Items tagged with Windows
Yesterday was Microsoft’s routine Patch Tuesday release, which tackled quite a few vulnerabilities, 55 to be exact. Though this may seem like a lot, it is actually the smallest update from the company since 2020, but it does take care of some big problems. This includes a rather worrisome wormable HTTP protocol-stack vulnerability within Windows that thankfully has not been seen exploited in the wild. Of the 55 fixes coming with this patch, the wormable HTTP protocol-stack vulnerability, denoted by CVE-2021-31166, is the most concerning. This vulnerability has been given a rather high Common Vulnerability Scoring System (CVSS) score at 9.8 out of 10, which means it can be dangerous if used....
Read more...
Earlier today, we reported on DNS issues with the latest Patch Tuesday update (KB5001330 and 1337), and the Windows 10 pain train does not seem to be slowing down. Users are now reporting a variety of gaming-related issues such as unstable frame rates and game stutters. Earlier this week, Reddit user /u/m4dden posted to the Windows 10 subreddit that he was facing numerous issues while trying to play games. These included stuttering, unstable FPS, broken VSync, and FPS drops when sharing games in Discord calls with screen share. After he uninstalled the new patch, the issues seemed to all disappear, making Windows 10 the culprit. There are 72 comments on the post at the time of writing,...
Read more...
Last month, several issues with printers appeared when Microsoft released its regularly scheduled Windows 10 update. Another Patch Tuesday has come and gone, but not without additional concerns from from users. Some Windows 10 corporate users are reporting DNS and shared folder issues, with the current fix being to simply roll back the update. After installing the new updates, which brought security vulnerability and bug fixes to users, some people reported having DNS resolution issues that could stop access to shared folders on servers when they attempted to identify them by name. If a user used the IP address for the server instead, they would have no issues. However, that is rather inconvenient....
Read more...
With everyone using Zoom for both work and school, a vulnerability in the software can be especially concerning. This week, researchers competing in a zero-day hunting competition found a bug in Zoom that allowed them to remotely execute code without any necessary action from the target. This find netted the researchers a sum of cash and the concern of Zoom customers everywhere. Pwn2Own is a zero-day hunting contest organized by the Zero Day Initiative, which brings white hat hackers together to make software better by finding vulnerabilities. The multi-day event uncovered many issues in software, but the most interesting one that could have the most impact is with Zoom. We're still confirming...
Read more...
Windows 10 can be used for just about anything due to its versatility, from running services to simply being a basic client PC. Soon, Microsoft will add more functionality to hopefully make the operating system even better for specific usage scenarios. In the past few months, we have heard about Microsoft testing new workflows, designs, and other features to improve user experience. Internally, Microsoft has also been testing a new “Device Usage” page in the Settings App, according to Windows Latest. This new page would allow users or organizations to customize Windows 10 for "specific use cases, such as schoolwork, entertainment, gaming and more.” This feature is being...
Read more...
As classes are being held remotely and students still need to get work done, having a device versatile to handle it all is essential. Thus, Lenovo has announced a new line of Chromebooks and Windows laptops geared toward education, and they seem rather impressive. There are features for students, educators, and administrators which should up the game across-the-board. Lenovo Chromebooks When you think "Chromebook," there is typically an image that comes to mind, including rounded edges, matte colors, and pokey performance. With Lenovo's 14e, that idea of a Chromebook is torn down with a sleek finish that makes the 14e look quite professional. Besides the looks, the Lenovo 14e...
Read more...
On Friday, Microsoft released another patch to fix some outstanding issues when printing graphical images in Windows 10. It appears that quality assurance is certainly struggling this month; however, as many users are reporting the update has failed to install with error code 0x80070541. While the error code may be largely useless, there is a workaround if you must install the update. Last week, Microsoft provided a separate workaround for a printer issue that was causing blue screens of death (BSOD), among other problems. This stemmed from printer driver incompatibilities and was easily fixed by an optional patch just two days later. Afterward, some users found they could not print graphical...
Read more...
