Security News

Cisco says miscreants are exploiting two vulnerabilities in its AnyConnect Secure Mobility Client for Windows, which is supposed to ensure safe VPN access for remote workers. One of the pair of flaws, tracked as CVE-2020-3433, is a privilege-escalation issue: an authenticated, local user can exploit AnyConnect to execute code with SYSTEM-level privileges.

Microsoft appears to have woken up and realized it may have left certain Windows Server and Windows 10 systems exposed to exploitable drivers for years. This month it emerged the list of vulnerable drivers HVCI was supposed to be blocking was wildly out of date on machines running certain pre-Windows 11 operating systems, such as some Windows 10 and Windows Server builds.

Microsoft has addressed a known issue that triggers SSL/TLS handshake failures on client and server platforms with the release of the KB5018496 preview cumulative update. [...]

Microsoft has released the Windows 11 22H2 KB5018496 preview cumulative update with twenty-six fixes or improvements, including the roll-out of a feature allowing you to launch Task Manager by right-clicking on the taskbar. Windows users can install the KB5018496 update by going into Settings, clicking on Windows Update, and selecting 'Check for Updates.

Microsoft says it addressed an issue preventing its vulnerable driver blocklist from being synced to systems running older Windows versions. This blocklist is designed to block threat actors from dropping legitimate but vulnerable drivers on targets' systems in Bring Your Own Vulnerable Driver attacks on HVCI-enabled Windows machines or those running Windows in S Mode.

Microsoft is bringing Azure Active Directory Identity Protection alerts to Microsoft 365 Defender to seemingly help IT folks thwart criminals infiltrating corporate networks via compromised users. For one thing, this means that if you want to find out the role an Azure AD identity played in an intrusion, you can now do so from one place, Microsoft 365 Defender, saving you from having to check your Azure portal, according to Microsoftie Idan Pelleg.

The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol, which enables remote access to event logs. While the former allows "Any domain user to remotely crash the Event Log application of any Windows machine," OverLog causes a DoS by "Filling the hard drive space of any Windows machine on the domain," Dolev Taler said in a report shared with The Hacker News.

Google announced today that the Google Chrome web browser will likely drop support for Windows 7 and 8.1 starting February 2023. After support is discontinued for these two Windows versions, the company says Chrome users must ensure that their devices are running at least Windows 10.

Microsoft has fixed a known issue blocking the Windows 11 2022 Update from being offered on systems with printers using Universal Print Class or Microsoft IPP Class drivers because of compatibility issues. In late September, Redmond added a compatibility hold to block Windows 11 22H2 on affected systems because some installed printers might only allow customers to use the default settings with features like color, 2-sided printing, or higher resolutions.

A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware. Some of the malicious sites were discovered by cyber-intelligence firm Cyble, which published a report this week focusing on domains mimicking popular Android app stores like Google Play, APKCombo, and APKPure, as well as download portals for PayPal, VidMate, Snapchat, and TikTok.