#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Microsoft Windows | Breaking Cybersecurity News | The Hacker News

Category — Microsoft Windows
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days

Aug 14, 2024 Windows Security / Vulnerability
Microsoft on Tuesday shipped fixes to address a total of 90 security flaws , including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, nine are rated Critical, 80 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month. The Patch Tuesday updates are notable for addressing six actively exploited zero-days - CVE-2024-38189 (CVSS score: 8.8) - Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 (CVSS score: 7.5) - Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38193 (CVSS score: 7.8) - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2024-38106 (CVSS score: 7.0) - Windows Kernel Elevation of Privilege Vulnerability CVE-2024-38107 (CVSS score: 7.8) - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability CVE-2024-38213 (CVS...
Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Jan 16, 2024 Cryptocurrency / Windows Security
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called  Phemedrone Stealer . "Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord," Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun  said . "It also takes screenshots and gathers system information regarding hardware, location, and operating system details. The stolen data is then sent to the attackers via Telegram or their command-and-control (C&C) server." The attacks leverage  CVE-2023-36025  (CVSS score: 8.8), a security bypass vulnerability in Windows SmartScreen, that could be exploited by tricking a user into clicking on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file. The actively-exploited shortcoming was  addressed  by Microsoft as part of its November...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Crowdstrike Named A Leader In Endpoint Protection Platforms

Nov 22, 2024Endpoint Security / Threat Detection
CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.
Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

Dec 18, 2023 Email Security / Vulnerability
Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. "An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) exploit against Outlook clients," Akamai security researcher Ben Barnea, who discovered the vulnerabilities, said in a  two-part   report  shared with The Hacker News. The security issues, which were addressed by Microsoft in  August  and  October 2023 , respectively, are listed below - CVE-2023-35384  (CVSS score: 5.4) - Windows HTML Platforms Security Feature Bypass Vulnerability CVE-2023-36710  (CVSS score: 7.8) - Windows Media Foundation Core Remote Code Execution Vulnerability CVE-2023-35384 has been described by Akamai as a bypass for a critical security flaw that Microsoft patched in March 2023. T...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog

Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog

Oct 25, 2022
Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed  LogCrusher  and  OverLog  by Varonis, take aim at the EventLog Remoting Protocol ( MS-EVEN ), which enables remote access to event logs. While the former allows "any domain user to remotely crash the Event Log application of any Windows machine," OverLog causes a DoS by "filling the hard drive space of any Windows machine on the domain," Dolev Taler  said  in a report shared with The Hacker News. OverLog has been assigned the CVE identifier CVE-2022-37981 (CVSS score: 4.3) and was addressed by Microsoft as part of its  October Patch Tuesday  updates. LogCrusher, however, remains unresolved. "The performance can be interrupted and/or reduced, but the attacker cannot fully deny service," the tech giant said in an advisory for the flaw released earli...
Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers

Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers

Apr 13, 2022
The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from August 2021 to February 2022, expanding from the initial victimology patterns observed during its attacks exploiting the then zero-day flaws in  Microsoft Exchange Servers  in March 2021. Microsoft Threat Intelligence Center (MSTIC), which dubbed the defense evasion malware " Tarrask ," characterized it as a tool that creates "hidden" scheduled tasks on the system. "Scheduled task abuse is a very common method of persistence and defense evasion — and an enticing one, at that," the researchers  said . Hafnium, while most notable for Exchange Server attacks, has since leveraged unpatched zero-day vulnerabilities as initial vectors to drop web shells and other mal...
Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows

Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows

Sep 24, 2021
Cybersecurity researchers have disclosed a novel technique adopted by a threat actor to deliberately evade detection with the help of malformed digital signatures of its malware payloads. "Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code — which is used in a number of security scanning products," Google Threat Analysis Group's Neel Mehta  said  in a write-up published on Thursday. The new mechanism was observed to be exploited by a notorious family of unwanted software known as  OpenSUpdater  that's used to download and install other suspicious programs on compromised systems. Most targets of the campaign are users located in the U.S. who are prone to downloading cracked versions of games and other grey-area software. The findings come from a set of OpenSUpdater  samples   uploaded  to VirusTotal at least since mid-August. While adversaries in the past ...
A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

