Sofia Elizabella Wyciślik-Wilson

Whenever Microsoft releases updates for Windows, the company is always keen for as many people as possible to get the patch installed. But with this month's Patch Tuesday bug fixes, the company is encouraging Windows users even more than usual.

Referring to two Critical security issues and one Important one, all affecting TCP/IP, Microsoft says that "it is essential that customers apply Windows updates to address these vulnerabilities as soon as possible". The CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094 vulnerabilities affect Windows 7 upwards.

Continue reading →

This Patch Tuesday -- the second Tuesday of February, yesterday -- Microsoft released fixes for a slew of Windows 10 flaws. Included among a total of 56 vulnerabilities is a critical zero-day which was being actively exploited to gain admin privileges on victims' systems.

But the fix for CVE-2021-1732 (Windows Win32k Elevation of Privilege Vulnerability) is just one of 11 fixes for critical bugs this month. In addition, Microsoft has fixed two Moderate vulnerabilities, as well as 43 that are marked as Important.

Continue reading →

Raspberry Pi owners are being warned that the officially supported Raspberry Pi OS installs a Microsoft repo without notification.

A recent update to the Debian Linux-based operating system -- previously known as Raspbian -- secretly installs a Microsoft apt repository that can call home to the company's servers. For anyone concerned about telemetry in general, or who is trying to avoid contact with the Windows maker, this is clearly not good news and raises questions about trust.

Continue reading →

A few weeks ago, we wrote about a bug in Windows 10 which could lead to an NTFS drive being formatted simply by opening a folder. The issue affects the $i30 NTFS attribute, and it can be triggered in Explorer as well as web browsers.

Now Mozilla has released a key update to Firefox which prevents it from activating the bug. To be protected, you need to be running at least Firefox 85.0.1.

Continue reading →

Microsoft has acknowledged that two recent updates for Windows 10 are causing problems for users. People who have installed KB4598299 and KB4598301 are reporting BSoDs as well as app crashes.

The two updates (released Windows 10 versions 1909, 2004 and 20H2) were supposed to address issues in .NET Framework 3.5 and 4.8, but they have -- as is increasingly common with Windows updates -- introduced new problems of their own.

Continue reading →

It is only a few days since Microsoft released PowerToys 0.31.1, but there is already a new version for you to install.

While there are no major changes in the latest release of the utility suite, does include important bug fixes. Microsoft detected issues with the FancyZones PowerToy, and deemed them significant enough to push out this patch release.

Continue reading →

Since adopting the Chromium engine, Microsoft Edge has come on in leaps and bounds. Much like Internet Explorer before it, the original version of the browser was much maligned, and now the time has come to retire it.

For some time, Microsoft has been trying to encourage hangers-on to migrate to the Chromium-based version of Edge, and now it's time for drastic action. In an upcoming update to Windows 10, the company is getting rid of legacy Edge once and for all.

Continue reading →

Microsoft has set out its plans for WinUI 3.0 which is due to ship later this year. Described as the "modern native UI platform of Windows", WinUI is the C++-based library of controls and Fluent styles that empowers developers to create a new breed of apps.

The company has shared details of the roadmap for WinUI, explaining how version 3.0 will expand into a full UX framework. It is part of Project Reunion which sees Microsoft bringing together a unified set of tools and APIs to make it easy to develop apps for different Windows 10 devices.

Continue reading →

A serious security vulnerability has been discovered in Chrome, forcing Google to push out an emergency update to the browser. Affecting the Windows, Mac and Linux versions of Chrome, the high severity vulnerability is being tracked as CVE-2021-21148.

Described as a "heap buffer overflow in V8", it is being actively exploited in the wild, although few details of the exploit are available. Because of the severity of the vulnerability, Google has released a fix and is urging everyone to install it.

Continue reading →

Microsoft has changed the status of both Windows 10 version 2004 and version 1909, marking them as being ready for "broad deployment".

In the case of Windows 10 version 1909 (or Windows 10 November 2019 Update), the company says it is "designated ready for broad deployment for all users via Windows Update". For Windows 10 version 2004 (aka Windows 10 May 2020 Update), however, the status has been updated to indicate that it is merely "designated for broad deployment". And there is a reason for the difference between the two.

Continue reading →

We recently wrote about a serious vulnerability in the sudo tool which could be used to gain root access to Linux systems. Now a security researcher has found that the security flaw also affects macOS Big Sur -- including on new M1 Macs.

The Baron Samedit vulnerability -- or CVE-2021-3156 -- is a heap-based buffer overflow bug that was discovered by cybersecurity firm Qualys. While it was initially thought to only affect Linux systems, researcher Matthew Hickey (who also goes by the name Hacker Fantastic) found that macOS is also vulnerable with only very minor changes needed to the original exploit.

Continue reading →

Microsoft has released a new update for Windows 10, addressing various issues that have plagued users.

Although the KB4598291 update is an optional one, it fixes so many problems that many people are going to want to get it installed straight away. This particular update is only available for Windows 10 May 2020 Update (version 2004) and Windows 10 October 2020 Update (20H2).

Continue reading →

Microsoft has released a new version of its PowerToys utilities collection for Windows 10, bringing improvements to FancyZones and PowerToys Run. The latest update also includes numerous bug fixes.

Included among the new arrivals in PowerToys 0.31.1 are a new dark mode option and an enhanced interface for FancyZones.

Continue reading →

A trojanized version of OpenSSH software is being used to steal SSH credentials from high performance computing (HPC) clusters, reports security firm ESET. The Linux malware has been dubbed Kobalos, and is described as "small, yet complex" and "tricksy".

Despite its diminutive size, the Kobalos backdoor is hitting some major targets including government systems in the US, universities in Europe, and a major ISP in Asia. Security experts report that while the multiplatform backdoor works on Linux, FreeBSD and Solaris, "there are also artifacts indicating that variants of this malware may exist for AIX and even Windows".

Continue reading →

The next big update for Windows 10 is going to be Windows 10 21H1 -- although it should also have a slightly snappier name when it is released. But while previous xxH1 updates have reached users in May, this year it is looking like it could be a little later than expected.

Although Microsoft has said little official about the Windows 10 21H1 release, a developer writing on the Chromium Gerrit appears to have let something slip.

Continue reading →