Security News

Microsoft has released this month's optional KB5020030 Preview cumulative update for all editions of Windows 10 20H2, 21H1, 21H2, and 22H2. Today's update comes with ten bug fixes and enhancements, including fixes for persistent Microsoft Store update failures and an issue causing Direct3D 9 to crash when using Microsoft Remote Desktop. The KB5020030 cumulative update preview is part of Microsoft's November 2022 monthly "C" update, and it enables admins to test fixes rolling out to all users with the December 2022 Patch Tuesday.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Microsoft is working on a fix for a new known issue behind lower-than-expected performance or stuttering in some games on systems running Windows 11 22H2. According to Redmond, this performance hit is likely caused by some apps and games inadvertently enabling GPU performance debugging features. "Some games and apps might experience lower than expected performance or stuttering on Windows 11, version 22H2," the company says on the Windows Health dashboard.

Windows 11 will soon let you filter processes in the Task Manager by their name, process ID, or publisher, making it easier to find a running program. As new versions of Windows are released, the Task Manager has increasingly begun to fill up with a long list of running processes.

Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers. According to Bill Demirkapi, an engineer in Microsoft MSRC's Vulnerability and Mitigations team, a bug was fixed that prevented the MoTW flag from propagating to files inside an ISO disk image.

A malware loader deemed in June to be a "Work in progress" is now fully functional and infecting thousands of Windows corporate and home PCs. IceXLoader version 3 was discovered in the summer by Fortinet's FortiGuard Labs, which wrote that the malware's features were incomplete and it appeared to have been ported to the Nim programming language. IceXLoader was originally sold on the dark web for $118 per lifetime license by a group of developers that also sells other commodity malware and claims to have more than 200 clients, FortiGuard wrote.

The Russia-linked APT29 nation-state actor has been found leveraging a "Lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up.

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days.Also separately addressed at the start of the month is an actively exploited flaw in Chromium-based browsers that was plugged by Google as part of an out-of-band update late last month.

Microsoft has reminded customers today that all editions of Windows 10 21H1 are reaching the end of service next month. Windows customers should upgrade to the latest release as soon as possible to avoid exposing their devices to attacks exploiting unpatched security vulnerabilities since Windows 10 21H1 will no longer receive security updates.