Security News

Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 network communication protocol. It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only for some reason, it pulled the plug at the last minute, which apparently did not stop a tech company from accidentally leaking the existence of the unpatched flaw.

Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 network communication protocol. It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only for some reason, it pulled the plug at the last minute, which apparently did not stop a tech company from accidentally leaking the existence of the unpatched flaw.

Microsoft Word RCE A Remote Code Execution vulnerability in Microsoft Word is also covered in today's patch release. "We start with CVE-2020-0684, a Remote Code Execution vulnerability that exists in Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way Windows processes.LNK files. In order to exploit this vulnerability an attacker would need to trick a victim into clicking on a.LNK file to a remote share or a removable drive that contained malware."

Automated tools exist to ensure that your Windows servers stay as secure and trouble-free as the day they were set up. Here is a simple set of management principles that are easy to implement at any budget and skill level to help your IT department take hold of its Windows servers and make sure they are managed efficiently and securely, while being optimized to deliver the best performance possible.

Microsoft has released PowerShell 7, the latest major update to its popular task automation tool and configuration management framework that can be used on various operating systems. PowerShell was initially a Windows component, but was open-sourced in 2016 and made available for Windows, macOS and various Linux distributions.

Morphisec combines the anti-virus protection in the new Microsoft OS with its own defenses against malware.

Almost half of connected hospital devices are still exposed to the wormable BlueKeep Windows flaw nearly a year after it was announced, according to a report released this week. The proportion of Windows devices connected to a network that are vulnerable is far higher, at 45%, it adds.

For the 2020 Webroot Threat Report, researchers analyzed samples from more than 37 billion URLs, 842 million domains, 4 billion IP addresses, 31 million active mobile apps, and 36 billion file behavior records. Surge in malware targeting Windows 7 93.6 percent of malware seen was unique to a single PC - the highest rate ever observed.

Peripheral devices with unsigned firmware can expose Windows and Linux machines to attacks, allowing hackers to install stealthy and persistent malware, steal valuable information, or take control of a computer. Researchers at firmware security company Eclypsium have discovered that many peripheral device manufacturers have not implemented checks to ensure that the firmware running on their products comes from a trusted source.

Microsoft has decided to remove a couple of Windows security updates that address a UEFI issue after some users complained that the updates caused serious problems. Some users reported that their devices became unusable after trying to install the KB4524244 security update for Windows 10.