Apply those updates now: CVE bypass offers up admin privileges for Windows 10

Credit to Author: Malwarebytes Labs| Date: Tue, 01 Feb 2022 11:07:29 +0000

A CVE bypass offers up the possibility of admin privileges on Windows 10 machines. Find out what’s happened, and how you can avoid it.

Categories: Malwarebytes news

Tags:

(Read more…)

The post Apply those updates now: CVE bypass offers up admin privileges for Windows 10 appeared first on Malwarebytes Labs.

Read more

How to keep your apps up to date in Windows 10 and 11

Credit to Author: Ed Tittel| Date: Wed, 19 Jan 2022 03:00:00 -0800

Look around a typical Windows desktop. Whether it’s running Windows 10 or 11, chances are that it’s running at least a couple of dozen Windows applications (.exe files), and at least four dozen Microsoft Store apps. On my local fleet of 10 PCs, the range for applications is from a low of 24 to a high of 120; for Store apps, it ranges from 49 to 81. Such numbers are quite typical, if my online research is at all accurate.

In general, it’s considered good security practice to keep apps and applications up-to-date. Why? Because many updates involve security patches and fixes that block potential attacks and prevent unauthorized and unwanted access to applications and their data (and sometimes, the host OS and the PCs they run on). In this story, I will offer some tools to help you streamline this process, along with some instructions on how to put them to work to help you keep your apps and applications current and safe.

To read this article in full, please click here

Read more

20 years after Gates’ call for trustworthy computing, we’re still not there

Credit to Author: Susan Bradley| Date: Mon, 17 Jan 2022 03:42:00 -0800

Do you feel more secure? Is your computing experience more trustworthy these days?

Seriously — you’re reading this article on a computer or phone, connecting to this site on an internet shared with your Grandma as well as Russian hackers, North Korean attackers, and lots of teenagers  looking at TikTok videos. It’s been 20 years since then-Microsoft CEO Bill Gates wrote his Trustworthy Computing memo where he emphasized security in the company’s products.

So are we actually more secure now?

I’m going to keep in mind the side effects from last week’s Patch Tuesday security updates and consider them in my answer. First, the good news: I don’t see major side effects occurring on PCs not connected to active directory domains (and I haven’t seen any showstoppers in testing my hardware at home). I can still print to my local HP and Brother printers. I can surf and access files. So, while I’m not ready yet to give an all-clear to install the January updates, when I do, I doubt you’ll see side effects.

To read this article in full, please click here

Read more

Patch Tuesday gets off to a busy start for January

Credit to Author: Greg Lambert| Date: Fri, 14 Jan 2022 12:10:00 -0800

For this week’s Patch Tuesday, the first of the year, Microsoft addressed 97 security issues, six of them rated critical. Though six vulnerabilities have been publicly reported, I do not classify them as zero-days. Microsoft has fixed a lot of security related issues and is aware of several known issues that may have inadvertently caused significant server issues including:

  • Hyper-V, which no longer starts with the message, “Virtual machine xxx could not be started because the hypervisor is not running.”
  • ReFS (Resilient) file systems that are no longer accessible (which is kind of ironic).
  • And Windows domain controller boot loops.

There are a variety of known issues this month, and I’m not sure whether we’ll see more issues reported with the January server patches. You can find more information on the risk of deploying these latest updates with our helpful infographic.

To read this article in full, please click here

Read more

Windows security in ’22 — you need more than just antivirus software

Credit to Author: Susan Bradley| Date: Mon, 10 Jan 2022 06:10:00 -0800

Do you need antivirus in 2022 — especially when some options now come with a cryptominer built in?

Several antivirus vendors — some options free, others, paid — have begun bundling their antivirus products with software that generates virtual currency. Of all of the requirements for antivirus, using excess cycles on your computer to generate crypto-coins is not on my list of must-haves.

Recently, Krebs on Security noted that both Norton Antivirus and Avira have told users that versions of their respective software now include a cryptominer. While it’s not enabled by default, it still gives me pause; antivirus is supposed to protect us from such potentially unwanted software, and these two vendors are now including it in their wares.

To read this article in full, please click here

Read more

How to manually update Microsoft Defender

Credit to Author: Ed Tittel| Date: Tue, 04 Jan 2022 03:00:00 -0800

Microsoft Defender is the built-in anti-malware package that’s included with modern Windows operating systems. It’s alternatively known as Windows Security (it shows up under Settings as Windows Security) or Windows Defender (sometimes with Antivirus at the end of the name, as in this Microsoft Docs page). But whatever you want to call it, for many Windows users, this tool is the go-to default for handling security on their PCs.

To read this article in full, please click here

(Insider Story)

Read more

Patch Tuesday, January 2020 Edition

Credit to Author: BrianKrebs| Date: Wed, 15 Jan 2020 02:31:50 +0000

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates.

Read more

Going in-depth on the Windows 10 random number generation infrastructure

Credit to Author: Eric Avena| Date: Mon, 25 Nov 2019 19:00:33 +0000

We are happy to release to the public The Windows 10 random number generation infrastructure white paper, which provides details about the Windows 10 pseudo-random number generator (PRNG) infrastructure, and lists the primary RNG APIs. The whitepaper also explains how the entropy system works, what the entropy sources are, and how initial seeding works.

The post Going in-depth on the Windows 10 random number generation infrastructure appeared first on Microsoft Security.

Read more