windows
Microsoft retires Windows updates causing 0x80070643 errors
Microsoft has retired several Windows security updates released during the January 2024 Patch Tuesday that have been causing 0x80070643 errors when installing Windows Recovery Environment (WinRE) updates. Redmond first acknowledged this known issue in January, days after widespread reports from Windows users of 0x80070643 errors. The company released the problematic KB5034441 (Windows 10 21H2/22H2), KB5034440 (Windows 11 21H2), and KB5034439 (Windows Server 2022) updates to […]
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. Found by Kunlun Lab’s XiaoWei and tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows […]
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Today is Microsoft’s August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and […]
New Windows SmartScreen bypass exploited as zero-day since March
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. SmartScreen is a security feature introduced with Windows 8 that protects users against potentially malicious software when opening downloaded files tagged with a Mark of […]
Microsoft is killing the Windows Paint 3D app after 8 years
Microsoft announced that the Paint 3D graphics app will be discontinued later this year and removed from the Microsoft Store in November. The 3D graphics program was first unveiled as a replacement for the Paint application eight years ago, in November 2016, with the release of Windows 10 Insider Build 14971. The company advises users to switch to […]
Windows Update downgrade attack “unpatches” fully-updated systems
SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to “unpatch” fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities. Microsoft issued advisories on the two unpatched zero-days (tracked as CVE-2024-38202 and CVE-2024-21302) in coordination with the Black Hat talk, […]
Windows Smart App Control, SmartScreen bypass exploited since 2018
A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. Smart App Control is a reputation-based security feature that uses Microsoft’s app intelligence services for safety predictions and Windows’ code integrity features to identify and block untrusted (unsigned) […]
Google Chrome bug breaks drag and drop from Downloads bubble
A recent Google Chrome update has broken the drag-and-drop feature in the Downloads bubble that previously allowed you to drag and drop downloaded files onto any website or tab in the browser. Google Chrome’s downloads menu originally appeared in a bar at the bottom of the browser, but this changed last year when it was replaced […]
New Specula tool uses Outlook for remote code execution in Windows
Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named “Specula,” released today by cybersecurity firm TrustedSec. This C2 framework works by creating a custom Outlook Home Page using WebView by exploiting CVE-2017-11774, an Outlook security feature bypass vulnerability patched in October 2017. “In […]
Windows 11 taskbar has a hidden “End Task” feature, how to turn it on
Microsoft has added a feature to Windows 11 that allows you to end tasks directly from the taskbar, but it’s turned off by default. How It Works When the “End Task” feature is enabled, you can right-click on an app icon in the taskbar and see an “End Task” option. When you select this option, […]