Security News

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. "If you take a screenshot of your bank statement, save it to your desktop, and crop out your account number before saving it to the same location, the cropped image could still contain your account number in a hidden format that could be recovered by someone who has access to the complete image file," Microsoft explains.

Microsoft released an emergency security update for the Windows 10 and Windows 11 Snipping tool to fix the Acropalypse privacy vulnerability. With this bug, both the Google Pixel's Markup Tool and the Windows Snipping Tool were found to be leaving the cropped data within the original file.

On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting Windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software. The highlight of the day was the Ubuntu Desktop operating system getting hacked three times by three different teams, although one of them was a collision with the exploit being previously known.

Microsoft announced that the new Windows 11 build rolling out to Insiders in the Canary channel comes with increased protection against phishing attacks and support for SHA-3 cryptographic hash functions. Enhanced Phishing Protection is a Defender SmartScreen feature introduced with the release of Windows 11 22H2 in September 2022 and is designed to protect user credentials against phishing attacks.

Microsoft is testing an updated version of the Windows 11 Snipping Tool that fixes a recently disclosed 'Acropalypse' privacy flaw that allows the partial restoration of cropped images. As first spotted by Windows enthusiast Xeno, Microsoft released Windows 11 Snipping Tool version 11.2302.20.0 yesterday to Windows Insiders in the Canary channel via the Microsoft Store.

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. The STAR Labs team demoed a zero-day exploit chain targeting Microsoft's SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

The new, smaller, image file would be written over the start of the old one, but the file size would remain the same and the now-redundant data at the end of the original file would stay where it was. If you sent that file to someone else and they opened it with a conventional image viewing or editing tool, their software would read the file until it reached a data chunk that said, "That's it; you can stop now and ignore any trailing data in the file."

Microsoft has released a new Windows 11 preview build that adds a new dedicated USB4 settings page and support for displaying seconds in the system tray clock. "We are adding a USB4 hubs and devices Settings page for users under Settings > Bluetooth & devices > USB > USB4 Hubs and Devices," said Microsoft's Amanda Langowski and Brandon LeBlanc.

Microsoft has released the optional KB5023773 Preview cumulative update for Windows 10 20H2, Windows 10 21H2, and Windows 10 22H2, with ten fixes for various issues. The KB5023773 cumulative update preview is part of Microsoft's March 2023 monthly "C" update, allowing admins to test upcoming fixes released in the April 2023 Patch Tuesday.

Microsoft says the KB5007651 Microsoft Defender Antivirus update triggers Windows Security warnings on Windows 11 systems saying that Local Security Authority Protection is off. LSA Protection is a security feature that defends sensitive information like credentials from theft by blocking untrusted LSA code injection and process memory dumping.