Items tagged with Windows
Not long ago, Microsoft issued the KB4524244 cumulative update meant to address a security vulnerability in a third-party UEFI boot manager. As many Windows updates have done in recent months, this one caused additional problems, including leaving some users unable to reset the computer or reboot. Kaspersky has now stepped up and said that the KB4524244 update was to address a vulnerability that was found in its Kaspersky Rescue Disk program that was publicly disclosed in April 2019 and fixed in August 2019. Kaspersky is specific in that it was not involved in the update, and Microsoft didn't reach out to it concerning the update issue. Kaspersky Rescue Disk is a free tool that allowed users...
Read more...
“Dark mode” or “night mode” has long been popular with tech users. It is also now increasingly being adopted by major apps and operating systems. However, is dark mode simply an aesthetic preference or can it provide benefits to users? Companies and services like Google, Apple, and Facebook offer or plan to offer dark mode to help reduce eyestrain, increase battery life, and decrease display flickering. Many apps and operating systems tend to prefer light user interfaces (UI). This brighter interface or “dark-on-light color scheme” was originally introduced in word processors to mimic the look of dark ink on light paper. A light UI is generally considered...
Read more...
Another Microsoft Patch Tuesday has come and gone. Ninety-nine flaws in total were addressed during this major patch. Unfortunately, the update does not provide a blanket fix for all ninety-nine issues. There are various prerequisites before some users will be able to install a patch for a secure boot vulnerability. “CVE-2020-0689” or the “Microsoft Secure Boot Security Feature Bypass Vulnerability” allows attackers to bypass secure boots. A secure boot is intended to guarantee that a device is only making use of software with valid credentials from an Original Equipment Manufacturer (OEM). However, this vulnerability permits attackers to load their own software. Thankfully,...
Read more...
Field of Dreams taught us, "If you build it, he will come," referring to a deceased baseball legend wandering out of a corn field in Iowa. When it comes to PC security, though, if you discover it ("it" being a vulnerability), the proof of concepts will come, and that is precisely what has happened with a "CurveBall" flaw the National Security Agency (NSA) recently discovered. I wrote about this earlier in the week, noting a report that Microsoft's Patch Tuesday update would plug up a cryptography security hole discovered by the NSA. Part of the reason it was notable (and still is) is because this is the first time the NSA has reported a major bug in Windows to Microsoft (you know, as opposed...
Read more...
If you are in the habit of putting off those monthly security patches Microsoft doles out on the second Tuesday of every month (known as Patch Tuesday), you may want to reconsider your approach today. A security researcher says one of the patches in today's cumulative roundup will address a serious vulnerability in a core cryptographic component affecting most versions of Windows. "According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles 'certificate and cryptographic messaging functions in the CryptoAPI'. The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications...
Read more...
Do you need an ugly sweater for an upcoming holiday party? If you are a Microsoft superfan or work in the tech industry, the perfect sweater may soon be arriving at your door. Microsoft just released a Windows XP-themed holiday sweater. The new sweater is light blue and features the Windows XP logo and is accompanied by some tongue-in-cheek packaging. The box reads, “Windows XP Pro-ho-ho-fessional” instead of “Windows XP Professional”. The little square in the right hand corner of the box says “For those people without Windows XP Soft-wear…” instead of “For PCs without Windows…” The box also includes a list of features such as “easy...
Read more...
Microsoft is having a "Do'h!" moment, though not in the bumbling, Homer Simpson sense. Quite the opposite, actually. In a blog post, Microsoft announced its Windows Core Networking team is working on improving user privacy by implementing DNS over HTTPS, or DoH for short, into a future build of Windows 10. From Microsoft's vantage point, supporting encrypted DNS queries in Windows 10 would essentially close one of the last remaining plain-text domain name transmissions in common web traffic. At the same time, Microsoft says providing encrypted DNS support will not be easy without breaking existing Windows device admin configurations. "With the decision made to build support for encrypted DNS,...
Read more...
