Windows 10 News and info | Forum
March 04, 2021, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1] 2 3 ... 10
 on: March 03, 2021, 07:33:19 PM 
Started by javajolt - Last post by javajolt
Google has warned of reports that a zero-day vulnerability in the Chrome browser is being actively exploited in the wild.

The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an "object lifecycle issue in audio."

Google has labeled the vulnerability as a "high" severity security flaw and has fixed the issue in the latest Chrome release. 

Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.

The tech giant has not revealed further details concerning how CVE-2021-21166 is being exploited, or by whom.

Google's announcement, published on Tuesday, also marked the release of Chrome 89 to the stable desktop channel for Windows, Mac, and Linux machines, which is currently rolling out. Users should upgrade to Chrome 89.0.4389.72 once available.

The Chrome 89.0.4389.72 release also contains a swathe of other security fixes and browser improvements. In total, 47 bugs have been patched, including a high-severity heap buffer overflow in TabStrip (CVE-2021-21159), another heap buffer overflow in WebAudio (CVE-2021-21160), and a use-after-free issue in WebRTC (CVE-2021-21162). A total of eight vulnerabilities are considered high-severity.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google added. "We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed."

On February 4, Google pushed out a fix for CVE-2021-21148, a heap buffer overflow in the Chrome V8 JavaScript engine which is also being actively exploited. This high-severity security flaw was reported by Mattias Buelens on January 24.

This week, Microsoft released urgent updates for four zero-day vulnerabilities in Exchange Server. Microsoft says the bugs are being exploited in "limited targeted attacks" and is urging users to update as quickly as possible.


 on: March 03, 2021, 07:25:04 PM 
Started by javajolt - Last post by javajolt
Microsoft has released updates to address four previously unknown or 'zero-day' vulnerabilities in Exchange Server that were being used in limited targeted attacks, according to Microsoft.

Microsoft is urging customers to apply the updates as soon as possible due to the critical rating of the flaws. The flaws affected Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Exchange Online is not affected.

"We strongly encourage all Exchange Server customers to apply these updates immediately," it said.

Microsoft attributes the attacks to a group it calls Hafnium, which it says is a state-sponsored threat actor that operates from China.

The attackers used the bugs in on-premise Exchange servers to access email accounts of users. The four bugs are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

Washington DC-based security firm Volexity said in its analysis that the vulnerability CVE-2021-26855 was being used to steal the full contents of several user mailboxes. The bug didn't require authentication and could be exploited remotely.

"The attacker only needs to know the server running Exchange and the account from which they want to extract e-mail," Volexity analysts noted.

Velocity said the attacks appear to have started as early as January 6, 2021.

Exchange email servers are an attractive target due to the volume of email information they hold about an organization.

Last year, Microsoft warned Exchange server customers to patch a different critical flaw (CVE-2020-0688) that multiple advanced persistent threat actors were quick to exploit. Yet months after Microsoft warned organizations to urgently patch this flaw, tens of thousands of Exchange servers remained unpatched. 

Microsoft is concerned it could see the same scenario play out again with this set of Exchange server vulnerabilities.

"Even though we've worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today's patches is the best protection against this attack," said Tom Burt, Microsoft's corporate vice president of Customer Security & Trust.

Hafnium mainly target US entities in infectious disease research, law firms, higher education institutions, defense contractors, policy thinktanks, and NGOs, according to Microsoft. The group also primarily operates from leased virtual private servers (VPS) in the United States, it added.

Microsoft provided the following summary of each vulnerability for customers to assess:

CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Exchange that allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.

CVE-2021-26857 is an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave Hafnium the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit.

CVE-2021-26858 is a post-authentication arbitrary file write vulnerability in Exchange. If Hafnium could authenticate with the Exchange server, then they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin's credentials.

CVE-2021-27065 is a post-authentication arbitrary file write vulnerability in Exchange. If Hafnium could authenticate with the Exchange server, then they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin's credentials.

After comprising the affected Exchange servers, the attackers deployed web shells on them, allowing for potential data theft and further compromise. Web shells are small scripts that provide a basic interface for remote access to a compromised system. Microsoft warned in February that between August 2020 and January 2021, it had seen twice as many web shell attacks than in the same period last year.   


 on: March 03, 2021, 02:39:05 PM 
Started by javajolt - Last post by javajolt
It’s been a month since Microsoft released Windows Terminal 1.6 Preview, the first update in 2021 of its powerful command-line tool. That brought with it a new UI for Settings, as well as various other minor improvements.

