Security News

The KB5035849 cumulative update released during today's Patch Tuesday fails to install on Windows 10 and Windows Server systems with 0xd0000034 errors. According to a wave of reports from administrators and users, KB5035849 will not install when checking online for updates via Windows and Microsoft update servers.

On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but - welcome news! - none of them are currently publicly known or actively exploited. One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.

Microsoft has released the KB5035853 cumulative update for Windows 11 23H3 and 22H2, with 21 fixes and changes, including fixing a bug causing 0x800F0922 errors when installing updates. You can install the update now by going to Start > Settings > Windows Update and clicking on 'Check for Updates.

Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. Windows 10 users can also manually download and install the KB5035845 update from the Microsoft Update Catalog.

Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. "Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 or upgrade to Windows 11 to remain supported."

Microsoft is pushing out a Windows 10 KB5001716 update used to improve Windows Update that is ironically failing to install, showing 0x80070643 errors. Titled 'KB5001716: Update for Windows Update Service components,' this update has been pushed out by Microsoft over the years when new functionality needs to be added to Windows Update.

Microsoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th. The Windows Subsystem for Android allows users to run native Android apps in a virtualized environment with sound, graphics, and network connectivity. Released in October 2021, WSA quickly became a novelty for allowing users to install apps from the Amazon App Store in Windows 11.

The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager authentication hashes to perform account hijacks. NTLM hashes are used in Windows for authentication and session security and can be captured for offline password cracking to obtain the plaintext password.

Starting next month, Microsoft nag screens pushing Windows 11 will also show up on non-managed enterprise devices running Windows 10 Pro and Pro Workstation. After receiving the prompts, the users can upgrade to Windows 11 23H2 or keep using Windows 10.

Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. Sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited zero-day.