus tool Microsoft Defender uses threat signatures, behavioral detection, and machine learning models to automatically detect and block suspicious files, folders, and processes. Microsoft allows you to exclude files and folders, so they are not scanned by Microsoft Defender.

Microsoft has pulled an AMD driver from Windows Update after numerous people reported that it prevents Windows 10 from starting and displays an "INACCESSIBLE BOOT DEVICE" error. When hardware manufacturers release new drivers for Windows 10, they get added to the Windows Update as an optional driver update that users can install.

To make it easier to listen to Spotify playlists, you can use the Xbox Gamebar and its Spotify widget to control your music playback without ever leaving your game. Before you get started, you will need to download and install the Spotify desktop app or the Windows 10 Spotify app.