Security News

It's Microsoft's February 2023 Patch Tuesday, and the new Windows 10 KB5022834 and KB5022840 cumulative updates are now available for versions 22H2, version 21H2, version 21H1, and 1809 to fix problems in the operating system. These updates are mandatory as they contain security updates fixed as part of Microsoft's Patch Tuesday.

Microsoft says Windows 10, version 20H2 for enterprise and education users will reach the end of service in three months, on May 9, 2023. After the EOS date is reached, Windows 10 20H2 devices running Enterprise and Education editions will no longer receive monthly quality or security updates containing bug fixes and patches to protect them from recently discovered security threats.

Windows 10 users are reportedly being blocked from accessing their desktops by full-screen trial offers for the Microsoft 365 productivity suite. They are displayed during the Windows Out of Box Experience before loading the Windows desktop.

Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. It appears Microsoft pulled the switch a day early, as going to both the Windows 10 Home and Windows 10 Pro product pages now redirects users to the Windows 11 product page.

Microsoft has released the optional KB5019275 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2, with fourteen fixes and improvements. The KB5019275 cumulative update preview is part of Microsoft's January 2023 monthly "C" update, allowing admins to test upcoming fixes released in the February 2023 Patch Tuesday.

Microsoft has published the Windows 10 KB5022282 and KB5022286 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix security vulnerabilities and resolve known bugs. This update is not available for Windows 10 1909 or Windows 10 2004.

Some users running Windows 10 who installed the KB5021233 cumulative update this month are seeing their operating system crash with the Blue Screen of Death, Microsoft is warning. In an entry over the weekend in its Windows Health Dashboard, the company wrote that the update might cause "a mismatch between the file versions of hidparse.sys in c:/windows/system32 and c:/windows/system32/drivers, which might cause signature validation to fail when cleanup occurs."

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites.

Ukrainian government entities were hacked in targeted attacks after their networks were first compromised via trojanized ISO files posing as legitimate Windows 10 installers. While analyzing several infected devices on Ukrainian Government networks, Mandiant also spotted scheduled tasks set up in mid-July 2022 and designed to receive commands that would get executed via PowerShell.

Multiple editions of Windows 10 21H1 have reached their end of service on this month's Patch Tuesday, as Microsoft reminded customers yesterday. Since Windows 10 21H1 will no longer receive security updates, customers are advised to upgrade to the latest release as soon as possible to avoid exposing their systems to attacks exploiting unpatched security vulnerabilities.