Security News

Microsoft has enabled a fix for a Kernel information disclosure vulnerability by default for everyone after previously disabling it out of concerns it could introduce breaking changes to Windows. While it is not believed to have been exploited in the wild, Microsoft initially released the security update with the fix disabled, warning that it could cause breaking changes in the operating system.

Microsoft has released the Windows 11 22H2 KB5029263 cumulative update to fix security vulnerabilities and introduce 27 changes, improvements, and bug fixes. KB5029263 is a mandatory Windows 11 cumulative update containing the August 2023 Patch Tuesday security updates that fix 87 vulnerabilities and two zero-days in various Microsoft products.

Microsoft has released Windows 10 KB5029244 and KB5028168 cumulative updates for versions 22H2, 21H2, and 1809 to fix problems and add new features to the operating system. You can install today's update now by going to Settings, clicking on Windows Update, and selecting 'Check for Updates.

With the introduction of Windows 11 23H2, Microsoft has modernized File Explorer on Windows 11, bringing a fresher look and feel to the system's integral file management tool. Among the new enhancements, the redesigned File Explorer now features a modern home page powered by WinUI, which integrates the Fluent Design System into all controls and styles.

Microsoft has accidentally revealed an internal 'StagingTool' utility that can be used to enable hidden features, or Moments, in Windows 11. As first discovered by Windows sleuth XenoPanther, Microsoft has a utility for enabling hidden development features in Windows 11 called 'StagingTool'.

Microsoft has officially begun killing off Cortana as the company moves its focus towards integrating ChatGPT and AI into Windows 11. [...]

Microsoft is investigating an issue causing Outlook Desktop to unexpectedly ask users to restore windows closed during a previous session. [...]

Microsoft fixed a known issue impacting WSUS servers upgraded to Windows Server 2022, causing them not to push Windows 11 22H2 updates to enterprise endpoints. This issue only affects WSUS servers running Windows Server 2022, specifically, those upgraded from Windows Server 2016 or Windows Server 2019.

A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the "Search-ms:" URI protocol handler, which offers the ability for applications and HTML links to launch custom local searches on a device, and the "Search:" application protocol, a mechanism for calling the desktop search application on Windows. It's worth noting that clicking on the link also generates a warning "Open Windows Explorer?," approving which "The search results of remotely hosted malicious shortcut files are displayed in Windows Explorer disguised as PDFs or other trusted icons, just like local search results," the researchers explained.

Microsoft has released the July 2023 optional cumulative update for Windows 11, version 22H2, with fixes for 27 issues, including ones affecting VPN performance and display or audio devices. [...]