#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

windows security | Breaking Cybersecurity News | The Hacker News

Microsoft Patch Tuesday — January 2019 Security Updates Released

Microsoft Patch Tuesday — January 2019 Security Updates Released
Jan 09, 2019
Microsoft has issued its first Patch Tuesday for this year to address 49 CVE-listed security vulnerabilities in its Windows operating systems and other products, 7 of which are rated critical, 40 important and 2 moderate in severity. Just one of the security vulnerabilities patched by the tech giant this month has been reported as being publicly known at the time of release, and none are being actively exploited in the wild. All the seven critical-rated vulnerabilities lead to remote code execution and primarily impact various versions of Windows 10 and Server editions. Two of the 7 critical flaws affect Microsoft's Hyper-V host OS that fails to properly validate input from an authenticated user on a guest operating system, three affect the ChakraCore scripting engine that fails to properly handle objects in memory in Edge, one affects Edge directly that occurs when the browser improperly handles objects in memory, and one impacts the Windows DHCP client that fails to pro

Microsoft Releases Patches for 60 Flaws—Two Under Active Attack

Microsoft Releases Patches for 60 Flaws—Two Under Active Attack
Aug 14, 2018
Get your update caps on. Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical. The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio. Two of these vulnerabilities patched by the tech giant is listed as publicly known and being exploited in the wild at the time of release. According to the advisory released by Microsoft, all 19 critical-rated vulnerabilities lead to remote code execution (RCE), some of which could eventually allow attackers to take control of the affected system if exploited successfully. Besides this, Microsoft has also addressed 39 important flaws, one moderate and one low in severity. Here below we have listed brief details of a few critical and publically exploited important vulnerabilities: Internet Explorer Memory Co

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Microsoft June 2018 Patch Tuesday Pushes 11 Critical Security Updates

Microsoft June 2018 Patch Tuesday Pushes 11 Critical Security Updates
Jun 12, 2018
It's time to gear up for the latest June 2018 Microsoft security patch updates. Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are rated critical and 39 as important in severity. Only one of these vulnerabilities, a remote code execution flaw ( CVE-2018-8267 ) in the scripting engine, is listed as being publicly known at the time of release. However, none of the flaws are listed as under active attack. Discovered by security researcher Dmitri Kaslov, the publicly known vulnerability is a remote memory-corruption issue affecting Microsoft Internet Explorer. The flaw exists within the IE rendering engine and triggers when it fails to properly handle the error objects, allowing an attacker to execute arbitrary code in the context of the currently logged-in user. Microsoft has also addressed an important vulnera

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Microsoft's Meltdown Patch Made Windows 7 PCs More Insecure

Microsoft's Meltdown Patch Made Windows 7 PCs More Insecure
Mar 29, 2018
Meltdown CPU vulnerability was bad, and Microsoft somehow made the flaw even worse on its Windows 7, allowing any unprivileged, user-level application to read content from and even write data to the operating system's kernel memory. For those unaware, Spectre and Meltdown were security flaws disclosed by researchers earlier this year in processors from Intel, ARM, and AMD, leaving nearly every PC, server, and mobile phone on the planet vulnerable to data theft. Shortly after the researchers disclosed the Spectre and Meltdown exploits , software vendors, including Microsoft, started releasing patches for their systems running a vulnerable version of processors. However, an independent Swedish security researcher Ulf Frisk found that Microsoft's security fixes to Windows 7 PCs for the Meltdown flaw—which could allow attackers to read kernel memory at a speed of 120 KBps—is now allowing attackers to read the same kernel memory at a speed of Gbps, making the issue even wo

Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities

Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities
Nov 15, 2017
It's Patch Tuesday—time to update your Windows devices. Microsoft has released a large batch of security updates as part of its November Patch Tuesday in order to fix a total of 53 new security vulnerabilities in various Windows products, 19 of which rated as critical, 31 important and 3 moderate. The vulnerabilities impact the Windows OS, Microsoft Office, Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, .NET Core, and more. At least four of these vulnerabilities that the tech giant has now fixed have public exploits, allowing attackers to exploit them easily. But fortunately, none of the four are being used in the wild, according to Gill Langston at security firm Qualys . The four vulnerabilities with public exploits identified by Microsoft as CVE-2017-8700 (an information disclosure flaw in ASP.NET Core), CVE-2017-11827 (Microsoft browsers remote code execution), CVE-2017-11848 (Internet Explorer information disclosure) and CVE-2017-11883 (denial of ser

