Security News

Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities. Criminals and snoops can abuse the remote code execution bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware.

Microsoft has released the Windows 11 KB5014697 cumulative update with security updates, improvements, and the new Spotlight for Desktop feature that automatically changes your desktop background. Windows 11 users can install today's update by going to Start > Settings > Windows Update and clicking on 'Check for Updates.

Microsoft has released Windows 10 KB5014699 and KB5014692 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolve bugs. Like every Patch Tuesday, this Windows 10 cumulative update is mandatory and can be installed by going to Settings, clicking on Windows Update, and selecting 'Check for Updates.

Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. "Microsoft recommends installing the updates as soon as possible," the company further urged customers in a post on the Microsoft Security Response Center.

Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. "Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based messenger instances," Daniel Bunce and Doel Santos, security researchers from Palo Alto Networks Unit 42, said in a new write-up.

Microsoft is finally rolling out the new File Explorer tabbed interface with the release of Windows 11 Insider Preview Build 25136 to the Dev Channel. "To help you work across multiple locations at the same time, the title bar of File Explorer now has tabs. We'd love your feedback on which tabs features you'd like to see next," the Windows Insider team said.

Microsoft has announced that the Windows 11 Notepad and Media Player applications are getting new updates for Windows Insiders. Microsoft started rolling out the new and completely redesigned Notepad for Windows 11 to all Windows Insiders in the Dev Channel in December.

Microsoft has announced a new feature for Microsoft Defender for Endpoint to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.There's a catch: the new MDE capability works only with onboarded devices running Windows 10 and later or Windows Server 2019 and later.

Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach. Threat Insight, part of cybersecurity vendor Proofpoint, noted on Twitter this week that miscreants have been seen exploiting the Follina flaw, tracked as CVE-2022-30190, in the Windows Support Diagnostic Tool to deliver Qbot, also known as QakBot, QuakBot and Pinkslipbot, onto victims' computers.

An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool, even as the Follina flaw continues to be exploited in the wild. The issue - referenced as DogWalk - relates to a path traversal flaw that can be exploited to stash a malicious executable file to the Windows Startup folder when a potential target opens a specially crafted ".