Earlier in March, Microsoft released a Patch Tuesday update, which unfortunately unleashed numerous printer-related issues that led to some cases of the Blue Screen of Death (BSOD). This was caused by driver conflicts within Windows when users went to print. The company then quickly acknowledged the problem, provided a workaround, and a subsequent patch in the following days. Now, Microsoft is releasing a new out-of-band update to squash the issue once and for all…hopefully. As Microsoft explains in its recent announcements, issues arose when users went to print graphical content. The problem, stemming from the March 9th and March 15th updates, could result in “missing or solid color...
Read more...
Last week, Microsoft pumped out Windows OS builds 19041.867 and 19042.867 in typical Patch Tuesday fashion. This was a minor security update that only had a couple of highlights, but it also had another problem lurking within. When users attempted to use specific printers in some apps, they would receive a blue screen (BSOD) with an “APC_INDEX_MISMATCH.” While there is no patch for this problem yet, Microsoft has published a workaround that we show below. According to Microsoft, the APC_INDEX_MISMATCH issue only seemed to affect “a subset of Type 3 printer drivers and does not affect printer drivers that are Type 4.” Basically, a type 3 driver makes it so print jobs are...
Read more...
As Windows updates from Microsoft roll out, older versions begin to drop off and out of support. The Windows 10 Spring 2019 Update has been kicking around for over 19 months, and it is time to go. Now, to help Windows 10 version 1903 to the grave, Microsoft has been pushing automatic updates to get those devices to the Windows 10 Spring 2020 Update. Updating devices is an important part of keeping people and computers secure, and Microsoft wants to make sure that the Windows ecosystem is healthy. Now, Windows 10 version 1903 has reached its end-of-life, and it will need to be updated. Back in June of this year, Microsoft began forcefully updating PCs from version 1903 without warning, and...
Read more...
Early in September, Microsoft announced the looming end of support for Adobe Flash Player in the Edge browser as we close out 2020 into 2021. We are now creeping toward the end of 2020, and Flash is finally beginning to get the boot. Microsoft has released an update to remove Adobe Flash from Windows and prevent future reinstalls. Adobe Flash and Flash Player were once the rulers of the roost online. Content, games, ads, and more were all driven by Flash. It became incredibly popular and subsequently was targeted by malicious people. This made Flash a dangerous point of attack for millions of devices. As we wrote last month, “Couple that with poor performance on some machines, Adobe’s...
Read more...
Microsoft Windows 10 users are finally receiving the October 2020 Update, and it brings some UI freshening and new features. The Windows 10 Start Menu is finally getting a new look with updated icons and transparent logos. Microsoft Edge is also getting some new features to streamline usage across the Windows experience. Microsoft is calling the update to the Start Menu “A refreshing Start,” and it certainly feels that way. Icons and tiles got a uniform, transparent background that “creates a beautiful stage for the redesigned app icons like Calculator, Mail, and Calendar.” This redesign works in both light and dark themes, and if you want some color, you toggle it in...
Read more...
Get ready to patch your Windows systems as a new bug has been discovered that can lead to the dreaded Blue Screen of Death. This bug, labeled the “Bad Neighbor” exploit (CVE-2020-16898), enables an attacker who crafts an IPv6 packet to completely crash a system. The team at Sophos Labs explains that in “tcpip.sys, a logic error in how the driver parses ICMP messages can be triggered remotely with a crafted IPv6 router advertisement packet containing a Recursive DNS Server (RDNSS) option.” The IPv6 router advertisement packet sends too much data and creates a buffer overflow, which corrupts the system memory stack. This corruption sends the whole operating system toppling....
Read more...
When someone thinks of malware, the usual thought is an EXE file containing offending code that is downloaded to a target machine and executed by the user. However, a team at SecureList is trying to make people aware that an incredibly persistent malware framework can exist within a PC's UEFI firmware. The team, consisting of Mark Lechtik, Igor Kuznetsov, and Yury Parshin, found that a malware framework in the UEFI was used “in a series of targeted attacks pointed towards diplomats and members of an NGO from Africa, Asia, and Europe, all showing ties in their activity to North Korea.” UEFI attacks are not necessarily new, but they are not often seen in the wild. As the SecureList...
Read more...
Recently, an article entitled “Last phase of the desktop wars?” poses an interesting notion and question, that is both polarizing and provocative, regarding the future of Microsoft's OS strategy. What is next for Windows? As the author of the article, open source software developer and advocate Eric S. Raymond notes, Microsoft has added features to Windows to better align it with Linux. He also suggests that the divide between Linux and Windows could eventually shrink until the two operating systems essentially become one. As he puts it, Linux would win the desktop wars, “not by displacing Windows but by co-opting it. Perhaps this is always how it had to be.”...