Malware is getting sneakier, as Kaspersky researchers just discovered “Titanium”, a trojan backdoor malware. This malware is very difficult to detect and includes various stages. Titanium is currently being used by the Advanced Persistent Threat (APT) actor “Platinum”. Platinum is considered one of the most “technologically advanced” APT actors in the Asia-Pacific region. Their current malware targets Malaysia, Indonesia, and Vietnam. It is unclear exactly how many devices have been affected. Titanium reportedly includes several steps and capabilities. It first releases an exploit that is able to execute code as a SYSTEM user. It then installs a shellcode that essentially downloads the necessary...
Read more...
Microsoft tends to stick to its traditional patch schedule (Patch Tuesday), and only rolls out an out-of-band update when there are serious issues for some Windows users or big security problems that need to be addressed. Microsoft's latest out-of-band cumulative update has been released for several versions of Windows 10, including the May 2019 Update (version 1903). This particular update is a required security update that "expands the out-of-band update dated September 23rd, 2019." The update also brings with it mitigation for the Internet Explorer scripting engine security vulnerability (CVE-2019-1367). Microsoft notes that the security update includes quality improvements and calls out key...
Read more...
Microsoft has launched a new Windows 10 Insider Preview Build 18970 (20H1) to Windows Insiders in the Fast Ring. This build brings a new tablet experience for 2-in-1 convertible PCs as a Beta to Windows insiders. The new experience is meant to allow tablet mode users to stay in their familiar desktop experience with no interruption, and brings some new features. The new features include increased spacing between taskbar icons, the search box on the taskbar is collapsed into an icon, the file explorer switches to a touch-optimized layout, and the touch keyboard auto invokes when a text field is pressed. Microsoft also made some changes to the tablet section in Settings. Microsoft says...
Read more...
Microsoft is warning Windows users of several new "wormable" exploits similar in style to BlueKeep, two of which are tagged as critical Remote Code Execution (RCE) vulnerabilities. As with BlueKeep, which Microsoft patched a few months ago, the exploits exist within the Remote Desktop Services protocol (formerly known as Terminal Services). These types of exploits are especially worrisome because of their ability to spread through a computer network, once a single machine is infected. "It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft...
Read more...
Researchers recently uncovered Windows kernel security flaws that affect over 40 drivers from 20 different vendors. The vulnerabilities could give attackers access to a device's hardware and firmware. Researchers from Eclypsium shared their troubling findings this past week at the DEF CON 27 security conference in Las Vegas, Nevada. Why are there so many vulnerable drivers? According to Mickey Shkatov, Principal Researcher at Eclypsium, bad coding practices are to blame. Many drivers are meant to be flexible and able to perform a wide variety of actions instead of performing specific tasks. Shkatov noted, “It's easier to develop software by structuring drivers and applications this way,...
Read more...
Early last week, Microsoft started to talk up the "all-new" Windows 1.0 with MS-DOS Executive, clock, and more. We all wondered at the time what exactly the deal was. Rumors suggested that Windows 1.0 was going to be a tie in with Netflix's third season of Stranger Things which landed on July 4. The Stranger Things Season 3 mashup has now been confirmed with the official launch of the Windows 1.11 app. The description for the app reads, "Experience 1985 nostalgia with a special edition Windows 10 PC app inspired by Windows 1.0—but one that's been taken over by the Upside Down from Stranger Things. Explore the mysteries and secrets plaguing Hawkins, unlock unique show content and easter...
Read more...
Microsoft's social media accounts having been acting a bit "strange" this morning. On both its official Twitter and Instagram accounts, Microsoft posted a video announcing the "All-New Windows 1.0, with MS-DOS Executive, Clock and more." The video itself starts off showing the current Windows 10 logo, then travels backwards displaying older Windows logos including Windows 7 and Windows 95 before settling on the logo for Windows 1.0. During this time, some synth-heavy music plays in the background with graphics that looks like something straight out of the 1980s. Introducing the all-new Windows 1.0, with MS-Dos Executive, Clock, and more!! 😲 💾 pic.twitter.com/guU4QxwsGG — Windows (@Windows)...
Read more...
