Security News

Microsoft is investigating user reports of issues with Remote Desktop on Windows 11 systems after installing the Windows 11 2022 Update. Installing the Windows 11 22H2 feature update will cause Remote Desktop clients not to connect, randomly disconnect, or freeze unexpectedly.

Microsoft says the Windows 11 2022 Update has a new deployment phase as it is now available to all seekers on eligible devices. "We are entering a new phase of the rollout for Windows 11, version 22H2 and we are increasing its availability to all who check for updates on eligible Windows devices," the company says on the Windows Health dashboard.

Microsoft has released the Windows 11 22H2 KB5017389 preview cumulative update with 30 fixes or improvements. This Windows 11 update is part of Microsoft's September 2022 monthly "C" update, allowing users to test upcoming fixes coming in the October 2022 Patch Tuesday.

An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Symantec's latest analysis of attacks between February and September 2022, during which the group targeted the governments of two Middle Eastern countries and the stock exchange of an African nation, highlights the use of a new backdoor called Stegmap.

Microsoft is now blocking the Windows 11 22H2 update from being offered because of compatibility issues affecting Windows devices with printers using Microsoft IPP Class Driver or Universal Print Class Driver. "Windows needs connectivity to the printer to identify all the features of the printer. Without connectivity, the printer is set up with default settings and in some scenarios might not get updated once connectivity to the printer is restored," Microsoft explained.

Security researchers have discovered a malicious campaign by the 'Witchetty' hacking group, which uses steganography to hide a backdoor malware in a Windows logo. The group is also considered part of the TA410 operatives, previously linked to attacks against U.S. energy providers.

Microsoft has finally re-added a link to the Task Manager to the taskbar's contextual menu in the latest Windows 11 Insider preview build. "Based on your feedback, we've added a link to Task Manager when right-clicking on the taskbar," Microsoft's Amanda Langowski and Brandon LeBlanc said.

Quantum Builder lets attackers to create malicious Microsoft Windows LNK shortcuts. Quantum Builder has been linked to the advanced persistent threat gang Lazarus Group, based on shared tactics, techniques, and procedures and overlaps in source code, but they can't with any confidence attribute the current campaign to Lazarus or any particular threat group.

A quickly expanding botnet called Chaos is targeting and infecting Windows and Linux devices to use them for cryptomining and launching DDoS attacks. Even though it mainly propagates by attacking devices unpatched against various security vulnerabilities and SSH brute-forcing, Chaos will also use stolen SSH keys to hijack more devices.

A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through stealing and brute-forcing SSH private keys, as well as launch DDoS attacks," researchers from Lumen's Black Lotus Labs said in a write-up shared with The Hacker News.