Security News

Windows 10 KB5041580 update released with 14 fixes, security updates
2024-08-13 17:20

Microsoft has released the KB5041580 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 14 changes and fixes, including BitLocker fixes and important security updates. [...]

Microsoft is killing the Windows Paint 3D app after 8 years
2024-08-12 19:18

Microsoft announced that the Paint 3D graphics app will be discontinued later this year and removed from the Microsoft Store in November. [...]

Microsoft: Windows 11 22H2 reaches end of support in 60 days
2024-08-10 15:27

Microsoft has reminded customers that multiple editions of Windows 11 21H2 and 22H2 will reach the end of servicing in 60 days, on October 8, 2024. [...]

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities
2024-08-08 10:05

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions. The second vulnerability also concerns a case of privilege escalation in Windows systems that support VBS, effectively allowing an adversary to replace current versions of Windows system files with outdated versions.

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days
2024-08-08 09:53

A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process.

Windows Update downgrade attack "unpatches" fully-updated systems
2024-08-07 20:24

SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old...

Bad apps bypass Windows security alerts for six years using newly unveiled trick
2024-08-06 14:41

Elastic Security Labs has lifted the lid on a slew of methods available to attackers who want to run malicious apps without triggering Windows' security warnings, including one in use for six years. The research focused on ways to bypass Windows SmartScreen and Smart App Control, the go-to built-in protections against running potentially nasty software downloaded from the web in Windows 8 and 11 respectively.

Windows Smart App Control, SmartScreen bypass exploited since 2018
2024-08-05 19:50

A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. [...]

Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets
2024-08-05 14:28

Criminals are preying on Windows users yet again, this time in an effort to hit them with a keylogger that can also steal credentials and take screenshots. In an alert this month, Fortinet's FortiGuard Labs warned of an uptick in SnakeKeylogger infections.

Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
2024-08-05 13:02

Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control is a cloud-powered security feature introduced by Microsoft in Windows 11 to block malicious, untrusted, and potentially unwanted apps from being run on the system.