Security News

Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities-which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. Two of the four flaws can be exploited to gain remote code execution on target systems by sending specially crafted chat messages in group conversations or specific individuals.

Microsoft is making it easier for IT admins to configure baseline security settings for Windows 10 business users. The company has introduced a new, 'streamlined' setup experience that allows admins to apply security settings on an organization-wide scale via the Microsoft 365 Admin Center.

Tech Data announced that it has expanded its Cloud Solution Factory offering with the addition of a new Windows Virtual Desktop on Azure Click-to-Run Solution, which increases remote workforce productivity while ensuring data and applications can be securely accessed from any location using any device. "As a leader in cloud and next-generation solution aggregation, Tech Data makes cloud adoption simple by significantly reducing cloud configuration and deployment processes so that our channel partners can serve their customers more effectively and with fewer risks."

Microsoft this week announced that the Transport Layer Security 1.3 protocol is now enabled by default in Windows 10 Insider Preview builds, and that it will be rolled out to all Windows 10 systems. With TLS 1.0 and TLS 1.1 considered insecure, exposing communications to a variety of attacks, including BEAST, CRIME and POODLE, tech companies such as Cloudflare, Google, Microsoft, Mozilla, and others have long been pushing for the retirement of older protocols and the broad adoption of TLS 1.3.

One new security technology we keep hearing about is Extended Detection and Response. This new technology merges multiple prevention and detection technologies on a single platform to better understand threat signals so that you don't need to purchase, integrate, and manage various control and integration technologies.

During those updates, fixes for the two flaws were issued for Windows 10, Windows 7, Windows Server 2008, 2012, 2016, and 2019; as well as Windows Server. "Microsoft is announcing the availability of security update 4578013 for all supported versions of Microsoft 8.1 and Windows Server 2012 R2," according to Microsoft's Wednesday advisory.

Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. A patch for both vulnerabilities was first released on August 11 with the batch of August Patch Tuesday updates, but it was for Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004 systems.

Microsoft this week announced the availability of an out-of-band security update for Windows 8.1 and Windows Server 2012 R2 systems to address two elevation of privilege vulnerabilities in Windows Remote Access. At the time, the company patched these issues in Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004.

The actively exploited Windows spoofing vulnerability patched last week by Microsoft has been known for more than two years, researchers pointed out. Microsoft's August 2020 Patch Tuesday updates addressed 120 vulnerabilities, including an Internet Explorer zero-day that has been chained with a Windows flaw in attacks linked to the threat actor named DarkHotel, and a Windows spoofing issue tracked as CVE-2020-1464.

Windows Defender has caused problems for some Citrix customers after deleting two services incorrectly detected as malware. Windows Defender users who installed the update may have had their Citrix Broker and HighAvailability services on Delivery Controllers and Cloud Connectors deleted after they were erroneously detected as a trojan.