Security News

Microsoft reminded customers that all editions of Windows 10, version 21H1, would reach the end of servicing on December 13, 2022. Microsoft said in an update to the Windows health dashboard that systems running Windows 10 21H1 will no longer receive security updates.

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs,...

Microsoft announced today that IT admins can now configure any Windows system still receiving security updates to automatically block brute force attacks targeting local administrator accounts via a group policy. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," he tweeted on July 21st. "This technique is very commonly used in Human Operated Ransomware and other attacks - this control will make brute forcing much harder which is awesome!".

October 2022 Patch Tuesday is here, with fixes for 85 CVE-numbered vulnerabilities, including CVE-2022-41033, a vulnerability in Windows COM+ Event System Service that has been found being exploited in the wild.CVE-2022-41033 is an elevation of privilege vulnerability in the Windows COM+ Event System Service, which automatically distributs events to Component Object Model components.

Microsoft has released the Windows 11 22H2 KB5018427 cumulative update with security updates and thirty improvements and bug fixes. KB5018427 is a mandatory cumulative update containing the October 2022 Patch Tuesday security updates for vulnerabilities discovered in previous months.

Microsoft has released the Windows 10 KB5018410 and KB5018419 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolve twenty bugs and performance issues. This update is not available for Windows 10 1909 or Windows 10 2004.

Microsoft is now blocking the Windows 11 22H2 update from being offered on some systems because signing in using Windows Hello might not work after upgrading. As the company explains, customers will experience problems signing in via Windows Hello after installing the Windows 11 2022 Update only on devices that also use Enhanced Sign-in Security.

Microsoft has confirmed a new known issue causing customers to experience a significant performance hit when copying large files over SMB after installing the Windows 11 22H2 update. "There is a performance reduction in 22H2 when copying larger files from a remote computer down to a Windows 11 computer or when copying files on a local drive," explained Ned Pyle, Principal Program Manager in the Windows Server engineering group.

In yet another case of bring your own vulnerable driver attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch said in a new technical write-up.

Microsoft says the Windows 11 2022 Update is breaking provisioning, leaving Windows 11 enterprise endpoints partially configured and failing to finish installing. "Using provisioning packages on Windows 11, version 22H2 might not work as expected," Redmond explained.