Tag: windows
-
Microsoft targets 130 vulnerabilities on July Patch Tuesday
Admins will want to focus on issuing corrections for the large number of flaws, some of which require no user interaction, in Windows RRAS and Microsoft Office. First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366627292/Microsoft-targets-130-vulnerabilities-on-July-Patch-Tuesday
-
Windows 11 now uses JScript9Legacy engine for improved security
Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-11-now-uses-jscript9legacy-engine-for-improved-security/
-
Ich gebe auf: Wie ein Forscher ChatGPT mit einem einfachen Trick dazu bringt, Windows-Keys herauszurücken
First seen on t3n.de Jump to article: t3n.de/news/chatgpt-jailbreak-trick-ki-windows-lizenzschluessel-1696521/
-
FBI’s CJIS demystified: Best practices for passwords, MFA & access control
FBI’s Criminal Justice Information Services (CJIS) compliance isn’t optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbis-cjis-demystified-best-practices-for-passwords-mfa-and-access-control/
-
FBI’s CJIS demystified: Best practices for passwords, MFA & access control
FBI’s Criminal Justice Information Services (CJIS) compliance isn’t optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbis-cjis-demystified-best-practices-for-passwords-mfa-and-access-control/
-
AMD discloses new CPU flaws that can enable data leaks via timing attacks
Tags: access, attack, crowdstrike, cve, cvss, data, exploit, firmware, flaw, guide, leak, malware, microsoft, mitigation, risk, side-channel, strategy, supply-chain, threat, update, vulnerability, windowsCrowdStrike elevates threat classification despite CVSS scores: While AMD rates the vulnerabilities as medium and low severity based on attack complexity requirements, CrowdStrike has independently classified them as critical enterprise threats. The security firm specifically flagged CVE-2025-36350 and CVE-2025-36357 as “Critical information disclosure vulnerabilities in AMD processors,” despite both carrying CVSS scores of just 5.6.According…
-
Researchers Trick ChatGPT into Leaking Windows Product Keys
Security researchers have successfully demonstrated a sophisticated method to bypass ChatGPT’s protective guardrails, tricking the AI into revealing legitimate Windows product keys through what appears to be a harmless guessing game. This discovery highlights critical vulnerabilities in AI safety mechanisms and raises concerns about the potential for more widespread exploitation of language models. The Gaming…
-
Kritische NEGOEX-Schwachstelle CVE-2025-47981 zeitnah patchen
Heute noch ein kurzer Nachtrag zum Patchday vom 8. Juli 2025. Microsoft hat zu diesem Datum die als kritisch eingestufte Schwachstelle CVE-2025-47981 im SPNEGO Extended Negotiation (NEGOEX)-Sicherheitsmechanismus offen gelegt und entsprechende Patches bereitgestellt. Windows-Nutzer sollten unbedingt zeitnah reagieren und entweder … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/10/windows-kritische-negoex-schwachstelle-cve-2025-47981-zeitnah-patchen/
-
How to trick ChatGPT into revealing Windows keys? I give up
No, really, those are the magic words First seen on theregister.com Jump to article: www.theregister.com/2025/07/09/chatgpt_jailbreak_windows_keys/
-
Microsoft confirms Windows Server Update Services (WSUS) sync is broken
Microsoft has confirmed a widespread issue in Windows Server Update Services (WSUS) that prevents organizations from syncing with Microsoft Update and deploying the latest Windows updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-server-update-services-wsus-sync-is-broken/
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
Patchday: Windows Server-Updates (8. Juli 2025)
Am 8. Juli 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates für die unterstützten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details für diese Windows Server-Versionen (von Windows Server 2012 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/09/patchday-windows-server-updates-8-juli-2025/
-
Microsoft Security Update Summary (8. Juli 2025)
Microsoft hat am 8. Juli 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 128 Schwachstellen (CVEs), eine davon wurde als 0-day klassifiziert. Nachfolgend findet sich ein kompakter Überblick über diese … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/08/microsoft-security-update-summary-8-juli-2025/
-
Patchday: Windows 10/11 Updates (8. Juli 2025)
Am 8. Juli (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft kumulative Updates für die noch unterstützten Client-Betriebssystem-Versionen von Windows 10 und Windows 11 veröffentlicht. Hier einige Details zu diesen Updates, die Schwachstellen sowie Probleme beheben sollen. Updates für … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/09/patchday-windows-10-11-updates-8-juli-2025/
