windows
Critical Cisco Smart Licensing Utility flaws now exploited in attacks
Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. The CSLU Windows application allows admins to manage licenses and linked products on-premises without connecting them to Cisco’s cloud-based Smart Software Manager solution. Cisco patched this security flaw (tracked as CVE-2024-20439) in September, describing it as “an […]
Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix
Microsoft has lifted an upgrade block that prevented Asphalt 8: Airborne players from upgrading their systems to Windows 11 24H2 due to compatibility issues. According to its Microsoft Store entry, the game has over 322,000 ratings and 470 million players across all supported platforms. As the company explained when it first acknowledged this known issue in October, the game was […]
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. However, as security researchers Peter Girnus and Aliakbar Zahravi with Trend Micro’s Zero Day Initiative (ZDI) reported today, Microsoft tagged it as “not meeting the […]
Microsoft: March Windows updates mistakenly uninstall Copilot
Microsoft says the March 2025 Windows cumulative updates automatically and mistakenly remove the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. The warning was added to updated support documents days after Redmond released this month’s Patch Tuesday security updates. As Microsoft explains, the update applies to all users who install the KB5053598 (Windows […]
Microsoft says button to restore classic Outlook is broken
Microsoft is investigating a known issue that causes the new Outlook email client to crash when users click the “Go to classic Outlook” button, which should help them switch back to the classic Outlook. “Some users have reported that the ‘go back to classic Outlook’ button in new Outlook for Windows does not open a […]
Microsoft patches Windows Kernel zero-day exploited since 2023
Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. Fixed in Windows security updates released during this month’s Patch Tuesday, the security flaw is now tracked as CVE-2025-24983 and was reported to Microsoft by ESET researcher Filip Jurčacko. The vulnerability is […]
Microsoft: Recent Windows updates make USB printers print random text
Microsoft says that some USB printers will start printing random text after installing Windows updates released since late January 2025. The known issue affects Windows 10 (version 22H2) and Windows 11 (versions 22H2 and 23H2), but according to an update to the Windows release health dashboard, the latest Windows 11 24H2 is not impacted. “After […]
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Today is Microsoft’s March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. This Patch Tuesday also fixes three “Critical” vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: The above numbers do not include Mariner flaws and 10 Microsoft Edge vulnerabilities […]
Microsoft replacing Remote Desktop app with Windows App in May
Microsoft announced that it will drop support for the Remote Desktop app (available via the Microsoft Store) on May 27 and replace it with its new Windows App. “Connections to Windows 365, Azure Virtual Desktop, and Microsoft Dev Box via the Remote Desktop app from the Microsoft Store will be blocked after May 27, 202,” Microsoft said. “To […]
Critical PHP RCE vulnerability mass exploited in new attacks
Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024-4577, this PHP-CGI argument injection flaw was patched in June 2024 and affects Windows PHP installations with PHP running in CGI mode. Successful exploitation enables unauthenticated attackers to execute arbitrary code and leads to […]