Security News

Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft. The security bug tracked as CVE-2020-17049 and patched by Microsoft during November 2020's Patch Tuesday can be exploited in what the researcher has named as Kerberos Bronze Bit attacks.

Cisco has addressed a new critical severity remote code execution vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September. Cisco released security updates in September to address a critical RCE security vulnerability tracked as CVE-2020-3495 stemming from a Cross-Site Scripting bug in Cisco Jabber.

A new Qbot malware version now activates its persistence mechanism right before infected Windows devices shutdown and it automatically removes any traces when the system restarts or wakes up from sleep. Starting with November 24, when Binary Defense threat researcher James Quinn says that the new Qbot version was spotted, the malware is using a newer and stealthier persistence mechanism that takes advantage of system shutdown and resume messages to toggle persistence on infected devices.

Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout. The vulnerability impacts only Windows server platforms from Windows Server 2012 up to the latest version Windows Server, version 20H2. Microsoft's security advisory says that there is no evidence of active exploitation of this security bug in the wild or of publicly available CVE-2020-16996 exploit code.

Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year. The fixes for December concern a number of remote code execution flaws in Microsoft Exchange, SharePoint, Excel, and Hyper-V virtualization software, as well as a patch for a security feature bypass in Kerberos, and a number of privilege escalation flaws in Windows Backup Engine and Windows Cloud Files Mini Filter Driver.

Adobe Systems has stomped out critical-severity flaws across its Adobe Prelude, Adobe Experience Manager and Adobe Lightroom applications. This month's Adobe patch roundup included a critical cross-site scripting vulnerability in Adobe Experience Manager, the company's content-management solution for building websites, mobile apps and forms.

The first batch of security updates or 'B' updates for the month of 'December 2020' is now available for all supported versions of Windows 10 including version 20H2. If you want to grab these updates, check for updates in the Settings and the update will begin installing. Below is the list of all new updates for Windows 10.

Microsoft Azure CTO Mark Russinovich utilized a monster 420 logical processor virtual machine to play Tetris using the CPU core list in Windows Task Manager. To do this, Russinovich redirected the output of a console Tetris implementation to his 'Task Manager CPU pixel array,' which is likely based on a modified version of TaskManagerBitmap project.

Security bugs found in the PlayStation Now cloud gaming Windows application allowed attackers to execute arbitrary code on Windows devices running vulnerable app versions. PlayStation addressed the bug and tagged the bug report as 'Resolved' one month later, on June 25th, 2020.

Microsoft's digital assistant Cortana was first unveiled with Windows Phones and it is now included in all versions of Windows 10. Cortana is evolving, and it's here to stay, but it's no secret that many users aren't really big fans of Cortana after consumer-centric features were removed in May 2020 Update.