Sep 23, 2021
Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers from Eclypsium  said  in a report published on Monday. "These tables can be exploited by attackers with direct physical access, with remote access, or through manufacturer supply chains. More importantly, these motherboard-level flaws can obviate initiatives like  Secured-core  because of the ubiquitous usage of  ACPI  [Advanced Configuration and Power Interface] and WPBT." WPBT, introduced with Windows 8 in 2012, is a  feature  that enables "boot firmware to provide Windows with a platform binary that the operating system can execute."  In other wor...
FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor

FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor

Sep 03, 2021
A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service provider located in the U.S. The attacks, which are believed to have taken place between late June to late July 2021, have been attributed with "moderate confidence" to a financially motivated threat actor dubbed FIN7, according to researchers from cybersecurity firm Anomali. "The specified targeting of the Clearmind domain fits well with FIN7's preferred modus operandi," Anomali Threat Research  said  in a technical analysis published on September 2. "The group's goal appears to have been to deliver a variation of a JavaScript backdoor used by FIN7 since at least 2018." An Eastern European group active since at least mid-2015, FIN7 has a checkered history of targeting restaurant, gambling, and hospitality industries in th...
Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability

Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability

Aug 12, 2021
A day after releasing  Patch Tuesday updates , Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. Tracked as  CVE-2021-36958  (CVSS score: 7.3), the unpatched flaw is the latest to join a  list  of  bugs  collectively known as  PrintNightmare  that have plagued the printer service and come to light in recent months. Victor Mata of FusionX, Accenture Security, who has been credited with reporting the flaw,  said  the issue was disclosed to Microsoft in December 2020. "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," the company said in its out-of-band bulletin, echoing the vulnerability details for  CVE-2021-34481 . "An attacker who successfully exploited this vulnerability could run arbitrary code with S...
Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

Jun 30, 2021
A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as  CVE-2021-1675 , the security issue could grant remote attackers full control of vulnerable systems.  Print Spooler  manages the printing process in Windows, including loading the appropriate printer drivers and scheduling the print job for printing, among others. Print Spooler flaws are concerning, not least because of the wide attack surface, but also owing to the fact that it runs at the highest privilege level and is capable of dynamically loading third-party binaries. The Windows maker addressed the vulnerability as part of its Patch Tuesday update on June 8, 2021. But almost two weeks later, Microsoft revised the flaw's impact from an elevation of privilege to remote code execution (RCE) as well as upgraded the severity level from Im...
Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks

Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks

Mar 10, 2021
Microsoft plugged as many as  89 security flaws  as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Of these flaws, 14 are listed as Critical, and 75 are listed as Important in severity, out of which two of the bugs are described as publicly known, while five others have been reported as under active attack at the time of release. Among those five security issues are a clutch of vulnerabilities known as  ProxyLogon  (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access. But in the wake of Exchange servers coming under  indiscriminate assault  toward the end of February by multiple threat groups ...
Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws

Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws

Dec 09, 2020
Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final  Patch Tuesday of 2020 , effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated as Important, and three are rated Moderate in severity. The December security release addresses issues in Microsoft Windows, Edge browser, ChakraCore, Microsoft Office, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere. Fortunately, none of these flaws this month have been reported as publicly known or being actively exploited in the wild. The fixes for December concern a number of remote code execution (RCE) flaws in Microsoft Exchange (CVE-2020-17132), SharePoint (CVE-2020-17118 and CVE-2020-17121), Excel (CVE-2020-17123), and Hyper-V virtualization software (CVE-2020-17095), as well as a patch for a security feature bypass in Kerberos (CVE-2020-16...
Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020?

Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020?

