Microsoft acknowledges many Windows 11, Windows 10 WHQL drivers were actually malware

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,262
Content source
https://www.neowin.net/news/microsoft-acknowledges-many-windows-11-windows-10-whql-drivers-were-actually-malware/
Earlier today, Microsoft released its Patch Tuesday updates for Windows 10 (KB5028166) and Windows 11(KB5028185). The company announced separately about the new Dynamic SafeOS updates meant for hardening the security mitigations put in place against Secure Boot vulnerabilities.

Alongside changes made to its Secure Boot DBX, Microsoft also added several malicious drivers to its Windows Driver.STL revocation list. Microsoft was informed of these vulnerable drivers by security research firms Cisco Talos, Sophos, and Trend Micro.

On a dedicated security advisory ADV230001, Microsoft explains the issue (CVE-2023-32046) which was a result of maliciously signed WHQL drivers.
Click to expand...
Microsoft has added all such drivers to the Vulnerable Driver Blocklist with Windows Security updates (Microsoft Defender 1.391.3822.0 and newer).
Click to expand...
www.neowin.net

Microsoft acknowledges many Windows 11, Windows 10 WHQL drivers were actually malware

Microsoft released its latest July Patch Tuesday updates earlier today. The company added a revocation list featuring multiple WHQL-signed Windows drivers that were actually malware.
www.neowin.net www.neowin.net
 
  • Wow
  • Like
  • +Reputation
Reactions: piquiteco, Andy Ful, CyberTech and 13 others
Sammo

Sammo

Level 8
Verified
Well-known
Jan 27, 2012
371
Dangerous vulnerabilities in Microsoft are being exploited in attacks – SaaSNews English

Dangerous vulnerabilities in Microsoft are being exploited in attacks​

Update your operating system and follow Microsoft’s instructions to stay safe.


Microsoft has released its July 2023 security updates, addressing 132 vulnerabilities across various products. Among these are 37 remote code execution vulnerabilities. Six of the flaws are already being actively exploited in the wild; one of them requires additional actions from the user besides installing the patch.

The vulnerabilities impact Windows, Office, Outlook, and other Microsoft software products. If exploited, the most severe ones could allow attackers to elevate their privileges and remotely run malicious code on affected systems.

For one of the actively exploited vulnerabilities addressed in the update – CVE-2023-36884 – Microsoft hasn’t provided a patch. Instead, users are advised to add Microsoft Office executables to the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key. For instructions, see the Microsoft update guide. Besides following the instructions, be sure to install the latest update as soon as possible. For details, see the Microsoft Support pages for Windows, Office, and Outlook.
 
  • Like
Reactions: piquiteco
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,262
Sammo said:
Dangerous vulnerabilities in Microsoft are being exploited in attacks – SaaSNews English

Dangerous vulnerabilities in Microsoft are being exploited in attacks​

Update your operating system and follow Microsoft’s instructions to stay safe.


Microsoft has released its July 2023 security updates, addressing 132 vulnerabilities across various products. Among these are 37 remote code execution vulnerabilities. Six of the flaws are already being actively exploited in the wild; one of them requires additional actions from the user besides installing the patch.

The vulnerabilities impact Windows, Office, Outlook, and other Microsoft software products. If exploited, the most severe ones could allow attackers to elevate their privileges and remotely run malicious code on affected systems.

For one of the actively exploited vulnerabilities addressed in the update – CVE-2023-36884 – Microsoft hasn’t provided a patch. Instead, users are advised to add Microsoft Office executables to the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key. For instructions, see the Microsoft update guide. Besides following the instructions, be sure to install the latest update as soon as possible. For details, see the Microsoft Support pages for Windows, Office, and Outlook.
Click to expand...
That is this one:
malwaretips.com

Microsoft: Unpatched Office zero-day exploited in NATO summit attacks

Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents. Unauthenticated attackers can exploit the vulnerability (tracked as CVE-2023-36884) in high-complexity attacks...
malwaretips.com malwaretips.com
 
  • Like
  • Thanks
  • Hundred Points
Reactions: piquiteco, harlan4096, silversurfer and 1 other person
You must log in or register to reply here.

Similar threads

lokamoka820
    • Like
    • Wow
    • HaHa
New Update Microsoft Will Charge You $30 To Stay on Windows 10
Replies
6
Views
353
Windows 10
7Oz-64
7Oz-64
Gandalf_The_Grey
    • Like
New Update Microsoft may be reviving the People app in Windows 11
Replies
2
Views
175
Windows 11
Marko :)
Marko :)
Gandalf_The_Grey
    • Like
    • Hundred Points
Microsoft releases new Windows 11 24H2 preview ISO images for clean installation
Replies
0
Views
312
Windows 11
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top