Security News
A new malware tool that enables cybercriminal actors to build malicious Windows shortcut files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "Multiple payloads per.LNK" file.
Microsoft has accidentally leaked that Windows 10 22H2 is on its way by including an enablement package in the latest Windows 10 KB5014666 preview update available to Insiders on the Release channel. Today, Microsoft has released the Windows 10 KB5014666 cumulative update preview to Windows Insiders on the Release channel, allowing them to test upcoming fixes before they are previewed by the larger Windows 10 user base next week.
Redmond published three cumulative updates as part of its scheduled June 2022 monthly "C" updates to allow customers to test upcoming fixes: KB5014668, KB5014665, and KB5014669. As the company revealed on Thursday in updates to known issue entries in the Windows health dashboard [1, 2, 3], the updates also address connectivity issues when using Wi-Fi hotspots after installing Windows updates released as part of the June 2022 Patch Tuesday.
Microsoft has released the optional KB5014668 cumulative update previews for Windows 11 with fixes for issues leading to game crashes and failed upgrades to the latest Windows version. This cumulative update is part of Microsoft's scheduled June 2022 monthly "C" updates that enables Windows customers to test upcoming fixes before they're released for all users on July 12th as part of the next Patch Tuesday.
LNKs are Windows shortcut files that can contain malicious code to abuse legitimate tools on the system, the so-called living-off-the-land binaries, such as PowerShell or the MSHTA that is used to execute Microsoft HTML Application files. Researchers at Cyble have spotted a new tool for creating malicious LNKs called Quantum, which features a graphical interface and offers convenient file building through a rich set of options and parameters.
The National Security Agency and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines. "Blocking PowerShell hinders defensive capabilities that current versions of PowerShell can provide, and prevents components of the Windows operating system from running properly. Recent versions of PowerShell with improved capabilities and options can assist defenders in countering abuse of PowerShell".
Microsoft says support for Windows Subsystem for Linux distros can now be added to any machine running Windows Server 2022 by installing this month's Patch Tuesday updates. "You can now use Windows Subsystem for Linux 2 type distros on Windows Server 2022," Loewen said.
Microsoft says support for Windows Subsystem for Linux distros can now be added to any machine running Windows Server 2022 by installing this month's Patch Tuesday updates. "You can now use Windows Subsystem for Linux 2 type distros on Windows Server 2022," Loewen said.
7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files. When you attempt to open a downloaded file, Windows will check if a MoTW exists and, if so, display additional warnings to the user, asking if they are sure they wish to run the file.
A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System: Namespace Management Protocol to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay ? Don't worry MS-DFSNM have your back," security researcher Filip Dragovic said in a tweet.