The software giant is now rolling out Terminal 1.7 Preview, a move which means Terminal 1.6 is now generally available to all Windows 10 users.

Terminal 1.7 Preview is quite an extensive update, with lots of changes and improvements, including giving users the ability to launch new instances of Terminal in a separate window, in a window on the same desktop, or in any existing window.

The Settings UI introduced in Terminal 1.6 is the default Settings experience now, and there’s also a useful read-only feature which prevents you accidentally typing into a window.

The full changelog is as follows:


• Terminal now supports single-instancing and remote control!

   ○ You can configure whether new instances of Terminal launch in a new window (#9118)

   ○ For now, the default is to launch in a new window. Available options include launching in "a new window", "a window on the same desktop", "any existing window", "a totally random window"

   ○ I regret to inform you that the last option was a joke.

• The newWindow action (bound to Ctrl+Shift+N by default) will create a new window (#9208)

• wt can now run commands in any window that already exists with wt -w # (#8898)

   ○ You can specify wt -w -1 to force the creation of a new window even if you've disabled it with the Windowing Behaviors

   ○ Specifying a window that does not exist (wt -w 1048576) will result in a new window being created with that ID (!)

• Windows that are activated through remote control will be pulled to the foreground (#9137)

• The Settings UI, first released in 1.6 preview, is now the default settings experience (#9224)

• The settings UI has been disabled in the stable release to give us more time to iterate on it.

• Terminal now supports focus-follows-mouse mode among panes for that authentic X11 feeling (thanks @Don-Vito!) (#8965) (#9198)

• You can now mark a pane as read-only—it can't be closed and will warn you if you type into it (thanks @Don-Vito!) (#8867) (#9107)

• You can now bind the findNext and findPrev actions to move to the previous/next search (respectively) (thanks @Hegunumo!) (#8917)

• There is a new global setting, centerOnLaunch (boolean, default false) that determines pretty much what it says on the tin (#9036)

• We now have support for loading profiles and color schemes from auxiliary fragments provided by applications. See the fragment extension documentation for more details! (#7632)


• This version of Terminal comes with Cascadia Code 2102.25, which contains a number of bug fixes to the 2102.03 release.

• You can now suppress that somewhat annoying "Touch Keyboard and Dialogs That Stop Me From Doing My Job" service warning with the inputServiceWarning global settings (boolean; default true) (thanks @WVVxm!) (#9015)

• The tab bell icon will now show up even when visual belling is disabled (#9212)

• The zoom, bell, read-only, and progress indicators will now show up in the tab switcher (thanks @Don-Vito!) (#9041) (#9076)

• A number of keys that did not properly report their Ctrl status now do so (thanks @lhecker!) (#8870)

• Leonard's fixed Ctrl+Alt+2 to properly send ^[^@ (thanks @lhecker!) (#5272)

• We've refactored how terminal settings propagate from your profile to a terminal, so please report any issues where your settings are lost/ignored/flicker/etc. (#8602)

• URLs under the file scheme are no longer considered invalid (#7526)

Settings UI

• Overridden settings will now present a "revert" arrow that lets you clear the overriding value (#8919) (#9079)

• You can now typeahead search in combo boxes (#9206)

• The color schemes page has received a huge redesign (thanks @Chips1234, @mdtauk, @carlos-zamora!) (#9196)

• We've added a simple read-only page to the Settings that shows your key bindings (#9253)

VT Support

• Terminal now supports "bracketed paste" mode (DECSET 2004) and will filter out all control characters even during non-bracketed ("plebian") paste (thanks @skyline75489!) (#9034)

• We now support XTPUSHSGR and XTPOPSGR, sequences which will manipulate a 10-deep "SGR stack" (thanks @jazzdelightsme!) (#1978)

   ○ XTPUSH/POPSGR is intended to allow applications to better coordinate their colors. Instead of resetting to the default colors at the end of a run, an enlightened application can push a "stack frame" before it changes the colors, changes them, then pops that frame when it is done.

   ○ This sequence first became available in xterm-334.

• You can now "chain" OSC 10, 11, and 12 color changes (thanks @skyline75489!) (#8999)

Bug Fixes

• You can now navigate the tab color picker with the directional arrows (thanks @BenConstable9!) (#9144)

• We will try not to dismiss the selection when you're using a Windows-key shortcut (thanks @imaginary-person!) (#9163)

• We've ensured that hyperlinks de-underline when the pointer leaves the terminal (thanks @Don-Vito!) (#9195)

• The arrow keys should work in the tab switcher once more (thanks @Don-Vito!) (#9140)

• The build system was leaving a stray 600kb file in our package, which we've now removed (making the package smaller!) (#9153)

• Focus should now return to the terminal after you dismiss the tab rename field (thanks @Don-Vito!) (#9162)

► You can download Windows Terminal Preview v1.7.572.0 from here.


 on: March 03, 2021, 12:45:27 PM 
Started by javajolt - Last post by javajolt

While solid-state drives make wonderful internal boot drives for computers, they are also great options for external storage. Not only are they smaller than mechanical hard disk drives, but they use less power, and are much faster too. Quite frankly, if you are someone that needs to transport data on a portable drive, you'd be insane to still use HDD in 2021.

