Security News

A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands. Today, we look at the second bug that causes Windows 10 to perform a BSOD crash by merely attempting to open an unusual path.

A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands. Today, we look at the second bug that causes Windows 10 to perform a BSOD crash by merely attempting to open an unusual path.

Microsoft is taking matters into its own hands when it comes to companies that haven't yet updated their systems to address the critical Zerologon flaw. Microsoft Active Directory domain controllers are at the heart of the Zerologon vulnerability.

Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices. This week, security researcher Kirk Sayre found a phishing campaign utilizing the Finger command to download the MineBridge backdoor malware.

Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month. "DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device."

An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command. The researcher told BleepingComputer that the flaw became exploitable starting around Windows 10 build 1803, the Windows 10 April 2018 Update, and continues to work in the latest version.

Now patched, the exploits took advantage of bugs in Windows, Chrome, and older versions of Android though watering hole attacks, says Google. In a series of blog posts published Tuesday, Google revealed that it discovered two malicious servers set to deliver different exploit campaigns through watering hole attacks.

Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms. Working together, researchers from Google Project Zero and the Google Threat Analysis Group uncovered the attacks, which were "Performed by a highly sophisticated actor," Ryan from Project Zero wrote in the first of a six-part blog series on their research.

Microsoft has resolved a known issue that caused the Windows 10 "Reset this PC" feature to fail in some cases, on both client and server platforms. The 'Reset this PC' feature allows Windows 10 customers to reinstall the operating system using either a local recovery image or the latest Windows 10 version available on Microsoft's servers.

Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled. "An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software," Microsoft explains.