Microsoft Windows – Page 9 – WindowsTechs.com

Google ‘Irresponsibly’ Discloses Windows Zero-Day

Posted on November 2, 2020 by Richi Jennings

Google discovered a “threat actor” exploiting a pair of bugs—one in Chrome and one in Windows.
The post Google ‘Irresponsibly’ Discloses Windows Zero-Day appeared first on Security Boulevard.
Continue reading Google ‘Irresponsibly’ Discloses Windows Zero-Day→

Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems

Posted on October 28, 2020 by Lindsey O'Donnell

While Microsoft patched the bug known as CVE-2020-0796 back in March, more than one 100,000 Windows systems are still vulnerable. Continue reading Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems→

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks

Posted on October 21, 2020 by Tara Seals

The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities. Continue reading Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks→

Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials

Posted on September 28, 2020 by Lindsey O'Donnell

Researchers warn of emails pretending to help business employees upgrade to Windows 10 – and then stealing their Outlook emails and passwords. Continue reading Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials→

Mac, Linux Users Now Targeted by FinSpy Variants

Posted on September 28, 2020 by Lindsey O'Donnell

FinSpy has returned in new campaigns targeting dissident organizations in Egypt – and researchers uncovered new samples of the spyware targeting macOS and Linux users. Continue reading Mac, Linux Users Now Targeted by FinSpy Variants→

Microsoft brings new robotic process automation features to its Power Platform

Posted on September 22, 2020 by Frederic Lardinois

Earlier this year, Microsoft acquired Softomotive, a player in the low-code robotic process automation space with a focus on Windows. Today, at its Ignite conference, the company is launching Power Automate Desktop, a new application based on Softomotive’s technology that lets anyone automate desktop workflows without needing to program. “The big idea of Power Platform […] Continue reading Microsoft brings new robotic process automation features to its Power Platform→

CISA orders agencies to quickly patch critical Netlogon bug

Posted on September 21, 2020 by Sean Lyngaas

For several days, security experts have urged organizations to fix a critical vulnerability in a Microsoft protocol that hackers could use to steal sensitive data. Now, U.S. government agencies don’t have a choice but to act. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on late Friday evening ordered federal civilian agencies to apply a patch for the vulnerability by the end of the day Monday. The “emergency directive” — only the fourth ever issued by the agency — reflects the “unacceptable risk” the vulnerability poses to federal agencies because the affected software is used throughout the government, officials said. The bug is the latest in a bevy of critical flaws to emerge in popular software this year. In response, CISA has increasingly used its emergency-directive authority to try to keep foreign spies or criminals from burrowing into federal networks. In July, CISA gave agencies 24 hours to address another […]

The post CISA orders agencies to quickly patch critical Netlogon bug appeared first on CyberScoop.

Continue reading CISA orders agencies to quickly patch critical Netlogon bug→

Operation PowerFall: CVE-2020-0986 and variants

Posted on September 2, 2020 by Boris Larin

While we already described the exploit for Internet Explorer in the original blog post about Operation PowerFall, we also promised to share more details about the elevation of privilege exploit. Let’s take a look at vulnerability CVE-2020-0986. Continue reading Operation PowerFall: CVE-2020-0986 and variants→

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Posted on August 12, 2020 by Boris Larin

Kaspersky prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits. Continue reading Internet Explorer and Windows zero-day exploits used in Operation PowerFall→

Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler

Posted on August 7, 2020 by Sean Lyngaas

Every Microsoft Windows operating system has a file that manages commands to print documents. It is ubiquitous to the point of going unnoticed. But when researchers from security firm SafeBreach took a closer look at the file, which is called a Print Spooler Service, they noticed that some of the code is two decades old. A denial of service vulnerability the researchers reported earlier this year, which crashes the spooler service, worked not on only Windows 10, the latest operating system, but also on Windows 2000. It’s a glaring example of the old code that is bequeathed to popular software programs we take for granted. But the researchers weren’t done dissecting the spooler service. “We got intrigued, so we continued to dive in,” said Peleg Hadar, senior security researcher at SafeBreach Labs. They found another bug in the spooler service that could allow an attacker to gain system privileges on […]

The post Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler appeared first on CyberScoop.

Continue reading Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler→