| TheWindowsClub News

Mitigate the Downfall vulnerability in Windows using these instructions

VamienMcKalin@TWCN — Wed, 30 Aug 2023 05:06:28 +0000

There is a new transient execution attack known as Downfall, but more technical people may want to call it Gather Data Sampling (GDS). This particular vulnerability can be used to infer data from affected CPUs. These CPUs are usually from security boundaries such as virtual machines, processes, trusted execution environments, and user-kernel. Luckily, there are ways […]

The post Mitigate the Downfall vulnerability in Windows using these instructions appeared first on TheWindowsClub News.

Microsoft releases PowerShell script to fix WinRE vulnerability

VamienMcKalin@TWCN — Sat, 18 Mar 2023 15:49:08 +0000

Microsoft has developed a PowerShell script that can help you automate the updating process of the Windows Recovery Environment (WinRE) on the devices it is deployed on in a bid to address security vulnerabilities in CVE-2022-41099. PowerShell script to fix WinRE vulnerability released The folks on the Microsoft product team were the ones who developed […]

The post Microsoft releases PowerShell script to fix WinRE vulnerability appeared first on TheWindowsClub News.

Protect yourself against Windows Search Protocol Vulnerability

ShiwangiPeswani@TWC — Mon, 06 Jun 2022 05:39:37 +0000

A new Windows Search Protocol Vulnerability has also been discovered lately. The attackers exploit this vulnerability via malicious Word documents on your PC. Twitter user hackerfantastic.crypto first discovered and reported this vulnerability wherein the attackers launch a Windows Search window automatically whenever the user opens a new Word Document. This fake search window displays the […]

The post Protect yourself against Windows Search Protocol Vulnerability appeared first on TheWindowsClub News.

Over 100 Lenovo laptop models affected by firmware vulnerability

HemantSaxena@TWCN — Sat, 23 Apr 2022 08:40:27 +0000

The tagline of Lenovo PCs and tablets reads – Thin, Light, and Reliable – but the recent incident has somewhat impacted its reputation. A recent vulnerability discovered in the Notebook BIOS of Lenovo laptop models has the potential to escalate privileges. The scope of impact is Lenovo specific and the severity is medium. Firmware vulnerability […]

The post Over 100 Lenovo laptop models affected by firmware vulnerability appeared first on TheWindowsClub News.

Microsoft shares a fix for ACLs & SAM vulnerability

AnandKhanse@TWC — Thu, 22 Jul 2021 07:54:51 +0000

Microsoft Security has been talking about a relatively new system vulnerability for the past few days. Now, the company has come up with an effective fix for the ACL & SAM vulnerability. The said vulnerability CVE-2021-36934 is an important issue because it provides elevated privileges to the bad actor. How to fix Windows Elevation of […]

The post Microsoft shares a fix for ACLs & SAM vulnerability appeared first on TheWindowsClub News.

Microsoft patches DevilsTongue vulnerability; Suggests disable Print Spooler Service for now

AnandKhanse@TWC — Mon, 19 Jul 2021 18:45:13 +0000

Microsoft has once again issued a warning advising users to disable Windows print spooler in what appears to be the third serious Windows 10 print flaw in just five weeks. It looks like a new Windows print service vulnerability CVE-2021-34481 has now been discovered. If exploited, it could allow hackers to execute malicious code on […]

The post Microsoft patches DevilsTongue vulnerability; Suggests disable Print Spooler Service for now appeared first on TheWindowsClub News.

Windows 10 Print Spooler vulnerability can now be mitigated

TanmayPatange@TWCN — Sun, 04 Jul 2021 04:49:44 +0000

The Print Spooler Remote Code Execution Vulnerability, better known as PrintNightmare vulnerability, has spread across Windows systems worldwide. Microsoft had acknowledged the issue a while back, and it has now suggested a few ways to mitigate the Print Spooler vulnerability. UPDATE 7th July – Microsoft has released KB5004945 to patch this issue, so make sure […]

The post Windows 10 Print Spooler vulnerability can now be mitigated appeared first on TheWindowsClub News.

Microsoft fixes Exchange bug through one-click patch for small companies

TanmayPatange@TWCN — Wed, 17 Mar 2021 07:58:26 +0000

The Hafnium vulnerability has been threatening thousands of Microsoft Exchange and Calendar servers for the past few weeks. It was expected that the exposure could lead to the compromise of systems in around 30,000 US organizations. A few days after releasing a major patch to the issue, Microsoft has released a one-click mitigation tool targeted […]

The post Microsoft fixes Exchange bug through one-click patch for small companies appeared first on TheWindowsClub News.

Google Project Zero has disclosed unpatched Windows 0-day vulnerability

TanmayPatange@TWCN — Fri, 25 Dec 2020 15:20:02 +0000

Google’s Project Zero team has shared information on a zero-day security vulnerability CVE-2020-0986 that affects systems running Microsoft Windows. The Project Zero team is known for crawling the cyberspace for potential vulnerabilities and making organizations and people aware of those vulnerabilities. Google on Microsoft Windows vulnerability According to the reports, Project Zero intimated Microsoft about […]

The post Google Project Zero has disclosed unpatched Windows 0-day vulnerability appeared first on TheWindowsClub News.

Google discovers critical zero-day security vulnerability in Windows 10

AnandKhanse@TWC — Mon, 02 Nov 2020 04:18:04 +0000

The Windows 10 operating system is plagued by a zero-day vulnerability (CVE-2020-17087), which is actively being exploited by cybercriminals, Google has revealed. According to Ben Hawkes from Google’s security research team called Protect Zero, the vulnerability has nothing to do with the upcoming U.S. presidential election. The vulnerability affects Kernel Cryptography Driver Microsoft rolls out […]

The post Google discovers critical zero-day security vulnerability in Windows 10 appeared first on TheWindowsClub News.

Attackers can abuse Windows 10 themes to remotely control your PC

TanmayPatange@TWCN — Wed, 09 Sep 2020 13:00:31 +0000

Who doesn’t like to customize the default look and feel of their Windows 10 operating system? Windows 10 users can personalize their computers with a wide variety of custom themes. But something they probably don’t know yet is that a new sort of attack may be taking shape. Windows 10 themes attack could be on […]

The post Attackers can abuse Windows 10 themes to remotely control your PC appeared first on TheWindowsClub News.

Windows 10 vulnerable to relative path DLL Hijacking, bypassing User Account Control (UAC)

AnandKhanse@TWC — Mon, 29 Jun 2020 12:30:41 +0000

Almost 300 executable files in the System32 folder of the Windows 10 operating system are vulnerable to DLL Hijacking, claims a security researcher Wietze Beukema. According to Beukema, a simple VBScript can make these executables vulnerable to DLL Hijacking, entirely bypassing User Account Control (UAC). System32 folder vulnerable to DLL Hijacking First, let’s try to […]

The post Windows 10 vulnerable to relative path DLL Hijacking, bypassing User Account Control (UAC) appeared first on TheWindowsClub News.