Hackers Can Exploit ‘Forced Authentication’ to Steal Windows NTLM Tokens Nov 28, 2023NewsroomCyber Attack / Vulnerability Cybersecurity researchers have discovered a case of “forced authentication” that could be exploited to leak a Windows user’s NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access Read more…
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login Nov 22, 2023NewsroomAuthentication Security / Windows A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered Read more…
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks Nov 13, 2023NewsroomCyber Warfare / Malware Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel. Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows Read more…
New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers Nov 09, 2023NewsroomEndpoint Security / Malware A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. “This Read more…
Moving Beyond EMET II – Windows Defender Exploit Guard | MSRC Blog Since we last wrote about the future of EMET and how it relates to Windows 10 back in November 2016 (see Moving Beyond EMET), we have received lots of invaluable feedback from EMET customers and enthusiasts regarding the Read more…
Local privilege escalation via the Windows I/O Manager: a variant finding collaboration | MSRC Blog The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services to help make our customers and the global online community more secure. We appreciate the excellent vulnerability research Read more…
Solving Uninitialized Stack Memory on Windows | MSRC Blog This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path. This blog post will be broken down into a few parts that folks can jump to: Uninitialized Read more…
Solving Uninitialized Kernel Pool Memory on Windows | MSRC Blog This blog post outlines the work that Microsoft is doing to eliminate uninitialized kernel pool memory vulnerabilities from Windows and why we’re on this path. For a background on why uninitialized memory matters and what options have been used in Read more…
Randomizing the KUSER_SHARED_DATA Structure on Windows | MSRC Blog Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization (KASLR) that increases the cost of exploitation, particularly for remote code execution exploits. Many kernel virtual address space (VAS) locations including kernel stacks, pools, system PTEs etc. are Read more…
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware Oct 30, 2023NewsroomMalware / Endpoint Security A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a Read more…