Security News

Microsoft has blocked a Trend Micro driver from running on Windows 10 - and Trend has withdrawn downloads of its rootkit detector that uses the driver - after the code appeared to game Redmond's QA tests. We note that while the driver appears in other Trend Micro products, they may not necessarily be using the now-blocked driver, or may have received a suitable hot fix, and thus will continue working on Windows 10 20H1. Trend Micro has ignored our repeated requests for an explanation as to why its software altered its operation specifically while under test, though it insisted "At no time was the Trend Micro team avoiding certification requirements." A spokesperson for Trend was not available for immediate comment on the move to block the driver on Windows 10.

Microsoft has blocked a Trend Micro driver from running on Windows 10 - and Trend has withdrawn downloads of its rootkit detector that uses the driver - after the code appeared to game Redmond's QA tests. We note that while the driver appears in other Trend Micro products, they may not necessarily be using the now-blocked driver, or may have received a suitable hot fix, and thus will continue working on Windows 10 20H1. Trend Micro has ignored our repeated requests for an explanation as to why its software altered its operation specifically while under test, though it insisted "At no time was the Trend Micro team avoiding certification requirements." A spokesperson for Trend was not available for immediate comment on the move to block the driver on Windows 10.

Microsoft has blocked a Trend Micro driver from running on Windows 10 - and Trend has withdrawn downloads of its rootkit detector that uses the driver - after the code appeared to game Redmond's QA tests. We note that while the driver appears in other Trend Micro products, they may not necessarily be using the now-blocked driver, or may have received a suitable hot fix, and thus will continue working on Windows 10 20H1. Trend Micro has ignored our repeated requests for an explanation as to why its software altered its operation specifically while under test, though it insisted "At no time was the Trend Micro team avoiding certification requirements." A spokesperson for Trend was not available for immediate comment on the move to block the driver on Windows 10.

Microsoft is the latest browser vendor to join the encrypted DNS club by supporting DNS over HTTPS in Windows 10. We've explained encrypted DNS before, but briefly, it encrypts DNS queries between your computer and the DNS resolver so those in between can't see which websites or other URLs you're asking for.

Windows 10 users who upgrade to v2004 will finally be able to switch on a longstanding Windows Defender feature that protects users against potentially unwanted applications. PUAs are applications that often cannot be outright classified as malware, but still violate users' security and privacy interests.

Microsoft has announced the first testable version of DNS-Over-HTTPS support, available for its Windows 10 operating system. Support for the DoH protocol, which Microsoft first announced in November, is available in the Windows 10 Insider Preview Build 19628.

Sensitive data is building up on enterprise devices. There has been a 46 percent increase in the number of items of sensitive data - such as Personally Identifiable Information and Protected Health Information - identified on enterprise endpoints, compared to pre-COVID-19.

One of the benefits of DTrace is the ability to use more than one probe, providing the tools you need to understand how events are related, and helping to track down complex bugs that traditional debugging tools can't pinpoint. Microsoft has now ported DTrace to Windows, building on the Open DTrace code and specification, adding specific Windows features with support for Event Tracing for Windows, for Windows system calls, and for Windows Process IDs.

Return-oriented programming has been a very common technique that's particularly hard to block, because instead of trying to inject their own code into running processes, attackers look for small chunks of the legitimate code that's already in memory that contain 'returns' - where the code jumps forward to a new routine or back to the main thread. "With ROP, I can't create new code; I can only jump around to different pieces of code and try to string that together into a payload," Dave Weston, director of OS security at Microsoft told TechRepublic. If the legitimate code has a memory safety bug like a buffer overflow, corrupting those pointers in memory means the system starts running the attacker's own code instead of going back to the address in the program's call stack.

In the case of the critical Windows 10 Server Message Block vulnerability left unpatched in March's otherwise bumper Windows Patch Tuesday update, the answer is two days. That's how long it took Microsoft to change its mind about releasing a fix after news of the remote code execution flaw leaked in now-deleted vendor posts and word spread to customers.