Security News

Microsoft today warned that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol. Zerologon is a critical flaw that enables attackers to elevate privileges to a domain admin, thus allowing them to take full control over the entire domain, to change any user's password, and to execute any arbitrary command.

Microsoft has released the KB4580364 non-security update that fixes bugs causing responsiveness issues on affected Windows 10 2004 devices. Windows 10 users who install the KB4580364 release preview update might experience issues with input, might not be able to enter text, or receive unexpected results if using the Microsoft Input Method Editor for Japanese or Chinese languages.

More than 100,000 Windows systems have not yet been updated to protect against a previously-patched, critical and wormable flaw in Windows called SMBGhost. Microsoft patched the remote code-execution flaw bug tracked as CVE-2020-0796 back in March; it affects Windows 10 and Windows Server 2019, and ranks 10 out of 10 on the CVSS scale.

The Microsoft Defender Advanced Threat Protection endpoint security platform now provides users with a new report designed to help them keep track of vulnerable Windows and macOS devices within their organization's environment. The vulnerable devices report displays graphs with statistics and details on currently vulnerable device trends with the end goal of making it easier for IT administrators to grasp the scope and breadth of device exposure within the organization.

Microsoft has released the KB4577586 update to remove Adobe Flash from Windows and prevents it from being installed again. In September 2020, Microsoft announced that an optional update would be released in the fall to uninstall Adobe Flash Player and prevent it from being installed again on the same device.

Mozilla today started rolling out Firefox 82.0.1, a new version that fixes a known bug where the Windows installer displays unnecessary reboot prompts on some systems after it finishes the installation. "This would affect anyone running a full installer[.], provided they have at least one other Firefox installation in a directory other than the one that they just installed into," Mozilla engineer Molly Howell explained on the company's bug tracker.

Microsoft is currently throttling Windows 10, version 20H2 availability to provide all users who want to upgrade with a positive experience while downloading and upgrading the OS. After Windows 10 20H2 was released on October 20, it immediately started rolling out to users who manually check for updates via Windows Update on devices running Windows 10 1903 or later. According to Microsoft's 20H2 feature update support page, customers need to have the Windows 10 2004 Servicing Stack Update and KB4579311 or later installed before upgrading.

With the release of Windows 10 20H2, Microsoft is now preventing access to the venerable SYSTEM control panel and is instead redirecting users to the newly updated 'About' settings page. The SYSTEM control panel was first introduced in Windows NT 3.51 and Windows 95 and provides information about the installed version of Windows, the bit-type of the operating system, the computer name, workgroup, CPU, and memory.

During a Windows Insider webcast, Microsoft teased its vision for a new Windows 10 Start Menu that features partially transparent theme-aware tiles to showcase the new Fluent-based colorful icons. Starting with Windows 10 version 20H2, which is now rolling out to seekers, Start Menu finally uses the theme-aware tiles.

Microsoft is investigating errors and issues affecting Windows 10 devices with certain versions of Conexant or Synaptics audio device drivers, Microsoft IME, and third-party drivers. Microsoft is currently rolling out Windows 10 20H2 to all seekers who check for updates via Settings on devices running Windows 10 1903 or later.