Unpatched Windows Kernel Bug Could Help Malware Hinder Detection

Unpatched Windows Kernel Bug Could Help Malware Hinder Detection
Sep 18, 2017
A 17-year-old programming error has been discovered in Microsoft's Windows kernel that could prevent some security software from detecting malware at runtime when loaded into system memory. The security issue, described by enSilo security researcher Omri Misgav, resides in the kernel routine "PsSetLoadImageNotifyRoutine," which apparently impacts all versions of Windows operating systems since Windows 2000. Windows has a built-in API, called PsSetLoadImageNotifyRoutine, that helps programs monitor if any new module has been loaded into memory. Once registered, the program receives notification each time a module is loaded into memory. This notification includes the path to the module on disk. However, Misgav found that due to "caching behaviour, along with the way the file-system driver maintains the file name and a severe coding error," the function doesn't always return the correct path of the loaded modules. What's bad? It seems like Micro

Microsoft Is Paying Up To $250,000 With Its New Bug Bounty Program

 Microsoft Is Paying Up To $250,000 With Its New Bug Bounty Program
Jul 26, 2017
Microsoft has finally launched a new dedicated bug bounty program to encourage security researchers and bug hunters for finding and responsibly reporting vulnerabilities in its latest Windows versions of operating systems and software. Being the favourite target of hackers and cyber criminals, every single zero-day vulnerability in Windows OS—from critical remote code execution, mitigation bypass and elevation of privilege to design flaws—could cause a crisis like recent WannaCry and Petya Ransomware attacks. In past five years the tech giant has launched multiple time-limited bug bounty programs focused on various Windows features, and after seeing quite a bit of success, Microsoft has decided to continue. "Security is always changing, and we prioritise different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities." With its latest bu

Next Windows 10 Version May Have Built-in EMET Anti-Exploit Program

Next Windows 10 Version May Have Built-in EMET Anti-Exploit Program
Jun 20, 2017
It seems Microsoft is planning to build its EMET anti-exploit tool into the kernel of Windows 10 Creator Update (also known as RedStone 3), which is expected to release in September/October 2017. So you may not have to separately download and install EMET in the upcoming version of the Windows 10. If true, this would be the second big change Microsoft is making in its Windows 10 Fall update after planning to remove SMBv1 to enhance its users security. EMET or Enhanced Mitigation Experience Toolkit, currently optional, is a free anti-exploit toolkit for Microsoft's Windows operating systems designed to boost the security of your computer against complex threats such as zero-day vulnerabilities. " EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software ," Microsoft site reads. Basically EMET detects and prevents buffer overflows and memory corruption vulnerabilities,

First-Ever Data Stealing Malware Found Using Intel AMT Tool to Bypass Firewall

First-Ever Data Stealing Malware Found Using Intel AMT Tool to Bypass Firewall
Jun 09, 2017
It's not hard for a well-funded state-sponsored hacking group to break into corporate networks and compromise systems with malware, but what's challenging for them is to keep that backdoor and its communication undetectable from a firewall and other network monitoring applications. However, a cyber-espionage group known as " Platinum ," that is actively targeting governmental organisations, defense institutes, and telecommunication providers since at least 2009, has found a way to hide its malicious activities from host-based protection mechanisms. Microsoft has recently discovered that the cyber-espionage group is now leveraging Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) channel as a file-transfer tool to steal data from the targeted computers without detection. Intel-based chip sets come with an embedded technology, called AMT, which is designed to allow IT administrators to remotely manage and repair PCs, workstations, and serve

