Microsoft acknowledges many Windows 11, Windows 10 WHQL drivers were actually malware

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,366
Earlier today, Microsoft released its Patch Tuesday updates for Windows 10 (KB5028166) and Windows 11(KB5028185). The company announced separately about the new Dynamic SafeOS updates meant for hardening the security mitigations put in place against Secure Boot vulnerabilities.

Alongside changes made to its Secure Boot DBX, Microsoft also added several malicious drivers to its Windows Driver.STL revocation list. Microsoft was informed of these vulnerable drivers by security research firms Cisco Talos, Sophos, and Trend Micro.

On a dedicated security advisory ADV230001, Microsoft explains the issue (CVE-2023-32046) which was a result of maliciously signed WHQL drivers.
Microsoft has added all such drivers to the Vulnerable Driver Blocklist with Windows Security updates (Microsoft Defender 1.391.3822.0 and newer).
 

Sammo

Level 8
Verified
Well-known
Jan 27, 2012
374
Dangerous vulnerabilities in Microsoft are being exploited in attacks – SaaSNews English

Dangerous vulnerabilities in Microsoft are being exploited in attacks​

Update your operating system and follow Microsoft’s instructions to stay safe.


Microsoft has released its July 2023 security updates, addressing 132 vulnerabilities across various products. Among these are 37 remote code execution vulnerabilities. Six of the flaws are already being actively exploited in the wild; one of them requires additional actions from the user besides installing the patch.

The vulnerabilities impact Windows, Office, Outlook, and other Microsoft software products. If exploited, the most severe ones could allow attackers to elevate their privileges and remotely run malicious code on affected systems.

For one of the actively exploited vulnerabilities addressed in the update – CVE-2023-36884 – Microsoft hasn’t provided a patch. Instead, users are advised to add Microsoft Office executables to the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key. For instructions, see the Microsoft update guide. Besides following the instructions, be sure to install the latest update as soon as possible. For details, see the Microsoft Support pages for Windows, Office, and Outlook.
 
  • Like
Reactions: piquiteco

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,366
Dangerous vulnerabilities in Microsoft are being exploited in attacks – SaaSNews English

Dangerous vulnerabilities in Microsoft are being exploited in attacks​

Update your operating system and follow Microsoft’s instructions to stay safe.


Microsoft has released its July 2023 security updates, addressing 132 vulnerabilities across various products. Among these are 37 remote code execution vulnerabilities. Six of the flaws are already being actively exploited in the wild; one of them requires additional actions from the user besides installing the patch.

The vulnerabilities impact Windows, Office, Outlook, and other Microsoft software products. If exploited, the most severe ones could allow attackers to elevate their privileges and remotely run malicious code on affected systems.

For one of the actively exploited vulnerabilities addressed in the update – CVE-2023-36884 – Microsoft hasn’t provided a patch. Instead, users are advised to add Microsoft Office executables to the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key. For instructions, see the Microsoft update guide. Besides following the instructions, be sure to install the latest update as soon as possible. For details, see the Microsoft Support pages for Windows, Office, and Outlook.
That is this one:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top