January 9, 2024 at 02:11PM Microsoft’s January 2024 Patch Tuesday addresses 49 flaws and 12 remote code execution vulnerabilities. Notably, a Windows Kerberos Security Feature Bypass and a Hyper-V RCE were classified as critical. Microsoft also addressed an Office Remote Code Execution Vulnerability and other flaws. Other vendors released updates, including .NET, Azure, Microsoft Edge, … Read more
January 2, 2024 at 10:36AM Security Joes discovered a new DLL search order hijacking technique allowing adversaries to execute malicious code in Windows’ WinSxS folder. The technique abuses applications’ search order, leading to the loading of a malicious DLL before the legitimate library. Attackers can inject unauthorized code into trusted processes, effectively bypassing security tools. … Read more
January 1, 2024 at 09:18AM Security researchers have uncovered a new DLL search order hijacking technique that allows threat actors to execute malicious code on Windows 10 and 11. By leveraging trusted WinSxS folder executables, adversaries can bypass security mechanisms and introduce potentially vulnerable binaries into the attack chain. Security Joes urges organizations to closely … Read more
December 28, 2023 at 02:05PM Microsoft disabled the MSIX ms-appinstaller protocol handler due to multiple financially motivated threat groups exploiting it to infect Windows users with malware. The attackers used the CVE-2021-43890 vulnerability to bypass security measures and distribute malware. Microsoft recommends installing the patched App Installer version 1.21.3421.0 or later and advised disabling the … Read more
December 22, 2023 at 03:14PM Attackers have exploited five vulnerabilities, including four zero-days, in a sensitive Windows kernel-level driver, exposing a systemic issue in Windows CLFS. The high-performance logging system, favored by hackers for low-level system privileges, suffers from design flaws, leading to a series of easily exploited bugs. Without redesign, it poses ongoing security … Read more
December 13, 2023 at 01:48AM Microsoft’s final 2023 Patch Tuesday update addressed 33 flaws, with 4 rated Critical and 29 rated Important. This year, they’ve patched over 900 flaws, including vulnerabilities like remote code execution and information disclosure. Akamai also discovered attacks against Active Directory domains using Microsoft DHCP servers, prompting recommendations from Microsoft. Other … Read more
November 27, 2023 at 04:02PM Microsoft is deprecating Defender Application Guard for Office and Windows Security Isolation APIs. They recommend using Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as alternatives. Application Guard for Office is a security feature that restricts files downloaded from untrusted sources, protecting against malware … Read more
November 21, 2023 at 04:32PM A proof-of-concept exploit (PoC) has been released for a critical zero-day vulnerability in Windows SmartScreen. The vulnerability, identified as CVE-2023-36025, allows attackers to bypass Windows Defender SmartScreen checks without triggering alerts. The exploit involves tricking users into clicking on a malicious internet shortcut or link. The vulnerability affects various Windows … Read more
October 31, 2023 at 04:13PM Software developer Simon Dankelmann has created an Android app called ‘Bluetooth-LE-Spam’ that can generate Bluetooth Low Energy (BLE) spam alerts on Android and Windows devices. The app can simulate various devices and send frequent connection requests, potentially disrupting Bluetooth-connected devices like mice and keyboards. While the app is currently in … Read more