Kaspersky Accuses Microsoft of Unfairly Disabling its Antivirus in Windows 10

Kaspersky Accuses Microsoft of Unfairly Disabling its Antivirus in Windows 10
Jun 07, 2017
Russian antivirus vendor Kaspersky Lab is so upset with US software giant Microsoft that the security firm has filed more antitrust complaints against the company. The antivirus firm initially filed a lawsuit late last year against Microsoft with Russian Federal Anti-monopoly Service (FAS) over alleged abuse of Microsoft's dominant position in the desktop market to push its own antivirus software with Windows 10 and unfair competition in the market. Microsoft ships Windows 10 with its own security software Windows Defender, which comes enabled it by default with the operating system. While Microsoft has made some changes in Windows Defender since the initial complaint, Kaspersky Lab is not satisfied with the changes, filing more antitrust complaints against the software giant, this time with the European Commission and the German Federal Cartel Office. Kaspersky Accuses Microsoft of Unfair Competitive Practices The antivirus firm told European antitrust regulators that Mi

Microsoft Issues Patches for Actively Exploited Critical Vulnerabilities

Microsoft Issues Patches for Actively Exploited Critical Vulnerabilities
Apr 12, 2017
Besides a previously undisclosed code-execution flaw in Microsoft Word, the tech giant patches two more zero-day vulnerabilities that attackers had been exploiting in the wild for months, as part of this month's Patch Tuesday . In total, Microsoft patches 45 unique vulnerabilities in its nine products, including three previously undisclosed vulnerabilities under active attack. The first vulnerability ( CVE-2017-0199 ) under attack is a remote-code execution flaw that could allow an attacker to remotely take over a fully patched and up to date computer when the victim opens a Word document containing a booby-trapped OLE2link object. The attack can bypass most exploit mitigations developed by Microsoft, and according to Ryan Hanson of security firm Optiv, in some cases, exploits can execute malicious code even when Protected View is enabled. As The Hacker News reported Monday, this code-execution flaw in Microsoft Word was being exploited by hackers to spread a version

Windows SMB Zero-Day Exploit Released in the Wild after Microsoft delayed the Patch

Windows SMB Zero-Day Exploit Released in the Wild after Microsoft delayed the Patch
Feb 06, 2017
Last weekend a security researcher publically disclosed a zero-day vulnerability in Windows 10, Windows 8.1 and Server editions after Microsoft failed to patch it in the past three months. The zero-day memory corruption flaw resides in the implementation of the SMB (server message block) network file sharing protocol that could allow a remote, unauthenticated attacker to crash systems with denial of service attack, which would then open them to more possible attacks. According to US-CERT, the vulnerability could also be exploited to execute arbitrary code with Windows kernel privileges on vulnerable systems, but this has not been confirmed right now by Microsoft. Without revealing the actual scope of the vulnerability and the kind of threat the exploit poses, Microsoft has just downplayed the severity of the issue, saying: "Windows is the only platform with a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as

MBRFilter — Open Source Tool to Protect Against 'Master Boot Record' Malware

MBRFilter — Open Source Tool to Protect Against 'Master Boot Record' Malware
Oct 20, 2016
Ransomware threat has risen exponentially so much that ransomware authors have started abusing the MBR in their attacks to lock down your entire computer instead of just encrypting your important files on hard drive. Talos team at Cisco Systems has released a free, open-source tool that protects the master boot record (MBR) sector of computers from modification by bootkits, ransomware, and other malicious attacks. Master Boot Record (MBR) is the first sector (512 bytes) on your Hard drive that stores the bootloader, a piece of code that is responsible for booting the current Operating System. Technically, Bootloader is first code that gets executed after system BIOS that tells your computer what to do when it start. An advanced malware program, such as rootkit and bootkit, leverages this process to infect computers by modifying the MBR. A boot malware or bootkits has the ability to install ransomware or other malicious software into your Windows kernel, which is almost i

