Articles about Windows security

The Recall feature of Windows 11 has not even launched yet, but it has proved endlessly controversial since it was first announced a few months back. Microsoft says that Recall will help users retrace their steps by taking snapshots of activity every few seconds, providing a way to step back in time and jump to an earlier activity.

Such was the uproar about the security and privacy implications of the feature, Microsoft has already made concessions. The company first pulled the feature from preview builds of Windows 11 to do further work on it, and then announced that it would be opt-in rather than enabled by default. Now it turns out that it will be possible to uninstall it completely.

Continue reading →

Smart App Control is just one of various security features Microsoft has built into Windows 11. But while many users place faith in the tool to block malicious apps, Elastic Security Labs warns that it is fundamentally flawed.

The company says that Windows Smart App Control and its predecessor SmartScreen "have several design weaknesses that allow attackers to gain initial access with no security warnings or popups". In an investigatory report, Elastic Security Labs details numerous types of attack that can be used to bypass Windows Smart Control as well as revealing a bug in the handling of .lnk files which can be used to get around security.

Continue reading →

Microsoft is responding proactively to user feedback on its upcoming Recall feature for Windows 11 Copilot+ PCs, enhancing privacy controls ahead of its release. This move comes as part of an ongoing effort to balance powerful AI functionalities with user privacy and security, a critical focus as the tech giant pushes forward with innovative new features designed to redefine personal computing.

Introduced on May 20, the Recall feature aims to transform the way users interact with their PCs by enabling them to retrieve previously viewed content through an AI-powered visual timeline. This system captures and encrypts snapshots of the user's screen, storing them locally to maintain privacy. Users can manage, pause, or delete these snapshots at their discretion, ensuring control over their digital footprint.

Continue reading →

Passwords are a blessing and a curse, serving to secure files, devices and more, while simultaneously being burdensome and, to some extent, offering a false sense of security. With the update that is rolling out to Windows 11, Microsoft is fully embracing the passwordless future the company so desires.

Microsoft points out that passwords are nowhere near as secure as people might think, citing the statistic of 4,000 password attacks every second as proof. The Windows 11 update introduces greater password free security thanks to Windows Hello and wider support for passkeys.

Continue reading →

In just a week's time, Microsoft will cease offering even critical security updates for both Windows 7 and Windows 8.x.

We wrote about Windows 7 Extended Security Update (ESU) coming to an end, and the termination of support for Windows 8.x just last month, but with a large number of people and businesses still unwilling -- or unable -- to move on from these aging operating systems it is a warning that bears repeating.

Continue reading →

We have already written about some of the security patches issued by Microsoft this month, but the company has released a very large number of fixes in total. Included among the fixes is a patch for a security issue deemed so serious that Microsoft has even released a fix for Windows 7, despite security support for the operating system having ended at the beginning of last year.

The vulnerability is tracked as CVE-2022-37969, and is a described as a "Windows Common Log File System Driver Elevation of Privilege Vulnerability".

Continue reading →

A worrying security flaw has been discovered in Razer Synapse software which can be exploited to gain administrator privileges in Windows 10. What is particularly concerning about this vulnerability -- aside from the fact that there is no patch available yet -- is that exploitation is possible by simply plugging in a Razer mouse, keyboard or dongle.

Pretty much the only thing that isn't disturbing about this security hole is that it is a local privilege escalation (LPE) vulnerability, meaning an attacker would need physical access to a system to exploit it. Nonetheless, the zero-day can be taken advantage of by anyone splashing out a few bucks on a cheap Razer peripheral.

Continue reading →