Wednesday Newsbytes – News for You – 041322
Every day we scan the tech world for news that affects all of us who use Windows computers. Every Wednesday, we feature some of the news articles that grabbed our attention over the past week. We hope you find this week’s “Wednesday Newsbytes” informative and interesting!
Microsoft’s massive 145-vulnerability Patch Tuesday fixes ten critical exploits
This month’s round of patches is now available with some exploits proving to be particularly dangerous are about to see their accounts locked for good.
Microsoft has patched considerably more than 100 security vulnerabilities this week, as part of its monthly ‘Patch Tuesday’, including ten rated ‘critical’.
The 145 now-fixed vulnerabilities were dominated by privilege escalation flaws and remote code execution (RCE) vulnerabilities, a total of 55 and 47 respectively. Denial of service, information disclosure, and spoofing flaws comprised the majority of the remainder.
Of the ten critical-rated vulnerabilities, three of them scored nearly maximum marks (9.8), representing a serious threat to organisations.
All three 9.8-rated vulnerabilities are RCE flaws that require a low degree of attack complexity in order to exploit, two of which are wormable, according to Zero Day Initiative (ZDI).
The first of the two wormable flaws is CVE-2022-26809, a flaw that could allow an attacker to execute arbitrary code on a machine with high privileges. The static port used in this exploit (TCP port 135) is usually blocked at the network perimeter, ZDI said, but it’s still a highly dangerous vulnerability that should be patched swiftly.
New Meta information stealer distributed in malspam campaign
A malspam campaign has been found distributing the new META malware, a new info-stealer malware that appears to be rising in popularity among cybercriminals.
META is one of the novel info-stealers, along with Mars Stealer and BlackGuard, whose operators wish to take advantage of Raccoon Stealer’s exit from the market that left many searching for their next platform.
Bleeping Computer first reported about META last month, when analysts at KELA warned about its dynamic entrance into the TwoEasy botnet marketplace.
The tool is sold at $125 for monthly subscribers or $1,000 for unlimited lifetime use and is promoted as an improved version of RedLine.
New Meta malspam campaign
A new spam campaign seen by security researcher and ISC Handler Brad Duncan is proof that META is actively used in attacks, being deployed to steal passwords stored in Chrome, Edge, and Firefox, as well as cryptocurrency wallets.
The infection chain in the particular campaign follows the “standard” approach of a macro-laced Excel spreadsheet arriving in prospective victims’ inboxes as email attachments.
Read the rest at Bleeping Computer
Could Windows 12 become Microsoft’s first cloud-based operating system?
Microsoft is rumored to have started work on Windows 12 already
Earlier this week, Microsoft unveiled a bounty of upgrades for Windows 11, which has been positioned as the operating system of the hybrid working era. The additions included a new-look File Explorer, improved video conferencing facilities and various security upgrades.
However, implicit in some of the announcements were also clues as to how the company might shape its future operating systems. And if the rumors are to be believed, Microsoft has already started work on Windows 12.
The focus of the Windows 11 roadmap on enhanced mobility and the renewed emphasis on Windows 365, the company’s PC-as-a-Service offering, suggest the future of Windows lies firmly in the cloud, particularly in a business context.
Head in the clouds
In a world in which connectivity is becoming increasingly ubiquitous, it’s not outside the realms of possibility that Windows 12 could become Microsoft’s first ever cloud-only operating system, hosted off-device and bundled with compute and storage as part of a subscription package.
The system would be similar in many ways to traditional virtual desktop setups, which have been deployed by businesses for years to support BYOD scenarios, but offer simplified pricing and configuration…
Windows 11’s Newest Security Feature Requires Full Reset
Smart App Control comes with conditions
Windows 11’s newest security feature comes with a sting in the tail: if you’ve upgraded to the newest version of Microsoft’s operating system, rather than bought a new PC with it installed, you’ll need to reset it if you want Smart App Control. The news broke in a blog post(opens in new tab) from David Weston, vice president of OS security and enterprise at Microsoft, subsequently reported on by PCWorld…
Windows 11’s smart app control
‘In a future release of Windows 11 you’re going to see significant security updates that add even more protection from the chip to the cloud by combining modern hardware and software,’ writes Weston in his post, which sounds fine, as enhanced security was one of the reasons we have Windows 11 in the first place.
One of these major enhancements is Smart App Control, which appeared in a recent Windows 11 insider build, and blocks malicious, untrusted and potentially unwanted apps. The first set are flagged by Microsoft, but the ‘smart’ part of the system kicks in for the others, taking into account digital signatures, app usage, and Microsoft’s cloud-based security service. There doesn’t seem to be a way of whitelisting apps, or unblocking them in any way once they’re blocked.
It also acts in a new and strange way, according to German news site Ghacks(opens in new tab). Once installed, Smart App Control enters evaluation mode, learning whether it can assist you but not blocking anything, until it automatically turns on. It can be manually turned on or off from the Windows Security app. The strange thing is that, if turned off, it cannot be turned back on without a full reset of the PC and a clean install of Windows 11…
The Transformation Of Microsoft Windows From 1985 To 2022
Windows is probably the most consequential software ever created. It for nearly four decades, it has run the computers that we use to learn, create, defend our country, heal the sick, and look at funny cat pictures. Windows has been the dominant operating system the world over for most of its history.
In the early 1980s, Bill Gates and his software company, Microsoft, already held a huge market share of the operating systems run on desktop computers, MS-DOS, often shortened to DOS. DOS was a capable operating system, but its structure was text-based and required users to know at least some basics to run it. Most functions were text-only and programs often needed some basic understanding of DOS programming to be useful to the average user.
The development of Windows brought about a fundamental change in how we interact with these computers and lowered the learning curve to using one right out of the box. The mouse and graphical user interface, or GUI, opened up a world of opportunity for the less savvy computer user, numerous in the pre-internet era. While Windows is by no means the only GUI-based operating system, it was and is the most widespread operating system in use. Bill Gates helped to usher in an era of widespread adoption of the desktop computer and much has changed in the years since. Windows has evolved and been updated every few years and a look at each release version shows the transformation of Windows 1985-2022.
Windows 1.0
Released in 1985, Microsoft Windows 1.0 faced a long uphill battle to market dominance. In the time when Reagan was starting his second term, the Soviet Union still had a strong grasp on the Iron Curtain, and the Macintosh was the best-known computer with a GUI, Microsoft needed to work hard to make inroads into the core users of its products at the time, business users. Most companies had DOS entrenched into their IT departments and managers and end-users were not keen to spend time training on new systems. In a Verge retrospect from 2012, by the time Windows arrived, many in the industry had already written it off as vaporware, never to be seen on any monitors.
Microsoft introduced its new GUI for $99, including such indispensable tools as Windows Paint, notepad, calendar, and the game Reversi. Version 1.0 was not just based on DOS, it required it for installation and was seen at the time as a tool to manage the various applications and tasks performed by the computer…
Thanks for reading this week’s Wednesday Newbytes. We hope you found these articles useful, informative, interesting, and helpful. Happy Easter! Darcy & TC