Security News

The idea of a BitB attack is to create what looks like a popup browser window that was generated securely by the browser itself, but that is actually nothing more than a web page that was rendered in an existing browser window. You'd have to admit that the resulting visual content looks exactly like a standalone browser window, even though it's actually a web page inside another browser window.

Microsoft released a new Windows Terminal version today that adds a long-awaited feature, making it possible to create and use custom themes. For now, users can only create themes by editing the Windows Terminal global JSON settings file to alter the background color of tabs and tab rows and choose between light and dark terminal window themes.

September 2022 Patch Tuesday is here, with fixes for 64 CVE-numbered vulnerabilities in various Microsoft products, including one zero-day exploited by attackers. CVE-2022-37969 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, and an attacker must already have access and the ability to run code on the target system before trying to trigger it.

Microsoft has released the Windows 11 KB5017328 cumulative update with security updates and improvements, including USB printing and Bluetooth headsets fixes. KB5017328 is a mandatory cumulative update containing the September 2022 Patch Tuesday security updates for vulnerabilities discovered in previous months.

Microsoft has released the Windows 10 KB5017308 and KB5017315 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolves twenty bugs and performance issues. This update is not available for Windows 10 1909 or Windows 10 2004.

Windows 11 version 22H2 aka Sun Valley 2 is set to launch later this month. Unlike the original Windows 11 release, it won't be a massive update with radical design changes.

"This issue only affects devices after adding a Microsoft account. It does not affect Active Directory domain users accounts or Azure Active Directory accounts." Microsoft says it addressed this issue via Known Issue Rollback, a Windows capability designed to revert buggy Windows non-security fixes pushed through Windows Update.

Microsoft says an Iranian state-sponsored threat group it tracks as DEV-0270 has been abusing the BitLocker Windows feature in attacks to encrypt victims' systems. This aligns with Microsoft's findings that DEV-0270 uses BitLocker, a data protection feature that provides full volume encryption on devices running Windows 10, Windows 11, or Windows Server 2016 and above.

Microsoft says the latest Windows 11 preview build has improved the Accounts Settings page to provide Xbox subscription management capabilities. The new 'Your Microsoft account' settings page within Windows 11's Settings was rolled out by the Windows Insider team starting in October 2021.

Chile's national computer security and incident response team has announced that a ransomware attack has impacted operations and online services of a government agency in the country. The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.