The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Download Windows Update

Microsoft Issues March 2020 Updates to Patch 115 Security Flaws

Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
March 11, 2020Ravie Lakshmanan
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history. Of the 115 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio — that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity. However, unlike last month , none of the vulnerabilities the tech giant patched this month are listed as being publicly known or under active attack at the time of release. It's worth highlighting that the patch addresses critical flaws that could be potentially exploited by bad actors to execute malicious code by specially crafted LNK files and word documents. Titled "LNK Remote Code Execution Vulnerability" ( CVE-2020

Update Microsoft Windows Systems to Patch 99 New Security Flaws

Update Microsoft Windows Systems to Patch 99 New Security Flaws
February 11, 2020Mohit Kumar
A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. According to the advisories, 12 of the total issues patched by the tech giant this month are critical in severity, and the remaining 87 have been listed as important. Five of the bugs are listed as publicly known at the time of release, four of which are important in severity and one critical ( CVE-2020-0674 ) that is also listed as under active attack. Microsoft warned about this zero-day vulnerability in Internet Explorer (IE) browser last month when it released an advisory without releasing a patch for millions of its affected users. As explained previously, this flaw could allow a remote attacker to execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulner

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA
January 14, 2020Mohit Kumar
After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products. What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency (NSA) of the United States. What's more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to Microsoft, unlike the  Eternalblue SMB flaw that the agency kept secret for at least five years and then was leaked to the public by a mysterious group, which caused WannaCry menace in 2017. CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability According to an advisory released by Microsoft, the flaw, dubbed ' NSACrypt ' and tracked as CVE-20

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack
December 10, 2019Swati Khandelwal
With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers. Microsoft's December security updates include patches for a total of 36 vulnerabilities, where 7 are critical, 27 important, 1 moderate, and one is low in severity—brief information on which you can find later in this article. Tracked as CVE-2019-1458 and rated as Important, the newly patched zero-day Win32k privilege escalation vulnerability, reported by Kaspersky, was used in Operation WizardOpium attacks to gain higher privileges on targeted systems by escaping the Chrome sandbox. Although Google addressed the flaw in Chrome 78.0.3904.87 with the release of an emergency update last month after Kaspersky disclosed it to the tech giant, hackers are still targeting users who are using vulnerable versions of th

Microsoft Releases Patches For A Critical 'Wormable Flaw' and 78 Other Issues

Microsoft Releases Patches For A Critical 'Wormable Flaw' and 78 Other Issues
May 14, 2019Mohit Kumar
It's Patch Tuesday—the day when Microsoft releases monthly security updates for its software. Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users' interaction. Out of 79 vulnerabilities, 18 issues have been rated as critical and rest Important in severity. Two of the vulnerabilities addressed this month by the tech giant are listed as publicly known, of which one is listed as under active attack at the time of release. May 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, Microsoft Office, and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager. Critical Wormable RDP Vulnerability The wormable vulnerability ( CVE-2019-0708 ) resides in Remote Desktop

Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates

Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates
March 15, 2019Swati Khandelwal
Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution  vulnerability in WinRAR , a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn't have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks. The critical vulnerability (CVE-2018-20250) that was patched late last month by the WinRAR team with the release of WinRAR version 5.70 beta 1 impacts all prior versions of WinRAR released over the past 19 years. For those unaware, the vulnerability is "Absolute Path Traversal" bug that resides in the old third-party library UNACEV2.DLL of WinRAR and allows attackers to extract a compressed executable file from the ACE archive to one of the Windows Startup folders, where the malicious file would automatically run on the next reboot. Therefore, to successfully exploit this vulnerability and tak

Windows 10 Now Automatically Uninstalls Updates That Cause Problems

Windows 10 Now Automatically Uninstalls Updates That Cause Problems
March 12, 2019Swati Khandelwal
Do you always think twice before installing Windows updates worrying that it could crash your system or leave it non-working the day after Patch Tuesdays? Don't worry. Microsoft has addressed this issue by adding a safety measure that would from now onwards automatically uninstall buggy software updates installed on your system if Windows 10 detects a startup failure, which could be due to incompatibility or issues in new software. A new document published by Microsoft on Monday, a day before this month's Patch Tuesday, says just like Windows "automatically installs updates to keep your device secure and running at peak efficiency," the OS will now run another automatic process to uninstall problematic updates. From now on, if you receive the following notification on your device, that means your Windows 10 computer has recently been recovered from a startup failure,first sighted by Windows Latest blog . "We removed some recently installed updates

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws
February 12, 2019Mohit Kumar
Microsoft has issued its second Patch Tuesday for this year to address a total of 77 CVE-listed security vulnerabilities in its Windows operating systems and other products, 20 of which are rated critical, 54 important and 3 moderate in severity. February security update addresses flaws in Adobe Flash Player, Internet Explorer, Edge, Windows, MS Office, and Office Services and Web Apps, ChakraCore, .NET Framework, Exchange Server, Visual Studio, Azure IoT SDK, Dynamics, Team Foundation Server, and Visual Studio Code. Four of the security vulnerabilities patched by the tech giant this month have been reported as being publicly known at the time of release, and one is being actively exploited in the wild. The vulnerability actively being exploited in the wild is rated as important and resides in the way Internet Explorer handles objects in the memory. An attacker can trick victims into landing on a specially crafted website and exploit this vulnerability, identified as CVE-201
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.