Security News

Today's Windows 11 update includes several security improvements, including a new passkeys management dashboard designed to help users go passwordless more easily and tools to reduce the attack surface. The passkeys management dashboard was first introduced in June with the Windows 11 Preview Build 23486 release pushed to Insiders in the Dev Channel.

Microsoft will start rolling out its Copilot digital assistant to all customers next week, on September 26th, together with a host of new AI-powered capabilities as part of a new Windows 11 22H2...

Microsoft has released Windows Subsystem for Linux 2.0.0 with a set of new opt-in experimental features, including a new network mode and automated memory and disk size cleanup. This WSL update introduces "Mirrored mode networking," a new networking mode that not only brings new capabilities but also enhances network compatibility.

Three high-severity Kubernetes vulnerabilities could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. "The Kubernetes framework uses YAML files for basically everything - from configuring the Container Network Interface to pod management and even secret handling," Peled explained.

Bing Chat, the famous ChatGPT-powered chatbot that allows users to converse with various personalities and topics has connectivity issues worldwide. BleepingComputer can confirm Bing Chat is not working in Asia and United States.

Microsoft has added text recognition support to the latest Snipping Tool build, allowing users to select and copy text from screenshots. Named Text Actions, the feature is available starting with Snipping Tool version 11.2308.33.0, as Dave Grochocki, Principal Product Manager Lead for Windows Inbox Apps, explained.

Proof-of-concept exploit code has been published for a Windows Themes vulnerability tracked as CVE-2023-38146 that allows remote attackers to execute code. The exploit code was released by Gabe Kirkpatrick, one of the researchers who reported the vulnerability to Microsoft on May 15 and received $5,000 for the bug.

A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges.Tracked as CVE-2023-27470, the issue relates to a Time-of-Check to Time-of-Use race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows system.

Microsoft added a new security feature to Windows 11 that lets admins block NTLM over SMB to prevent pass-the-hash, NTLM relay, or password-cracking attacks. This will modify the legacy approach where Kerberos and NTLM authentication negotiations with destination servers would be powered by Windows SPNEGO. When connecting to a remote SMB share, Windows will try to negotiate authentication with the remote computer by performing an NTLM challenge response.

Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes.