Tag: Microsoft

Categories
Ace Breaking News

BREAKING: Microsoft Issues Patches for 2 Windows Zero-Days & 126 Vulnerabilities

This is our daily post that is shared across Twitter & Telegram and published first on here with Kindness & Love โค๏ธโค๏ธ on My.Daz.blog

#AceNewsRoom With โ€˜Kindness & Wisdomโ€™ Apr.14, 2022 @acebreakingnews

Ace News Room Cutting Floor 14/04/2022

Follow Our Breaking & Daily News Here As It Happens:

#AceSecurityDesk – Microsoft’s Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others.

Windows Update
Hackers News

10 of the 128 bugs fixed are rated Critical, 115 are rated Important, and three are rated Moderate in severity, with one of the flaws listed as publicly known and another under active attack at the time of the release.

The updates are in addition to 26 other flaws resolved by Microsoft in its Chromium-based Edge browser since the start of the month.

The actively exploited flaw (CVE-2022-24521, CVSS score: 7.8) relates to an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). Credited with reporting the flaw are the U.S. National Security Agency (NSA) and CrowdStrike researchers Adam Podlosky and Amir Bazine.

The second publicly-known zero-day flaw (CVE-2022-26904, CVSS score: 7.0) also concerns a case of privilege escalation in the Windows User Profile Service, successful exploitation of which “requires an attacker to win a race condition.”

Other critical flaws to note include a number of remote code execution flaws in RPC Runtime Library (CVE-2022-26809, CVSS score: 9.8), Windows Network File System (CVE-2022-24491 and CVE-2022-24497, CVSS scores: 9.8), Windows Server Service (CVE-2022-24541), Windows SMB (CVE-2022-24500), and Microsoft Dynamics 365 (CVE-2022-23259).

Microsoft also patched as many as 18 flaws in Windows DNS Server, one information disclosure flaw and 17 remote code execution flaws, all of which were reported by security researcher Yuki Chen. Also remediated are 15 privilege escalation flaws in the Windows Print Spooler component.

The patches arrive a week after the tech giant announced plans to make available a feature called AutoPatch in July 2022 that allows enterprises to expedite applying security fixes in a timely fashion while emphasizing on scalability and stability.

Software Patches from Other Vendors

In addition to Microsoft, security updates have also been released by other vendors to rectify several vulnerabilities, counting โ€”

#AceNewsDesk report โ€ฆโ€ฆโ€ฆ..Published: Apr.14: 2022: 

Editor says โ€ฆSterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

Categories
Ace Daily News

WASHINGTON: CISA Report: Windows 10 Deadline To Fix Bug By Feb.18:2022

#AceNewsReport – Feb.08: CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability.

#AceSecurityDesk says CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug as Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit according to Threat Post report.

On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it added the vulnerability โ€“ tracked as CVE-2022-21882 and with a CVSS criticality rating of 7.0 โ€“ to its Known Exploited Vulnerabilities Catalog.

Lisa VaasFebruary 7, 2022 5:39 pm

The move means that Federal Civilian Executive Branch (FCEB) agencies have until Feb. 18, 2022 to remediate the vulnerability, which affects all unpatched versions of Windows 10.

โ€œThese types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,โ€ CISA said.

Exploitation Likely

CVE-2022-21882 is a privilege-escalation bug in Windows 10 that doesnโ€™t require much in the way of privileges to exploit: a nasty scenario, particularly given that an exploit requires zero user interaction.

Itโ€™s been tagged with an โ€œExploitation More Likelyโ€ exploitability index assessment.

Microsoft addressed the bug as part of its January 2022 Patch Tuesday updates: a sprawling set of patches that dealt with 97 security vulnerabilities, of which nine were critical CVEs, including a self-propagator with a 9.8 CVSS score.

Januaryโ€™s Exploding Patch Tuesday

Unfortunately, despite the fact that it was a fat Patch Tuesday stuffed full of critical patches, it was also a fat Patch Tuesday to which many organizations likely developed an allergic reaction.

Thatโ€™s because, at least for some customers, the updates blew up immediately, breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable.

Within two days of the Jan. 11 release, Microsoft had yanked the January Windows Server cumulative updates, rendering them unavailable via Windows Update.

PoC Has Been Out for Weeks

A proof-of-concept (PoC) exploit for CVE-2022-21882, which Microsoft had addressed as part of those January 2022 Patch Tuesday updates, has been available in the wild for a few weeks. The PoC was released by Gil Dabah, founder and CEO of Privacy Piiano, which offers โ€œPII by design.โ€

As Dabah tweeted on Jan. 28, he found the bug two years ago but decided not to report it at the time, given that Microsoft still owed him money for โ€œother stuff,โ€ as he claimed. Besides which, he wasnโ€™t happy about Microsoftโ€™s shrinking bug bounty awards, which โ€œreduced awards to nothing almost,โ€ Dabah said.

The reason I didnโ€™t disclose it, was because I waited to get paid by Msft for long time for other stuff. By the time they paid they reduced awards to nothing almost. I was already busy with my startup and thatโ€™s the story how it went unfixed. @ja_wreck https://t.co/PtRuNDAEYQ

โ€” Gil Dabah (@_arkon) January 28, 2022

On Friday, CISA said that it added the bug to the known exploited vulnerability database based on evidence that threat actors are actively exploiting it. Although CISAโ€™s fix-it deadline only applies to FCEB agencies, CISAโ€™s got sway, and Itโ€™s hoping to use it to convince non-federal outfits to patch.

โ€œCISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilitiesas part of their vulnerability management practice,โ€ according to its notice.

#AceNewsDesk report …………Published: Feb.08: 2022:

Editor says โ€ฆSterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

Categories
Ace Daily News

JUST IN: Google is working with the likes of Intel, Acer & HP to make connecting your phone through Fast Pair, share files between Android devices & Windows PCs with Nearby Share, set up Bluetooth accessories and sync text messages between the two computing ecosystems.

๐Ÿคทโ€โ™€๏ธ๐Ÿคทโ€โ™€๏ธ๐Ÿคทโ€โ™€๏ธ

#AceNewsReport – Jan.08: These new capabilities will come to select Windows PCs later this year and are part of what Google calls its effort to โ€œinvest in more helpful ways for your devices to work better together.โ€

๐Ÿ’โ€โ™€๏ธ๐Ÿ’โ€โ™€๏ธ๐Ÿ’โ€โ™€๏ธ๐Ÿ’โ€โ™€๏ธ๐Ÿ’โ€โ™€๏ธ

#AceSocialNewsDesk says that Google brings Android and (some) Windows PCs closer together over the course of the last few years, Google and Microsoft have both launched a number of initiatives that brought Android devices and Windows PCs closer together.

Goggle at it again legalized hacking ๐Ÿ’โ€โ™€๏ธ๐Ÿ’โ€โ™€๏ธ

That includes Microsoftโ€™s work on its own Android launchers for its Surface phones, but more importantly, apps like Microsoftโ€™s My Phone on Windows that lets you make calls and send text messages from your PC, or the Android subsystem for Windows that lets you run Android apps on Windows 11, though thatโ€™s a cooperation with Amazon, not Google.

In the case of the new features the company announced today, Google doesnโ€™t like Microsoft as one of its partners either, so weโ€™re mostly talking about some pre-installed software on new PCs from a small set of manufacturers here, not a new Windows 10 or 11 feature.

#AceNewsDesk report ……….Published: Jan.08: 2021:

๐Ÿ’ฏ๐Ÿ’ฏ๐Ÿ’ฏ๐Ÿ’ฏ

Editor says โ€ฆSterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

๐Ÿคทโ€โ™€๏ธ๐Ÿคทโ€โ™€๏ธ๐Ÿคทโ€โ™€๏ธ
Categories
Ace Daily News

JUST IN: Snippets of Telegram News Report: Cortana Would Be Named Bingo if Steve Ballmer Had His Way #AceNewsDesk report

That’s according to former Microsoft product manager Sandeep Paruchuri, who recounted the story of how Microsoft’s AI assistant got its name to writer Alice Newton Rex as part of a deep dive into Cortana’s origins.

While we’ve gotten a pretty good idea of Microsoft’s ambitious vision for the AI assistant in the years since it leaked then launched, Paruchuri and Rex gave the inside story of how Cortana was named, pitched to management, and the clash that happened between dreams and reality. Also included are interesting details about how the assistant became one of the main advertising points for the doomed Windows Phone platform.

#AceNewsDesk reports, [Dec 21, 2021 at 10:07]

Editor says โ€ฆSterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily
Categories
Ace Daily News

SECURITY: Microsoft Passwordless Report: Time to go without all those complicated passwords by using the authentication app with your personal account details #AceNewsDesk report

#AceNewsReport – Sept.19: Microsoft has announced it will be permanently doing away with using passwords to sign in across all of its platforms.

#AceSecurityDesk says Microsoft announces global passwordless sign-in to go passwordless, users just need to install and link the Microsoft Authenticator app with their personal account, then turn on โ€œpasswordless accountโ€ in their Advanced Security Options according to news.com.au report

Kindness & Love โค๏ธ says but remember not to connect any payment accounts together as all eggs in one basket is not always a good idea that way you keep control of YOUR money โ€ฆ..

The tech company revealed this week it would be bolstering support for passwordless logins to Microsoft accounts including Outlook, OneDrive and FamilySafety. 

Users would instead be able to use the Authenticator app, Windows Hello, a security key, or a verification code sent to their phone or email.

It followed a successful launch of passwordless sign-in for enterprise users in March, with the same to be rolled out globally in the next few weeks. 

โ€œWe are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that either,โ€ Microsoft CVP of identity and management Vasu Jakkal wrote in a company blog post.

Microsoft passwordless sign-ins will be rolled out globally in the coming weeks. Picture: AFP
Microsoft passwordless sign-ins will be rolled out globally in the coming weeks. Picture: AFP

The switch would make it significantly harder for hackers to log in to peopleโ€™s devices, Mr Jakkal said. 

โ€œWeak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second โ€“ thatโ€™s 18 billion every year,โ€ he wrote.

โ€œPasswords are incredibly inconvenient to create, remember and manage across all the accounts in our lives.โ€

Hackers had become almost impossible to outsmart entirely, given the access they often had to techniques like automated password spraying and phishing, Mr Jakkal said. 

โ€œA quick look at someoneโ€™s social media can give any hacker a head start on logging into their personal accounts. Once that password and email combination has been compromised, itโ€™s often sold on the dark web for use in any number of attacks,โ€ he said. 

#AceNewsDesk report โ€ฆโ€ฆโ€ฆPublished: Sept.19: 2021:

Editor says โ€ฆSterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com