Security News

Microsoft says Windows domain join processes may fail with "0xaac" errors after applying this month's security updates. The issue stems from hardening changes introduced when addressing the CVE-2022-38042 elevation of privilege vulnerability in the Active Directory Domain Services that would allow attackers to gain domain administrator privileges.

Microsoft is investigating a known issue causing OneDrive and OneDrive for Business crashes on Windows 10 systems where customers have installed updates released earlier this month. "After installing KB5018410 or later updates, OneDrive might unexpectedly close," the company explained in a Windows health dashboard update.

Microsoft has released the optional KB5018482 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. [...]

Cisco says miscreants are exploiting two vulnerabilities in its AnyConnect Secure Mobility Client for Windows, which is supposed to ensure safe VPN access for remote workers. One of the pair of flaws, tracked as CVE-2020-3433, is a privilege-escalation issue: an authenticated, local user can exploit AnyConnect to execute code with SYSTEM-level privileges.

Microsoft appears to have woken up and realized it may have left certain Windows Server and Windows 10 systems exposed to exploitable drivers for years. This month it emerged the list of vulnerable drivers HVCI was supposed to be blocking was wildly out of date on machines running certain pre-Windows 11 operating systems, such as some Windows 10 and Windows Server builds.

Microsoft has addressed a known issue that triggers SSL/TLS handshake failures on client and server platforms with the release of the KB5018496 preview cumulative update. [...]

Microsoft has released the Windows 11 22H2 KB5018496 preview cumulative update with twenty-six fixes or improvements, including the roll-out of a feature allowing you to launch Task Manager by right-clicking on the taskbar. Windows users can install the KB5018496 update by going into Settings, clicking on Windows Update, and selecting 'Check for Updates.

Microsoft says it addressed an issue preventing its vulnerable driver blocklist from being synced to systems running older Windows versions. This blocklist is designed to block threat actors from dropping legitimate but vulnerable drivers on targets' systems in Bring Your Own Vulnerable Driver attacks on HVCI-enabled Windows machines or those running Windows in S Mode.

Microsoft is bringing Azure Active Directory Identity Protection alerts to Microsoft 365 Defender to seemingly help IT folks thwart criminals infiltrating corporate networks via compromised users. For one thing, this means that if you want to find out the role an Azure AD identity played in an intrusion, you can now do so from one place, Microsoft 365 Defender, saving you from having to check your Azure portal, according to Microsoftie Idan Pelleg.

The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol, which enables remote access to event logs. While the former allows "Any domain user to remotely crash the Event Log application of any Windows machine," OverLog causes a DoS by "Filling the hard drive space of any Windows machine on the domain," Dolev Taler said in a report shared with The Hacker News.