Krebs on Security: Microsoft Patch Tuesday, August 2022 Edition

Krebs on Security: Microsoft Patch Tuesday, August 2022 Edition. “Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.”

Report: Microsoft will return to releasing new Windows versions once every 3 years (Ars Technica)

Ars Technica: Report: Microsoft will return to releasing new Windows versions once every 3 years . “Rather than updating a single version of Windows for many years as it did with Windows 10, Microsoft plans to return to a schedule where it releases a new major version of Windows roughly once every three years, putting a hypothetical ‘Windows 12’ on track for release at some point in the fall of 2024.”

Engadget: Microsoft’s Defender online security tool is now available to consumers

Engadget: Microsoft’s Defender online security tool is now available to consumers. “It took awhile, but Microsoft Defender is now generally available for all your personal devices, not just Windows PCs and businesses. The new Defender for individuals gives Microsoft 365 subscribers an online tool that bolsters the existing malware and phishing security measures you’re (hopefully) using.”

WIRED: You Need to Update iOS, Chrome, Windows, and Zoom ASAP

WIRED: You Need to Update iOS, Chrome, Windows, and Zoom ASAP. “MAY HAS BEEN another busy month of security updates, with Google’s Chrome browser and Android operating system, Zoom, and Apple’s iOS releasing patches to fix serious vulnerabilities. Meanwhile, things have not run smoothly for Microsoft, which was forced to issue an out-of-band update after a disastrous Patch Tuesday during the month. And Cisco, Nvidia, Zoom, and VMWare all issued patches for pressing flaws. Here’s what you need to know.”

Bleeping Computer: Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws

Bleeping Computer: Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws. “Today is Microsoft’s May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws. Of the 75 vulnerabilities fixed in today’s update, eight are classified as ‘Critical’ as they allow remote code execution or elevation of privileges.”

One Good Thing: 32 years after its debut, Microsoft Solitaire is still a blissful time-waster (Vox)

Vox: One Good Thing: 32 years after its debut, Microsoft Solitaire is still a blissful time-waster. “There’s a pleasant, throwback quality to solitaire in this age of doomscrolling. For a few minutes at a time, I can look away from the rest of the world and just look for a way to get to the six of clubs that I know I need to finish this game.”

Ars Technica: Google brings Android games to Windows in limited (very limited) beta

Ars Technica: Google brings Android games to Windows in limited (very limited) beta. “As it announced in December, Google is bringing Android games to Windows. The project is simply called ‘Google Play Games,’ and the Windows version is now open for beta signups. The catch is that Google Play Games is getting a very limited distribution: you’ll need to be in Korea, Taiwan, or Hong Kong to sign up.”

The Register: Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops

The Register: Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops. “Microsoft has patched the patch that broke chunks of Windows and emitted fixes for a Patch Tuesday cock-up that left servers rebooting and VPNs disconnected. There was a time when out-of-band updates from Microsoft were considered a rarity. Not so much these days.”

Ars Technica: Backdoor for Windows, macOS, and Linux went undetected until now

Ars Technica: Backdoor for Windows, macOS, and Linux went undetected until now. “The discovery is significant for several reasons. First, fully cross-platform malware is something of a rarity, with most malicious software being written for a specific operating system. The backdoor was also written from scratch and made use of four separate command-and-control servers, an indication that the people who developed and used it were part of an advanced threat actor that invested significant resources. It’s also unusual for previously unseen Linux malware to be found in a real-world attack.”

MakeUseOf: How to Easily Create Cool Videos on Windows With Microsoft’s Clipchamp

MakeUseOf: How to Easily Create Cool Videos on Windows With Microsoft’s Clipchamp. “Videos are perhaps the most popular choice of media for almost everything today. You can find them in social media posts, on YouTube, in promos, and they’re even used for winning over clients. And though creating professional-looking videos might seem complex to you, it’s a breeze with an easy video editor like Clipchamp. Microsoft recently acquired the popular Clipchamp video editor, and it’s now available as a desktop app on the Microsoft Store on your Windows 10 or 11 PC. So let’s explore how we can easily create cool videos with Clipchamp.”

BleepingComputer: New Windows zero-day with public exploit lets you become an admin

BleepingComputer: New Windows zero-day with public exploit lets you become an admin. “A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. BleepingComputer has tested the exploit and used it to open to command prompt with SYSTEM privileges from an account with only low-level ‘Standard’ privileges.”

The Register: There’s something to be said for delayed gratification when Windows 11 is this full of bugs

The Register: There’s something to be said for delayed gratification when Windows 11 is this full of bugs . “An update to the Insiders version of Windows 11 includes a massive list of bug fixes, many of them serious, showing the wisdom of holding back on an early upgrade from Windows 10. Windows 11 was released on 5 October but has proved a problematic upgrade due to onerous system requirements and certain user interface decisions, with some features chopped in the Start menu and a confusing new right-click menu in File Explorer.”

SecurityWeek: Researcher Shows Windows Flaw More Serious After Microsoft Releases Incomplete Patch

SecurityWeek: Researcher Shows Windows Flaw More Serious After Microsoft Releases Incomplete Patch. “Tracked as CVE-2021-34484, the bug is described by Microsoft as a Windows User Profile Service elevation of privilege, and requires local, authenticated access for exploitation. All versions of Windows, including Windows Server, are affected. The security error resides in the User Profile Service, affecting code designed for creating a temporary user profile folder when the original profile folder is damaged.”