Jan 07, 2020
January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day. Cynet 360 autonomous breach protection is a good example of a multilayered advanced protection solution that can enable organizations who run Windows 7 to remain secure despite the end of support ( to learn more click here ). Let's dig a bit deeper to understand the risk. The reality is that all software contains bugs. Ideally, these bugs are discovered during the development process. In practice, many of them surface only following the product release in the course of their interactions with real users. Bugs that can be exploited for malicious purposes are called vulnerabilities. Microsoft conducts rigorous and ongoing research ...
Hacker Discloses New Windows Zero-Day Exploit On Twitter

Hacker Discloses New Windows Zero-Day Exploit On Twitter

Oct 24, 2018
A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. SandboxEscaper posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the vulnerability that appears to be a privilege escalation flaw residing in Microsoft Data Sharing (dssvc.dll). The Data Sharing Service is a local service that runs as LocalSystem account with extensive privileges and provides data brokering between applications. The flaw could allow a low-privileged attacker to elevate their privileges on a target system, though the PoC exploit code (deletebug.exe) released by the researcher only allows a low privileged user to delete critical system files—that otherwise would only be possible via admin level privileges. "Not the same bug I posted a while back, this doesn't write garbage to files...
Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities

Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities

Oct 09, 2018
Microsoft has just released its latest monthly Patch Tuesday updates for October 2018, fixing a total of 49 security vulnerabilities in its products. This month's security updates address security vulnerabilities in Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Exchange Server. Out of 49 flaws patched this month, 12 are rated as critical, 35 are rated as important, one moderate, and one is low in severity. Three of these vulnerabilities patched by the tech giant are listed as "publicly known" at the time of release, and one flaw is reported as being actively exploited in the wild. Windows Update Patches An Important Flaw Under Active Attack According to the Microsoft advisory , an undisclosed group of attackers is actively exploiting an important elevation of privilege vulnerability (CVE-2018-8453) in Microsoft Windows operating system to take full control over the targete...
Critical Flaws Found in Windows NTLM Security Protocol – Patch Now

Critical Flaws Found in Windows NTLM Security Protocol – Patch Now

Jul 12, 2017
As part of this month's Patch Tuesday , Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007. Researchers at behavioral firewall specialist Preempt discovered two zero-day vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create a new domain administrator account and get control of the entire domain. NT LAN Manager (NTLM) is an old authentication protocol used on networks that include systems running the Windows operating system and stand-alone systems. Although NTLM was replaced by Kerberos in Windows 2000 that adds greater security to systems on a network, NTLM is still supported by Microsoft and continues to be used widely. The first vulnerability involves unprotected Lightweight Directory Access Protocol (LDAP) from NTLM relay, and the second impact Remote Desktop Protocol (RDP) Restricted-Admin mode. L...
Microsoft Brings Ubuntu, Suse, and Fedora Linux to Windows Store

Microsoft Brings Ubuntu, Suse, and Fedora Linux to Windows Store

May 12, 2017
Microsoft has been expressing its love for Linux and Open Source for almost three years now, and this love is embracing as time passes. Just last year, Microsoft made headlines by building support for the Bash shell and Ubuntu Linux binaries into Windows 10, allowing users to run limited instances of Linux directly on top of the OS without installing any virtual machine, as well as developers to run command-line tools while building apps. Now, Microsoft has announced at its Build developer conference in Seattle that three different flavors of the free Linux operating system are coming to the company's app store, so its users can run Windows and Linux apps side-by-side. Yes, it's no joke. Three versions of Linux distributions – Ubuntu, Fedora, and SUSE – are coming to the Windows Store. Now, you'll soon be able to install these Linux operating systems on your Windows device just like any other app. While Ubuntu is already available on the Windows Store for a...
Android Beats Windows to Become World's Most Popular Operating System

Android Beats Windows to Become World's Most Popular Operating System

Apr 03, 2017
It's an impressive milestone for Google — For the first time in decades, Android has been crowned as the world's most popular operating system in terms of Internet usage, knocking Microsoft Windows off the top spot. According to a new report from web traffic analytics firm StatCounter, Google's Android is the most popular operating system worldwide in terms of total internet usage across desktop, laptop, tablet, and mobile combined. Looking at overall internet usage, Android represented 37.93 percent of the global OS Internet usage market share in March, while Windows accounted for 37.91 percent. Although Windows is still not far behind, Android taking the lead is being described by StatCounter CEO Aodhan Cullen as a "milestone in technology history." This achievement is due to the fact that mobile devices are used to connect to the Internet far more frequently than desktops and laptops, and people are spending more time on smartphones surfing the Inter...
Expert Insights / Articles Videos
Cybersecurity Resources