-
Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day
Microsoft released Patch Tuesday security updates for July 2025, which addressed 130 flaws, including one a Microsoft SQL Server zero-day. Microsoft Patch Tuesday security updates for July 2025 addressed 130 vulnerabilities in Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Azure, Teams, Hyper-V, Windows BitLocker, Microsoft Edge (Chromium-based), and the Windows…
-
Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)
For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/09/microsoft-fixes-critical-wormable-windows-flaw-cve-2025-47981/
-
Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server
Tags: cve, cyber, flaw, malicious, microsoft, network, remote-code-execution, update, vulnerability, windowsMicrosoft has released critical security updates addressing a severe remote code execution vulnerability that could allow attackers to execute malicious code across networks without user interaction. The vulnerability, tracked as CVE-2025-47981, affects Windows client machines running Windows 10 version 1607 and above, potentially exposing millions of systems to cyberattacks. Critical Security Vulnerability Details TheSPNEGO Extended…
-
Update nicht verteilt: Mainboard-Hersteller laut AMD schuld an ungefixtem TPM-Bug
Schon seit 2022 hat AMD einen Fix für einen Bug, der Windows-Nutzer mit aktivem Bitlocker aussperren kann. Doch die Mainboard-Hersteller liefern nicht. First seen on golem.de Jump to article: www.golem.de/news/fix-nicht-ausgeliefert-amd-kritisiert-mainboard-hersteller-fuer-umgang-mit-tpm-bug-2507-197912.html
-
Ohne Nutzerinteraktion: Kritische Windows-Lücke ermöglicht automatisierte Angriffe
Wer ein Windows-System im Einsatz hat, sollte dringend die Juli-Updates einspielen. Angreifer können eigenständig Schadcode einschleusen. First seen on golem.de Jump to article: www.golem.de/news/ohne-nutzerinteraktion-kritische-windows-luecke-ermoeglicht-automatisierte-angriffe-2507-197898.html
-
XMRig Malware Disables Windows Updates and Scheduled Tasks to Maintain Persistence
Monero (XMR), a cryptocurrency, saw a spectacular surge in early 2025, rising 45% from $196 to $285 by May, with a notable peak in April. This surge coincided with a high-profile Bitcoin theft in the US, where the stolen assets were reportedly converted into Monero by a single individual, drawing attention to the privacy-focused coin.…
-
BERT Ransomware Can Force Shutdown of ESXi Virtual Machines to Hinder Recovery
A newly identified ransomware group, BERT, tracked by Trend Micro as Water Pombero, has emerged as a significant threat to organizations across Asia, Europe, and the US. First observed in April, BERT targets critical sectors such as healthcare, technology, and event services, employing a dual-platform approach to infect both Windows and Linux systems. Threat Targeting…
-
Windows 10 KB5062554 cumulative update released with 13 changes, fixes
Microsoft has released the KB5062554 cumulative update for Windows 10 22H2 and Windows 10 21H2, with thirteen new fixes or changes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-kb5062554-cumulative-update-released-with-13-changes-fixes/
-
Windows 11 KB5062553 & KB5062552 cumulative updates released
Microsoft has released Windows 11 KB5062553 and KB5062552 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5062553-and-kb5062552-cumulative-updates-released/
-
New Bert Ransomware Evolves With Multiple Variants
An emerging ransomware group that calls itself Bert is quickly evolving after hitting the cybercrime scene in April, targeting both Windows and Linux systems used by organizations in the health care, tech, and other industries in the United States, Europe, and Asia. It may be a Russian group whose malware evolved from REvil code. First…
-
Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia.The activity, per cybersecurity vendor Kaspersky, has been active since July 2024.”The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract,” the Russian company said. “The main goal…
-
Video-Tipp #71: Harden Windows Security – Windows 11 härten mit PowerShell-Modul ‘Harden Windows Security”
First seen on security-insider.de Jump to article: www.security-insider.de/harden-windows-security-tool-tipps-a-a07c534dead5f34edae6082e2dfa3270/
-
NordDragonScan Targets Windows Users to Steal Login Credentials
FortiGuard Labs has discovered a current campaign that targets Microsoft Windows users with the NordDragonScan infostealer, which is a worrying trend for cybersecurity. This high-severity threat leverages a complex infection chain to infiltrate systems, harvest sensitive data, and exfiltrate it to a command-and-control (C2) server for potential use in future attacks. As detailed in the…