Security News

Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

Some users running Windows 10 who installed the KB5021233 cumulative update this month are seeing their operating system crash with the Blue Screen of Death, Microsoft is warning. In an entry over the weekend in its Windows Health Dashboard, the company wrote that the update might cause "a mismatch between the file versions of hidparse.sys in c:/windows/system32 and c:/windows/system32/drivers, which might cause signature validation to fail when cleanup occurs."

Microsoft has confirmed that Windows Update won't offer optional updates in December, with the software giant only focusing on security updates due to the holiday season. That means Windows 10 and all supported versions of Windows 11, including Server versions, and even Windows 8, won't get additional updates this month.

Microsoft has confirmed that Windows Update won't offer optional updates in December, with the software giant only focusing on security updates due to the holiday season. That means Windows 10 and all supported versions of Windows 11, including Server versions, and even Windows 8, won't get additional updates this month.

Microsoft says that Windows 10 updates released in late September are causing Windows taskbar flicker issues and app instability. "After installing updates released September 20, 2022 or later, taskbar elements might flicker and cause system instability," Microsoft said in a new issue added to the Windows health dashboard on Friday.

A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers. "Our analysis of the DDoS botnet revealed functionalities specifically designed to target private Minecraft Java servers using crafted packets, most likely as a service sold on forums or darknet sites," explains the new report by Microsoft.

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites.

Microsoft has removed a compatibility hold after fixing lower-than-expected performance or stuttering in some games affecting some Windows 11, version 22H2 systems. Compatibility holds are added by Redmond based on diagnostic data and known issues to block Windows upgrades on affected devices.

Microsoft now has an advisory out that's blaming rogue partners. The problem with certified kernel drivers, of course, is because they have to be signed by Microsoft, and because driver signing is compulsory on Windows, it means that if you can get your kernel driver signed, you don't need hacks or vulnerabilities or exploits to be able to load one as part of a cyberattack.

Ukrainian government entities were hacked in targeted attacks after their networks were first compromised via trojanized ISO files posing as legitimate Windows 10 installers. While analyzing several infected devices on Ukrainian Government networks, Mandiant also spotted scheduled tasks set up in mid-July 2022 and designed to receive commands that would get executed via PowerShell.