Items tagged with Windows
Early in September, Microsoft announced the looming end of support for Adobe Flash Player in the Edge browser as we close out 2020 into 2021. We are now creeping toward the end of 2020, and Flash is finally beginning to get the boot. Microsoft has released an update to remove Adobe Flash from Windows and prevent future reinstalls. Adobe Flash and Flash Player were once the rulers of the roost online. Content, games, ads, and more were all driven by Flash. It became incredibly popular and subsequently was targeted by malicious people. This made Flash a dangerous point of attack for millions of devices. As we wrote last month, “Couple that with poor performance on some machines, Adobe’s...
Read more...
Microsoft Windows 10 users are finally receiving the October 2020 Update, and it brings some UI freshening and new features. The Windows 10 Start Menu is finally getting a new look with updated icons and transparent logos. Microsoft Edge is also getting some new features to streamline usage across the Windows experience. Microsoft is calling the update to the Start Menu “A refreshing Start,” and it certainly feels that way. Icons and tiles got a uniform, transparent background that “creates a beautiful stage for the redesigned app icons like Calculator, Mail, and Calendar.” This redesign works in both light and dark themes, and if you want some color, you toggle it in...
Read more...
Get ready to patch your Windows systems as a new bug has been discovered that can lead to the dreaded Blue Screen of Death. This bug, labeled the “Bad Neighbor” exploit (CVE-2020-16898), enables an attacker who crafts an IPv6 packet to completely crash a system. The team at Sophos Labs explains that in “tcpip.sys, a logic error in how the driver parses ICMP messages can be triggered remotely with a crafted IPv6 router advertisement packet containing a Recursive DNS Server (RDNSS) option.” The IPv6 router advertisement packet sends too much data and creates a buffer overflow, which corrupts the system memory stack. This corruption sends the whole operating system toppling....
Read more...
When someone thinks of malware, the usual thought is an EXE file containing offending code that is downloaded to a target machine and executed by the user. However, a team at SecureList is trying to make people aware that an incredibly persistent malware framework can exist within a PC's UEFI firmware. The team, consisting of Mark Lechtik, Igor Kuznetsov, and Yury Parshin, found that a malware framework in the UEFI was used “in a series of targeted attacks pointed towards diplomats and members of an NGO from Africa, Asia, and Europe, all showing ties in their activity to North Korea.” UEFI attacks are not necessarily new, but they are not often seen in the wild. As the SecureList...
Read more...
Recently, an article entitled “Last phase of the desktop wars?” poses an interesting notion and question, that is both polarizing and provocative, regarding the future of Microsoft's OS strategy. What is next for Windows? As the author of the article, open source software developer and advocate Eric S. Raymond notes, Microsoft has added features to Windows to better align it with Linux. He also suggests that the divide between Linux and Windows could eventually shrink until the two operating systems essentially become one. As he puts it, Linux would win the desktop wars, “not by displacing Windows but by co-opting it. Perhaps this is always how it had to be.”...
Read more...
Earlier in the week, we reported on a dangerous exploit with Windows domain controllers called Zerologon. Now, the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security direction, is issuing warnings about the exploit and is pushing government agencies to patch the vulnerability over the weekend. The Zerologon exploit is a way for a nefarious person to escalate privileges within a system and gain access to other systems and files. It takes advantage of the Windows Server Netlogon Remote protocol and authentication to capture session data to escalate the exploit further. Earlier in August, Microsoft released a patch to mitigate the vulnerability for...
Read more...
Secura digital security advisors and researchers, have discovered a highly critical vulnerability with Active Directory domain controllers. Rated as a 10 of 10 on the Common Vulnerability Scoring System (CVSS), this exploit, dubbed Zerologon, allows nefarious people to take over the domain controller and execute privilege escalations. The Zerologon exploit takes advantage of how the Netlogon Remote Protocol works. Typically, this protocol is used for machine and user authentication, as well as updating passwords within a domain. To utilize this exploit, one only needs to set up a TCP connection to the domain controller (DC) and you can spoof a client to go from there. This client spoofing works...
Read more...