If you want a diminutive external solid-state drive, you can't go wrong with Micron's Crucial X6 Portable SSD. Not only is the drive fast, durable, and small, but it utilizes USB-C too. Not to mention, its design is so cute -- I absolutely adore the square body and its rounded corners.

The problem with this drive, however, is it was limited to just two capacities -- 1TB and 2TB. What if you liked the drive but needed less than 1TB or more than 2TB? Well, folks, I have great news. Today, Micron releases a 4TB variant of Crucial X6 Portable SSD. In addition, the company has a new budget-friendly 500GB model.

"Our customers are looking for convenient, fast and reliable storage at an affordable price -- and these two new capacity additions to the X6 portable SSD product line are further evidence of our commitment to the external solid-state storage market. There is no doubt we have reached a point where the benefits of solid-state storage outweigh those of traditional hard drives," explains Teresa Kelley, vice president and general manager of Micron's Consumer Products Group.

The 500GB and 4TB variants of the Crucial X6 Portable SSD can be purchased here immediately. The 500GB model costs just $69.95, while the 4TB is more expensive at $489.95. Of course, the 1TB and 2TB variants are still available too, priced at $124 and $189.95 respectively.


 on: March 03, 2021, 12:38:05 PM 
Started by javajolt - Last post by javajolt
We all know that the Windows 10 Sun Valley update is going to be a big deal for the operating system, but now – after a new statement from Microsoft – we finally have an official confirmation that the next generation of Windows is going to be “incredible” and “massive”.

Microsoft’s Panos Panay, following much hubbub over the past few months regarding how long it’s been since the big Windows 10 feature update, confirmed that the tech giant is working on the “next-generation Windows” operating system.

At Ignite 2021, Panos Panay stated that he is excited about the future of Windows and a lot of new features are coming.

“We have new features coming,” Panos Panay confirmed. “[We] haven’t talked about the next generation of Windows and what’s coming next, but I can tell you I am so pumped.”

“We know that the future of Windows is incredible,” Panos Panay said.

Microsoft is not going to talk about the next generation of Windows this week, but reports have suggested that the tech giant is planning a special event to discuss the future of Windows, computing, and gaming.

The upcoming improvements

According to various reports, Windows 10 Sun Valley or the “next-gen Windows” will include a brand-new Start Menu, which will replace the current Start Menu.

Action Center is also getting a makeover and there’ll be improvements for inbox apps too.

Sources have already given us a glance of what its redesigned Windows 10 Start menu might look like – and it seems to be a big improvement.

The default Start Menu is not ge]sourcemodern” and it blends in with the other aesthetic changes, such as rounded corners and Fluent Design.

Floating Start Menu with rounded corners

In addition to rounded corners, Microsoft is also believed to be working on a new “optional” Start Menu layout with bigger changes.

In one of the test builds, Microsoft also experimented with Windows 10X-like Start Menu without live or static tiles.

Windows 10 Sun Valley update is expected to hit the RTM status in June and it will start rolling out to consumers in October/November.


 on: March 03, 2021, 12:24:53 PM 
Started by javajolt - Last post by javajolt
After years of focus on Microsoft’s software in education and government, Google’s encroachment on the education market in Europe and resulted in more scrutiny on their solution, and the Dutch Education ministry has found them lacking, reports NOS.

In a letter to the Dutch Lower House, education ministers Van Engelshoven and Slob explained that the software lacked important privacy controls, especially when it came to meta-data.

Their investigation of Google Workspace and Google Workspace for Education found that Google had full control of meta-data such as what searches were made inside the product, how long users stayed logged in and what they clicked.

This data could later be used for targeting advertising for example. In addition, Google reserved to itself the right to unilaterally adjust the terms and conditions of the use of their software and data, resulting in Educational institutions having “no or insufficient control” over their own data.

“This creates a potential risk in the future,” the letter notes.

The Dutch government already bans the use of Google Workplace in government offices, after Google failed to address most of their privacy concerns.

