October 10, 2023 at 02:36PM Microsoft released a large batch of software and OS updates to address over 100 vulnerabilities across Windows systems. They warned that three of these vulnerabilities are already being exploited. The updates also targeted a zero-day vulnerability in HTTP/2 Rapid Reset that exposed the internet to DDoS attacks. Two other zero-day … Read more
October 10, 2023 at 06:06PM Microsoft’s October Patch Tuesday update addressed two zero-day vulnerabilities that were actively being attacked, affecting Microsoft WordPad and Skype for Business. A critical-rated bug in Message Queuing was also patched. The update included a total of 103 CVEs, with 13 critical-rated vulnerabilities and 20% of the fixes related to Microsoft … Read more
October 10, 2023 at 05:55PM Microsoft has issued a warning to customers about incorrect BitLocker drive encryption errors in certain managed Windows environments. The issue only affects client platforms like Windows 11 21H2/22H2 and Windows 10 21H2/22H2, as well as Windows 10 Enterprise LTSC 2019. It specifically impacts environments where drive encryption is enforced for … Read more
October 10, 2023 at 12:46PM Microsoft plans to phase out VBScript in future Windows releases, after 30 years of use. VBScript will be available as an on-demand feature before being removed from the operating system. This move is likely due to the discontinuation of Internet Explorer and is part of Microsoft’s strategy to mitigate malware … Read more
October 10, 2023 at 12:38PM Microsoft plans to phase out VBScript in future Windows releases, after 30 years of use. VBScript will become an on-demand feature until it is completely removed from the operating system. This decision is likely related to the discontinuation of Internet Explorer, which eliminates a major infection vector for malware. Microsoft … Read more
October 10, 2023 at 09:54AM A new zero-day vulnerability called ‘HTTP/2 Rapid Reset’ has been exploited by malicious actors to launch massive distributed denial-of-service (DDoS) attacks. Cloudflare, Google, and AWS have all experienced record-breaking attacks, with the largest reaching 398 million requests per second. The attacks leverage a feature in the HTTP/2 protocol and have … Read more
October 10, 2023 at 09:00AM Google has announced that all users can now set up passkeys by default, allowing for passwordless logins. Passkeys use public-key cryptography to authenticate users’ access to websites and apps, eliminating the need for usernames and passwords. This adds convenience and enhances security, as passkeys are phishing-resistant. Microsoft, eBay, and Uber … Read more