Microsoft has been working on their Chromium-based Edge web browser for quite some time. The company began rolling it out this past June, but a recent update will install this new browser on a much larger number of Windows devices. The KB4576754 update forces the installation of the new Edge browser on Windows 10 version 2004, version 1909, version 1903, and version 1809. The KB4576754 update will install the new Chromium-based Edge and remove the previous EdgeHTML-based version. Data from the old version of Edge, such as a user’s passwords, will transfer over to the new version. The same applies to start menu pins, tiles, taskbar pins, and shortcuts. The new Edge will automatically be...
Read more...
They say with great power comes great responsibility, and you would think Windows Defender would be incredibly responsible -- at least when it comes to security. As it turns out, however, that Windows Defender shared its “great power” in allowing its command line utility to download potentially malicious files to a Windows PC. Windows Defender, the basic malware protection on any modern Windows PC, also comes packed with another handy feature: a command line interface. The “MpCmdRun.exe” (Microsoft Protection CMD) allows for utilization of security features through command line. Users could scan, trace, and tinker with a variety of commands. Now, in an update to Windows...
Read more...
Starting today, August 12th, Windows Insiders will be able to install Windows 10 Insider Preview Build 20190. This new build includes a quality of life upgrade, better menu experiences, and bug fixes. You can get this now by forcing an update in your Windows settings if you are on the Windows Insider Dev channel. In Build 20190, the main quality of life update is a new app, called “Tips.” This app, which will launch upon any new update going forward, will help guide the user through the new features in Windows. Brandon LeBlanc, Senior Program Manager at Microsoft, wrote, “We know that it doesn’t always feel clear what changed with a major update, or even how...
Read more...
BootHole GRUB2 Bootloader Security Exploit Discovered, Affects Billions Of Windows And Linux Devices
Bootloaders are an essential bit of software for almost every modern electronic device. Unfortunately, any vulnerabilities in the bootloader can open a device up to attackers. Eclypsium researchers recently discovered a buffer overflow vulnerability in the GRUB2 bootloader, nicknamed “BootHole”. This affects any device that uses GRUB2 with Secure Boot, including most Linux and some Windows devices. How Does BootHole Work The “GRand Unified Bootloader version 2”, or GRUB2, is a bootloader that is common on many Linux devices. It uses bison, a parsers generator, and flex, a lexical analyser, to “generate a parsing engine for a domain-specific language (DSL).”...
Read more...
Anyone who has accidentally deleted a file knows the panic that comes with the mistake. Sometimes you can find the files in the recycle bin and restore them, but other times the files are just plain gone. Anyone familiar with how Windows and other operating systems work might know that files aren't actually deleted, they're marked to allow other data to overwrite them in the future. That means with the right recovery software, there is a chance to recover "deleted" files like images or documents. To that end, Microsoft has quietly launched a new tool specifically to help with this task. The new tool is called Windows File Recovery and it's free. Windows File Recovery is a command line tool...
Read more...
There's a company selling a Mac clone, or "Hackintosh" as they are sometimes called, that is operating under the name OpenCore Computer. The company has no affiliation with the OpenCore Bootloader, however, if you've ever worked with that piece of software. The dual-boot rig OpenCore Computer is building is called the Velociraptor. The Velociraptor computer essentially is in violation of Apple's end-user licensing agreement for macOS, however, because it's running macOS on non-Apple hardware. There is no issue with the machine running Windows of course, because Redmond just wants to spread that love anywhere it can. The computer maker claims on its website to make Mac Pro-style workstations...
Read more...
The cybersecurity advisory unit of U.S. Department of Homeland Security has issued a warning to Windows computer users about code for a "wormable" bug that was published online last week. The exploit is known as SMBGhost and takes advantage of an issue in Windows' server message block or SMB. SMB is a component of Windows that allows it to talk with other devices, such as printers or servers. The warning from the Homeland Security isn't only that the SMBGhost code has been published online, but that the code is designed to take advantage of a security vulnerability that Microsoft patched in March. The warning tells Windows users to update their computers to protect themselves from the exploit....
Read more...