Read more...
Earlier in the week, we reported on a dangerous exploit with Windows domain controllers called Zerologon. Now, the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security direction, is issuing warnings about the exploit and is pushing government agencies to patch the vulnerability over the weekend. The Zerologon exploit is a way for a nefarious person to escalate privileges within a system and gain access to other systems and files. It takes advantage of the Windows Server Netlogon Remote protocol and authentication to capture session data to escalate the exploit further. Earlier in August, Microsoft released a patch to mitigate the vulnerability for...
Read more...
Secura digital security advisors and researchers, have discovered a highly critical vulnerability with Active Directory domain controllers. Rated as a 10 of 10 on the Common Vulnerability Scoring System (CVSS), this exploit, dubbed Zerologon, allows nefarious people to take over the domain controller and execute privilege escalations. The Zerologon exploit takes advantage of how the Netlogon Remote Protocol works. Typically, this protocol is used for machine and user authentication, as well as updating passwords within a domain. To utilize this exploit, one only needs to set up a TCP connection to the domain controller (DC) and you can spoof a client to go from there. This client spoofing works...
Read more...
Microsoft has been working on their Chromium-based Edge web browser for quite some time. The company began rolling it out this past June, but a recent update will install this new browser on a much larger number of Windows devices. The KB4576754 update forces the installation of the new Edge browser on Windows 10 version 2004, version 1909, version 1903, and version 1809. The KB4576754 update will install the new Chromium-based Edge and remove the previous EdgeHTML-based version. Data from the old version of Edge, such as a user’s passwords, will transfer over to the new version. The same applies to start menu pins, tiles, taskbar pins, and shortcuts. The new Edge will automatically be...
Read more...
They say with great power comes great responsibility, and you would think Windows Defender would be incredibly responsible -- at least when it comes to security. As it turns out, however, that Windows Defender shared its “great power” in allowing its command line utility to download potentially malicious files to a Windows PC. Windows Defender, the basic malware protection on any modern Windows PC, also comes packed with another handy feature: a command line interface. The “MpCmdRun.exe” (Microsoft Protection CMD) allows for utilization of security features through command line. Users could scan, trace, and tinker with a variety of commands. Now, in an update to Windows...
Read more...
Starting today, August 12th, Windows Insiders will be able to install Windows 10 Insider Preview Build 20190. This new build includes a quality of life upgrade, better menu experiences, and bug fixes. You can get this now by forcing an update in your Windows settings if you are on the Windows Insider Dev channel. In Build 20190, the main quality of life update is a new app, called “Tips.” This app, which will launch upon any new update going forward, will help guide the user through the new features in Windows. Brandon LeBlanc, Senior Program Manager at Microsoft, wrote, “We know that it doesn’t always feel clear what changed with a major update, or even how...
Read more...
BootHole GRUB2 Bootloader Security Exploit Discovered, Affects Billions Of Windows And Linux Devices
Bootloaders are an essential bit of software for almost every modern electronic device. Unfortunately, any vulnerabilities in the bootloader can open a device up to attackers. Eclypsium researchers recently discovered a buffer overflow vulnerability in the GRUB2 bootloader, nicknamed “BootHole”. This affects any device that uses GRUB2 with Secure Boot, including most Linux and some Windows devices. How Does BootHole Work The “GRand Unified Bootloader version 2”, or GRUB2, is a bootloader that is common on many Linux devices. It uses bison, a parsers generator, and flex, a lexical analyser, to “generate a parsing engine for a domain-specific language (DSL).”...
Read more...
Anyone who has accidentally deleted a file knows the panic that comes with the mistake. Sometimes you can find the files in the recycle bin and restore them, but other times the files are just plain gone. Anyone familiar with how Windows and other operating systems work might know that files aren't actually deleted, they're marked to allow other data to overwrite them in the future. That means with the right recovery software, there is a chance to recover "deleted" files like images or documents. To that end, Microsoft has quietly launched a new tool specifically to help with this task. The new tool is called Windows File Recovery and it's free. Windows File Recovery is a command line tool...
Read more...