Microsoft Patches 5 Zero-Day Vulnerabilities Being Exploited in the Wild

Microsoft Patches 5 Zero-Day Vulnerabilities Being Exploited in the Wild
Oct 12, 2016
Microsoft has released its monthly Patch Tuesday update including a total of 10 security bulletin, and you are required to apply the whole package of patches altogether, whether you like it or not. That's because the company is kicking off a controversial new all-or-nothing patch model this month by packaging all security updates into a single payload, removing your ability to pick and choose which individual patches to install. October's patch bundle includes fixes for at least 5 separate dangerous zero-day vulnerabilities in Internet Explorer, Edge, Windows and Office products that attackers were already exploiting in the wild before the patch release. The patches for these zero-day flaws are included in MS16-118, MS16-119, MS16-120, MS16-121 and MS16-126. All the zero-days are being exploited in the wild, allowing attackers to execute a remote command on victim's system. Although none of the zero-day flaws were publicly disclosed prior to Tuesday, the company wa

Hackers Selling Unpatched Microsoft Windows Zero-Day Exploit for $90,000

Hackers Selling Unpatched Microsoft Windows Zero-Day Exploit for $90,000
Jun 03, 2016
How much a Windows zero-day exploit that affects all versions of Windows operating system costs on the black market? It's $95,000, at least, for the one recently spotted by security researchers. Researchers from Trustwave's SpiderLabs team have uncovered a zero-day exploit on Russian underground malware forum exploit.in, affecting all versions of Microsoft Windows OS from Windows 2000 all the way up to a fully patched version of Windows 10. The zero-day exploit for the previously unknown vulnerability in " every version " of Windows is openly sold for $90,000 ( over £62,000 ). The security team originally discovered the zero-day exploit last month when the firm saw its ad on a Russian hacking forum for $95,000. However, the price has now been dropped to $90,000. The zero-day vulnerability in question claims to be a Local Privilege Escalation (LPE) bug in Windows that offers admin access to run malicious code on a victim's PC and is less dangerous th

Windows 10 Blue Screen of Death Gets QR Code

Windows 10 Blue Screen of Death Gets QR Code
Apr 13, 2016
If you are a Microsoft's Windows user, you may have encountered the infamous Blue Screen of Death (BSOD) . The Blue Screen of Death generally appears when Windows encounters any critical error due to software or hardware issues, displaying a sad face and no information other than "Your PC ran into a problem." However, now the company is apparently giving its infamous Blue Screen of Death a makeover. With the Microsoft's Anniversary Update, the company is making the Blue Screen of Death a little helpful for its users. Microsoft is adding QR code to its Blue Screen of Death (BSOD) in Windows 10 that will make it easier for users to identify potential issues with their devices. The new QR codes are featured in the Redmond's latest Windows 10 Preview, Build 14316, which will debut this summer as the Windows 10 Anniversary Update. Must Read:   Step-by-Step Tutorial to Run Ubuntu on latest Windows 10 Preview Build . Now, when your operating

Enable this New Setting to Secure your Computer from Macro-based Malware

Enable this New Setting to Secure your Computer from Macro-based Malware
Mar 31, 2016
Do you deal with MS Word files on the daily basis? If yes, then are you aware that even opening a simple doc file could compromise your system? It is a matter to think that the virus does not directly affect you, but it is you who let the virus carry out the attack by enabling deadly "Macros" to view the doc contents that are generally on eye-catching subjects like bank invoice. How Macros are Crippling your System? The concept of Macros dates back to 1990s. You must be familiar with this message: " Warning: This document contains macros. " A Macro is a series of commands and actions that help to automate some tasks. Microsoft Office programs support Macros written in Visual Basic for Applications (VBA), but they can also be used for malicious activities like installing malware. Hackers are cleverly using this technique on the shade of social engineering by sending the malicious Macros through doc file or spreadsheet with an eye-catching subject in t

How Just Opening an MS Word Doc Can Hijack Every File On Your System

How Just Opening an MS Word Doc Can Hijack Every File On Your System
Feb 19, 2016
If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it. Doing so could cripple your system and could lead to a catastrophic destruction. Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed " Locky ," into their systems. So if you find .locky extension files on your network shares, Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom. Locky ransomware is spreading at the rate of 4000 new infections per hour , which means approximately 100,000 new infections per day . Microsoft MACROS are Back It is hard to digest the fact that, in this 2016, even a single MS Word document could compromise your system by enabling ' Macros .' This is where the poin
Cybersecurity Resources