Security News

Since Friday, Windows users have reported problems with the operating system freezing shortly after booting, an issue linked to a faulty update for Avira's security software. A considerable number of Windows 11 and Windows 10 customers have experienced these system freezes, with most linking the issues to Avira.

Microsoft has published a new update for Windows 11 versions 23H2 and 22H2 to fix security vulnerabilities and improve Copilot. Starting with the December patch, you can open Copilot in Windows across multiple displays or where you want Copilot in Windows to appear.

Microsoft has released the KB5033372 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes Copilot for Windows and nineteen other changes to the operating system. KB5033372 is a mandatory Windows 10 cumulative update containing the December 2023 Patch Tuesday security updates.

LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix; device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs.

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack. Researchers at firmware supply chain security platform company Binarly discovered a set of security vulnerabilities that open almost all Windows and Linux computers up to attack.

Microsoft keeps improving and adding more features to the Windows 11 Notepad application, the latest being a built-in character counter. Starting with Notepad version 11.2311.29.0, which is rolling out today to Windows Insiders in the Canary and Dev Channels, Microsoft finally gave in and added a character counter to Notepad's status bar.

Microsoft's Extended Security Updates program doesn't replace all of those options; ESUs just provide the monthly security updates from Windows Update and only cover what Microsoft classifies as critical or important vulnerabilities, which means no fixes for security issues you can mitigate without Microsoft making changes to Windows. What's different this time is that individuals will be able to buy the annual ESU subscription for their Windows 10 PCs. How can I get Extended Security Updates for Windows 10?

Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates, but will have to pay for them. "The ESU program enables PCs to continue to receive critical and important security updates through an annual subscription service after support ends. To be eligible to install updates from the ESU program, devices must be running Windows 10, version 22H2," Microsoft says.

Microsoft on Tuesday warned that full security support for Windows 10 will end on October 14, 2025, but offered a lifeline for customers unable or unwilling to upgrade two years hence. "While we strongly recommend moving to Windows 11, we understand there are circumstances that could prevent you from replacing Windows 10 devices before the EOS date," explained Jason Leznek, a member of Microsoft's Windows Servicing & Delivery team, in an statement.

Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. The upcoming Windows 10 22H2 version is the final Windows release, with all editions to continue to receive monthly security updates until the EOS date.