Zoom, makers of the popular video conferencing software that goes by the same name, suddenly finds itself in the limelight, though not just because the Coronavirus outbreak has more people than ever working from home. Following a controversy over its data collection policy (which Zoom has apologized for), security researchers are warning of a potentially serious flaw in Windows version of the software. Through the Zoom client, users are able to send and receive text messages through an integrated chat interface. If a users tries to send a URL, it gets converted into a clickable hyperlink so that other users in the chat can quickly navigate to whatever page the sender is serving up. It is a pretty...
Read more...
Not long ago, Microsoft issued the KB4524244 cumulative update meant to address a security vulnerability in a third-party UEFI boot manager. As many Windows updates have done in recent months, this one caused additional problems, including leaving some users unable to reset the computer or reboot. Kaspersky has now stepped up and said that the KB4524244 update was to address a vulnerability that was found in its Kaspersky Rescue Disk program that was publicly disclosed in April 2019 and fixed in August 2019. Kaspersky is specific in that it was not involved in the update, and Microsoft didn't reach out to it concerning the update issue. Kaspersky Rescue Disk is a free tool that allowed users...
Read more...
“Dark mode” or “night mode” has long been popular with tech users. It is also now increasingly being adopted by major apps and operating systems. However, is dark mode simply an aesthetic preference or can it provide benefits to users? Companies and services like Google, Apple, and Facebook offer or plan to offer dark mode to help reduce eyestrain, increase battery life, and decrease display flickering. Many apps and operating systems tend to prefer light user interfaces (UI). This brighter interface or “dark-on-light color scheme” was originally introduced in word processors to mimic the look of dark ink on light paper. A light UI is generally considered...
Read more...
Another Microsoft Patch Tuesday has come and gone. Ninety-nine flaws in total were addressed during this major patch. Unfortunately, the update does not provide a blanket fix for all ninety-nine issues. There are various prerequisites before some users will be able to install a patch for a secure boot vulnerability. “CVE-2020-0689” or the “Microsoft Secure Boot Security Feature Bypass Vulnerability” allows attackers to bypass secure boots. A secure boot is intended to guarantee that a device is only making use of software with valid credentials from an Original Equipment Manufacturer (OEM). However, this vulnerability permits attackers to load their own software. Thankfully,...
Read more...
Field of Dreams taught us, "If you build it, he will come," referring to a deceased baseball legend wandering out of a corn field in Iowa. When it comes to PC security, though, if you discover it ("it" being a vulnerability), the proof of concepts will come, and that is precisely what has happened with a "CurveBall" flaw the National Security Agency (NSA) recently discovered. I wrote about this earlier in the week, noting a report that Microsoft's Patch Tuesday update would plug up a cryptography security hole discovered by the NSA. Part of the reason it was notable (and still is) is because this is the first time the NSA has reported a major bug in Windows to Microsoft (you know, as opposed...
Read more...
If you are in the habit of putting off those monthly security patches Microsoft doles out on the second Tuesday of every month (known as Patch Tuesday), you may want to reconsider your approach today. A security researcher says one of the patches in today's cumulative roundup will address a serious vulnerability in a core cryptographic component affecting most versions of Windows. "According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles 'certificate and cryptographic messaging functions in the CryptoAPI'. The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications...
Read more...
Do you need an ugly sweater for an upcoming holiday party? If you are a Microsoft superfan or work in the tech industry, the perfect sweater may soon be arriving at your door. Microsoft just released a Windows XP-themed holiday sweater. The new sweater is light blue and features the Windows XP logo and is accompanied by some tongue-in-cheek packaging. The box reads, “Windows XP Pro-ho-ho-fessional” instead of “Windows XP Professional”. The little square in the right hand corner of the box says “For those people without Windows XP Soft-wear…” instead of “For PCs without Windows…” The box also includes a list of features such as “easy...
Read more...
Microsoft is having a "Do'h!" moment, though not in the bumbling, Homer Simpson sense. Quite the opposite, actually. In a blog post, Microsoft announced its Windows Core Networking team is working on improving user privacy by implementing DNS over HTTPS, or DoH for short, into a future build of Windows 10. From Microsoft's vantage point, supporting encrypted DNS queries in Windows 10 would essentially close one of the last remaining plain-text domain name transmissions in common web traffic. At the same time, Microsoft says providing encrypted DNS support will not be easy without breaking existing Windows device admin configurations. "With the decision made to build support for encrypted DNS,...
Read more...