Conversely, the investigation found Microsoft’s products, which have been time tested in this regard, pose no major risk “if the user takes a number of measures” which have already been laid out by the privacy authority.

The  Education Department does not yet intend to ban Google Workspace for Education, while talks continue with Google and the European Commission.

In a statement, Google said, “We have already taken several measures to address the concerns and are continuing discussions with the Dutch government.”


 on: March 02, 2021, 12:12:49 PM 
Started by javajolt - Last post by javajolt
Intel has now started rolling out new Bluetooth and WiFi drivers for Windows 10. Unlike the January driver update, this one comes with a series of critical bug fixes for Windows 10. For instance, an issue that leads to the Blue Screen of Death has been fixed in this patch.

Intel’s wireless driver update was published in the last week of February and it’s now available for download via Intel’s Support & Assistant Tool. This driver update also comes with multiple bug fixes and improvements for your wireless connection, especially if you rely on the 5Ghz networks.

As for new features, things haven’t changed and you’ll not see anything new after applying the update.

Intel’s February wireless driver update

This update is currently available for the following wireless adapters:

   • Version for Wi-Fi 6E AX210, AX201, AX200, Wireless-AC 9560, 9461/ 9462 and 9260.

   • Version for Intel dual-band wireless-AC 8265 and 8260,

   • Version for dual-band wireless-AC 3165, 3168, and 7265 Family.

Understanding the wireless adapter currently installed on your computer is important before you try to install the update. To determine the wireless adapter version with Device Manager, follow these steps:

   • Search for Device Manager in Start Menu.

   • Expand the branch for “network adapters” to find the adapter version.

If you see one of the above-listed Intel adapters, then your device is eligible for the update. If you don’t, it’s possible that another update with identical bug fixes will be released for more adapters in the coming weeks.

Here’s what new and improved in this update:

   • Intel has fixed an issue where your device might not stay connected to 5Ghz networks.

   • This update also fixed an issue where the Windows 10 mobile hotspot might not work when your system is
      connected to an Access Point using channel 165.

   • Fixes Blue Screen of Death errors.

   • Improves performance and security.

In addition to the WiFi adapter update, Intel has also published bug fixes for Bluetooth.

According to the changelog, Intel has fixed audio issues observed during Microsoft Teams calls. The company has also resolved issues with Bluetooth mouse and driver security.

How to get the update

These new fixes will be delivered to users via Windows Update in the coming updates, but you can always use Intel’s Driver & Support Assistant tool to install it today.

To get the new drivers, follow these steps:

   • Install Intel Driver and Support Assistant (iDSA) tool from here.

   • Open the Update Assistant tool and check for updates.

   •If you don’t see the tool in Start Menu, you can also access it from Windows 10’s system tray.

Remember that you should only download the new drivers manually when you’ve issues with the current version.

 on: March 01, 2021, 11:07:05 AM 
Started by javajolt - Last post by javajolt
Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept (PoC) exploit code for a critical remote code execution (RCE) bug affecting a Windows graphics component.

The Project Zero researchers discovered the vulnerability, tracked as CVE-2021-24093, in a high-quality text rendering Windows API named Microsoft DirectWrite.

They reported the bug to the Microsoft Security Response Center in November. The company released security updates to address it on all vulnerable platforms on February 9, during this month's Patch Tuesday.

Impacts Windows 10 versions up to 20H2

The security flaw impacts multiple Windows 10 and Windows Server releases up to version 20H2, the latest released version.

After the 90-day disclosure deadline, Project Zero published a proof-of-concept exploit code that can be used to reproduce the bug in browsers running on fully-patched Windows 10 1909 systems.

"Attached is the proof-of-concept TrueType font together with an HTML file that embeds it and displays the AE character," the researchers said.

"It reproduces the crash shown above on a fully updated Windows 10 1909, in all major web browsers. The font itself has been subset to only include the faulty glyph and its dependencies."

From heap-based buffer overflow to RCE

The DirectWrite API is used as the default font rasterizer by major web browsers such as Chrome, Firefox, and Edge for rendering web font glyphs.

Since these web browsers use the DirectWrite API for font rendering, the security flaw can be leveraged by attackers to trigger a memory corruption state that may allow them to execute arbitrary code on the targets' systems remotely.

Attackers can exploit CVE-2021-24093 by tricking targets into visiting websites with maliciously crafted TrueType fonts that trigger a heap-based buffer overflow in the fsg_ExecuteGlyph API function.

Google patched a similar actively exploited zero-day in the popular FreeType text rendering library used to target Chrome users.

