Security News

If you're running Windows, I feel bad for you, son. Microsoft's got 99 problems, better fix each one
Microsoft had one of its largest patch bundles in recent memory, as the Windows giant released fixes for 99 CVE-listed vulnerabilities. These include two elevation of privilege bugs in Windows Installer, a security bypass in Secure Boot, and an information disclosure vulnerability in Edge and IE. Once again, Remote Desktop was cause for alarm as patches for two remote code execution flaws in the client-side of the administration tool will need to be tested and installed when possible.

Malicious software targeting users of Apple Macs has leapt over the last year, the security outfit said in its latest State of Malware report. Describing this as an "Exponential" increase, the firm said that detections of nasties targeted against innocent Apple fanbois were up 400 per cent year-on-year, while adding the caveat that its Mac userbase had also grown a bit.

A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. All supported versions of Microsoft Windows also contain a critical RCE flaw that an attacker with a domain user account can exploit to execute arbitrary code on the targeted system with elevated permissions.

A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. All supported versions of Microsoft Windows also contain a critical RCE flaw that an attacker with a domain user account can exploit to execute arbitrary code on the targeted system with elevated permissions.

A kernel-level Windows driver for old PC motherboards has been abused by criminals to silently disable antivirus protections, and hold files to ransom. When the ransomware infects a computer - either by some other exploit or by tricking a victim into running it - and loads the driver, the operating system and antivirus packages will allow it because the driver appears legit.

A new variant of the notorious Emotet Windows malware is able to spread wirelessly by brute-forcing Wi-Fi network passwords and scanning for shared drives to infect. "Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords."

Specifically, they're updating the Windows kernel in-memory with the Gigabyte driver, according to the research - and the kernel accepts it as a "Patch" thanks to the signed certificate. Once that's loaded, they can then exploit that driver using the known vulnerability in order to load their own, unsigned, malicious driver.

The TrickBot trojan has evolved again to bolster its ability to elude detection, this time adding a feature that can bypass Windows 10 User Account Control to deliver malware across multiple workstations and endpoints on a network, researchers have discovered. Researchers at Morphisec Labs team said they discovered code last March that uses the Windows 10 WSReset UAC Bypass to circumvent user account control and deliver malware in recent samples of TrickBot, according to a report released last week.

They can still upgrade from Windows 7 to Windows 10 for free, but those who continue to use Windows 7 now that support has ended are simply more vulnerable to security risks. In addition to that, the good news is that some browser and many AV manufacturers will continue to offer Windows 7 support.

Proof-of-concept exploits have been released for two recently patched Remote Desktop Gateway vulnerabilities that can be exploited for remote code execution. Remote Desktop Gateway is a Windows Server component previously known as Terminal Services Gateway.