Security News

Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. These critical flaws include a heap-based buffer overflow, out-of-bounds write glitch and two use-after free flaws.

Linux went from 1.14% to 1.65% and Ubuntu now holds a market share of 0.51%. The market share of Windows 7 has also dropped, but many users are still actively using outdated Windows 7, which could be due to its huge number of enterprise users. According to NetMarketShare, Windows 7 saw a drop from 22.77% to 20.41% last month.

Google's Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver. Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome.

The Microsoft Tips app has leaked more evidence that Microsoft is working on rounded corners for Windows 10 windows. For some time, Microsoft has been adding rounded corners to dialog boxes in Windows 10 apps such as Photos, Maps, Calculator, and the new Microsoft Edge.

A high-severity Windows driver bug is being exploited in the wild as a zero-day. The security vulnerability was disclosed by Google Project Zero just seven days after it was reported, since cybercriminals are already exploiting it, according to researchers.

Microsoft today reminded customers that some editions of Windows 10, version 1809 will reach its end of service next week. "On November 10, 2020, the Home, Pro, Pro for Workstation, and IoT Core editions of Windows 10, version 1809 will reach end of service," Microsoft explains on the Windows 10 1809 Health Dashboard.

Google researchers have made public a Windows kernel zero day vulnerability that is being exploited in the wild in tandem with a Google Chrome flaw that has been patched on October 20. CVE-2020-17087 is a vulnerability in the Windows Kernel Cryptography Driver, and "Constitutes a locally accessible attack surface that can be exploited for privilege escalation."

Microsoft is investigating a known issue leading to missing system and user certificates after updating certain managed Windows 10 systems using outdated installation media through update management tools, physical media, or ISO images. "System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10," Microsoft explains.

Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild. The elevation of privileges vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver that can be exploited for a sandbox escape.

Open Shell, originally known as Classic Shell, is open-source software that allows you to replace the standard Start Menu on Windows 10 and Windows 8. With Open Shell, you can change the appearance of the Start Menu and replace with the likes of Windows 7.