Security News

A cybersecurity firm has issued another unofficial patch to squash a bug in Windows that Microsoft has yet to fix, with this hole being actively exploited to spread ransomware. Specifically, an attacker could prevent Windows from putting the MotW flag on files extracted from a ZIP archive obtained from an untrusted source.

Mozilla has fixed a known issue causing the Firefox web browser to freeze when copying text on Windows 11 devices where the Suggested Actions clipboard feature is enabled. The issue impacts Firefox users running Microsoft's latest OS release, Windows 11, version 22H2, where this new feature is enabled by default.

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a JavaScript file to proliferate the file-encrypting malware.

A free unofficial patch has been released for an actively exploited zero-day that allows files signed with malformed signatures to bypass Mark-of-the-Web security warnings in Windows 10 and Windows 11. What made these Magniber JavaScript files stand out was that even though they contained a Mark-of-a-Web, Windows did not display any security warnings when they were launched.

Raspberry Robin, a worm that spreads through Windows systems via USB drives, has rapidly evolved: now backdoor access is being sold or offered to infected machines so that ransomware, among other code, can be installed by cybercriminals. In a report on Thursday, Microsoft's Security Threat Intelligence unit said Raspberry Robin is now "Part of a complex and interconnected malware ecosystem" with links to other families of malicious code and ties to ransomware infections.

Microsoft says Windows domain join processes may fail with "0xaac" errors after applying this month's security updates. The issue stems from hardening changes introduced when addressing the CVE-2022-38042 elevation of privilege vulnerability in the Active Directory Domain Services that would allow attackers to gain domain administrator privileges.

Microsoft is investigating a known issue causing OneDrive and OneDrive for Business crashes on Windows 10 systems where customers have installed updates released earlier this month. "After installing KB5018410 or later updates, OneDrive might unexpectedly close," the company explained in a Windows health dashboard update.

Microsoft has released the optional KB5018482 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. [...]

Cisco says miscreants are exploiting two vulnerabilities in its AnyConnect Secure Mobility Client for Windows, which is supposed to ensure safe VPN access for remote workers. One of the pair of flaws, tracked as CVE-2020-3433, is a privilege-escalation issue: an authenticated, local user can exploit AnyConnect to execute code with SYSTEM-level privileges.

Microsoft appears to have woken up and realized it may have left certain Windows Server and Windows 10 systems exposed to exploitable drivers for years. This month it emerged the list of vulnerable drivers HVCI was supposed to be blocking was wildly out of date on machines running certain pre-Windows 11 operating systems, such as some Windows 10 and Windows Server builds.