Security News

Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues. KB5035942 will toggle new features in the Windows 11 'Moment 5' update for all users by default, including new Windows Copilot skills and plugins, more content on the Windows lock screen, AI-powered Clipchamp and Photos features, intelligent Snap suggestions, new Windows 365 Boot enterprise features, and improved voice access.

Microsoft has released the optional KB5035941 preview cumulative update for Windows 10 22H2, introducing widgets on the lock screen, Windows Spotlight on the desktop, and 21 other fixes or changes. As with all new Windows 10 updates, this is primarily a maintenance release, with most fixes in this update relating to enterprise services, such as Azure, Remote Desktop, and Windows Hello for Business.

ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Infosec in brief If your Windows domain controllers have been crashing since a security...

Microsoft has released emergency out-of-band updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. If you installed previous Windows Server updates, only the new updates in these packages will be downloaded and installed.

Microsoft continues to add new features to the Windows Notepad, today announcing a preview release with built-in spellchecking and an autocorrect feature. Windows Notepad languished without new features for years while more modern text editors, like Notepad2 and Notepad++, were developed and released.

Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. The known issue impacts all domain controller servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates.

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.

North Korea's notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7. Rapid7 isn't sure how the gang distributes its latest attack, but is confident the payload includes poisoned Microsoft Compiled HTML Help files along with ISO, VHD, ZIP and RAR files.

The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. Affected servers are freezing and rebooting because of a Local Security Authority Subsystem Service process memory leak introduced with the March 2024 cumulative updates for Windows Server 2016 and Windows Server 2022.

Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security to provide increased security. 1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor.