Security News

Microsoft has released the February 2023 optional cumulative updates for all editions of Windows 11 22H2 and all supported Windows 10 versions. The KB5022905 Windows 11 non-security release comes with 13 bug fixes and enhancements, including an advanced auto-learning feature for facial recognition and fixing an IE mode issue where the text on the status bar is not always visible.

VMware has released a vSphere ESXi update that addresses a known issue causing some Windows Server 2022 virtual machines to no longer boot after installing this month's KB5022842 update. Microsoft first acknowledged the issue on Thursday when the company said it only impacts VMs with Secure Boot enabled and running on vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x. Although Redmond says that only VMware ESXi VMs are affected, some Windows admin reports hint at other hypervisor platforms being impacted by similar boot problems after deploying this month's updates.

Microsoft will soon add a new way to end unresponsive processes in Windows 11 in the form of a new option that will show up when right-clicking an app's taskbar icon. The new functionality is currently in development as a hidden feature of Windows 11 build 25300 in the Windows Insider developer channel.

Microsoft is sorting through two issues with Windows Server 2022 that affect VMware virtual machines and updates not getting passed on to Windows 11 devices. Both problems are related to the KB5022842 security update to Windows Server 2022 rolled out February 14 and will spread their share of headaches to users.

The U.S. Cybersecurity and Infrastructure Security Agency has added four security vulnerabilities exploited in attacks as zero-day to its list of bugs known to be abused in the wild.According to a November 2021 binding operational directive, all Federal Civilian Executive Branch Agencies agencies are required to secure their systems against security bugs added to CISA's catalog of Known Exploited Vulnerabilities.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. "The attack itself is carried out locally by a user with authentication to the targeted system," Microsoft said in advisory for CVE-2023-21715.

The APT37 threat group uses a new evasive 'M2RAT' malware and steganography to target individuals for intelligence collection. The threat actors targeted EU-based organizations with a new version of their mobile backdoor named 'Dolphin,' deployed a custom RAT called 'Konni,' and targeted U.S. journalists with a highly-customizable malware named 'Goldbackdoor.

Microsoft says that some WSUS servers upgraded to Windows Server 2022 might fail to push Windows 11, version 22H2 updates released during this month's Patch Tuesday to endpoints across enterprise environments. This known issue only affects WSUS servers upgraded from Windows Server 2016 or Windows Server 2019.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.