Security News

In a confusing mess, a recent Microsoft Defender update rolled out a new security feature called 'Kernel-mode Hardware-enforced Stack Protection,' while removing the LSA protection feature. A recent Microsoft Defender update has made this feature even more confusing, as after it is installed, the LSA Protection feature is removed and replaced by a new feature called Kernel-mode Hardware-enforced Stack Protection.

Active Directory is at the center of many attacks as it is still the predominant source of identity and access management in the enterprise. Hackers commonly target Active Directory with various attack techniques spanning many attack vectors.

Integrating the Local Administrator Password Solution into Windows and Windows Server that came with updates earlier this week is causing interoperability problems with what's called legacy LAPS, Microsoft says. Redmond touted the LAPS integration in the April 11 KB5025224 and KB5025239 cumulative updates, writing that "Windows LAPS is a huge improvement in virtually every area beyond Legacy LAPS.".

Microsoft is investigating an interoperability bug between the recently added Windows Local Administrator Password Solution feature and legacy LAPS policies. Windows LAPS helps admins manage passwords for local administrator accounts on Azure Active Directory-joined or Windows Server Active Directory-joined devices by automatically rotating and backing them up to AD domain controllers.

Windows 11 is getting a new privacy setting that allows users to control whether applications can detect when actively interacting with the device. The new privacy setting is called 'Presence sensing' and allows you to configure whether applications can use APIs to determine if a user is active or inactive in Windows.

Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing middleware service patched by Microsoft during this month's Patch Tuesday and exposing hundreds of thousands of systems to attacks. MSMQ is available on all Windows operating systems as an optional component that provides apps with network communication capabilities with "Guaranteed message delivery," and it can be enabled via PowerShell or the Control Panel.

Microsoft patched 97 security flaws today for April's Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware. Microsoft, as usual, didn't disclose the extent of attacks against CVE-2023-28252, a privilege elevation bug in the Windows Common Log File System driver, infosec folk say they've spotted attempts to deploy the Nokoyawa ransomware via this security hole.

Microsoft has patched a zero-day vulnerability in the Windows Common Log File System, actively exploited by cybercriminals to escalate privileges and deploy Nokoyawa ransomware payloads. In light of its ongoing exploitation, CISA also added the CVE-2023-28252 Windows zero-day to its catalog of Known Exploited Vulnerabilities today, ordering Federal Civilian Executive Branch agencies to secure their systems against it by May 2nd. Tracked as CVE-2023-28252, this CLFS security flaw was discovered by Genwei Jiang of Mandiant and Quan Jin of DBAPPSecurity's WeBin Lab.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Microsoft has released the Windows 10 KB5025221 and KB5025229 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix problems in the operating system. These updates have been released as part of the mandatory April 2023 Patch Tuesday, which includes security updates for 97 vulnerabilities.