microsoft
Microsoft confirms August updates break Linux boot in dual-boot systems
Microsoft has confirmed the August 2024 Windows security updates are causing Linux booting issues on dual-boot systems with Secure Boot enabled. The issue is caused by a Secure Boot Advanced Targeting (SBAT) update applied to block Linux boot loaders unpatched against the CVE-2022-2601 GRUB2 Secure Boot bypass vulnerability. “Resulting from this issue, your device might fail to boot […]
Hackers use PHP exploit to backdoor Windows systems with new malware
Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university’s Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability (CVE-2024-4577). CVE-2024-4577 is a critical PHP-CGI argument injection flaw patched in June that impacts PHP installations running on Windows systems with PHP running in CGI mode. It allows unauthenticated attackers […]
Windows 11 preview update adds new Power mode options
Windows 11 Build 27686 has a few noteworthy improvements, such as 2TB support for FAT32 storage. It also improves Windows Sandbox and offers greater control over HDR settings, but there’s an undocumented change – the ability to set power mode for different power states. As shown in the screenshot below, Windows 11 will finally let you set different power modes […]
Windows 11 will give you greater control over HDR features
Microsoft has released Windows 11 Build 27686 with some hidden HDR-related changes. As noticed by Phantom on X, one of the hidden features is the ability to “allow HDR video streaming even when HDR is off.” As the name suggests, this basically allows you to stream HDR content without enabling HDR for the entire system. Additionally, the “HDR video […]
Microsoft disables BitLocker security fix, advises manual mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. Tracked as CVE-2024-38058, this important severity security flaw can let attackers bypass the BitLocker Device Encryption feature and access encrypted data with physical access to the targeted […]
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Today is Microsoft’s August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and […]
New Windows SmartScreen bypass exploited as zero-day since March
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. SmartScreen is a security feature introduced with Windows 8 that protects users against potentially malicious software when opening downloaded files tagged with a Mark of […]
Microsoft is killing the Windows Paint 3D app after 8 years
Microsoft announced that the Paint 3D graphics app will be discontinued later this year and removed from the Microsoft Store in November. The 3D graphics program was first unveiled as a replacement for the Paint application eight years ago, in November 2016, with the release of Windows 10 Insider Build 14971. The company advises users to switch to […]
Microsoft discloses unpatched Office flaw that exposes NTLM hashes
Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. Tracked as CVE-2024-38200, this security flaw is caused by an information disclosure weakness that enables unauthorized actors to access protected information. It impacts multiple 32-bit and 64-bit Office versions, including Office 2016, Office 2019, Office LTSC 2021, and […]
Microsoft 365 anti-phishing feature can be bypassed with CSS
Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails. Specifically, the anti-phishing measure that can be hidden is the ‘First Contact Safety Tip,’ which warns email recipients on Outlook when they receive a message from an unfamiliar address. Certitude analysts who discovered […]