In November, Microsoft also fixed a Windows kernel zero-day bug actively exploited in targeted attacks and publicly disclosed by Project Zero one month earlier.


 on: February 28, 2021, 08:48:35 PM 
Started by javajolt - Last post by javajolt

Certain Google-owned domains have caused Chrome users, from even the most skilled researchers to regular users, to question whether they are malicious.

The domains I am referring to are and gvt1/gvt2 subdomains that have spun many questions on the internet.

After receiving multiple concerned questions over the years, BleepingComputer has dug deeper into the domains' origin and whether they should be something to worry about.

What are these suspicious domains?

The domains * and *, along with their subdomains, are owned by Google and typically used to deliver Chrome software updates, extensions, and related content.

For example, when we started Chrome just now, it attempted to connect to the following domains:


However, these URLs and the domain name has repeatedly caused confusion among developers and researchers due to their suspicious-looking structure:

Likewise, gvt.1com domains have been previously flagged by antivirus products as malware and by researchers as an Indicator of Compromise (IOC).

Moreover, the links redirect to an URL that contains the user's IP address, among other elusive parameters which may cause further suspicion.

For example, BleepingComputer traced the following link, which redirects twice to much larger URLs with an arbitrary subdomain and extensive GET parameters, such as the user's IP address:

Should we be concerned about URLs?
This is where it gets complicated, but the answer is: no, but Google could secure them better.

The GVT in the domain stands for Google Video Transcoding and is used as a cache server for content and downloads used by Google services and applications.

Put simply, the * domains are only used by Google to deliver official content, Chrome browser updates, and Android-related executables.

" is a redirection service used by Google for a variety of purposes, including download of updates, etc.," Eric Lawrence, a former member of the Chrome Security Team, stated in a Google bug post.

Going back to the link analyzed in the previous section as an example, we can see the URL ending in .crx represents a Chrome extension :

BleepingComputer traced the extension to be the Chrome Media Router extension, a legacy component that was used by Chromecast.

What is concerning, is that Google continues to use the insecure HTTP protocol rather than http when connecting to these URLs.

Network connections to URLs

By connecting to the URLs via HTTP, it may be possible to use man-in-the-middle (MiTM) attacks to modify the downloads in some manner. If you have malware installed that is intercepting HTTP traffic, you have more to worry about at this point.

In conclusion, when seeing traffic concerning * or * domains in your corporate network, it is not a cause for alarm but simply a legitimate Chromium download taking place.

However, Google should switch to using http to prevent potential MiTM attacks, and administrators should continue to follow best practices such as analyzing traffic from the URLs.

BleepingComputer reached out to Google multiple times well in advance, but we have not heard back before press time.


 on: February 28, 2021, 08:25:50 PM 
Started by javajolt - Last post by javajolt
An AOL mail phishing campaign is underway to steal users' login name and password by warning recipients that their account is about to be closed.

While most people are using Gmail, Outlook, or other modern free mail services, many older people continue to use AOL simply because they are used to the service and find it too complicated to switch to a new email service.

Unfortunately, this also makes them prime targets for phishing scams that, in my experience, tend to slip through AOL's email filters more easily than other service's filters, such as Gmail.

This week I was contacted by two older family members who received an email with a scary email subject stating that their "Mail Box will close in 3 days log in to re-activate."

Scared that the email accounts they used for close to 25 years would be closed, they forwarded me the email and asked for advice.

The email stated that they need to login and verify their account within 72 hours, or AOL will deactivate their account.

"We don't want to say goodbye!"
"We noticed you haven't updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It's going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs," warns the AOL phishing email.

Enclosed in the email was a link to a poorly constructed AOL phishing landing page that asked visitors to log in to AOL.

Aol phishing page
Once AOL credentials are submitted on the form, the stolen credentials are sent to the attackers, and the user is redirected to the standard AOL login page.

As I have made a point of teaching family members about phishing scams and what to look out for, my family members did not fall for the scam.

Unfortunately, many people may not have received the same education and will likely enter their AOL login information.

What should you do if you entered your info?
If you received this phishing scam and mistakenly entered your login information, you should immediately log in to AOL and change your password.

If the site doesn't accept your password, it's possible the attackers already gained control over your account. In that situation, you should contact AOL support.

If you use your AOL password at other sites, you should change them there as well.

When changing your passwords, be sure to use a different password at every site. By doing this, if one site suffers a data breach, it won't affect your credentials at the other site.

To help you keep track of all of your unique passwords, BleepingComputer suggests using a password manager.


Pages: [1] 2 3 ... 10
Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page March 03, 2021, 02:18:50 PM