Connect with us
seguridad seguridad


Microsoft releases 96 patches for Windows: 9 fix critical bugs



Microsoft kicks off 2022 with a great patch package to fix 96 security bugs in its software. With the arrival of the new year it is time to harden Microsoft software and these are the measures that the company has taken.

Redmond has issued 96 new CVEs that affect some of the Windows products. And it is that the large number of threats and malware that circulate today on the network makes us worry about the security of our computer. In the case of Windows 10, Microsoft’s operating system has its own pre-installed antivirus: Windows Defender, although the system settings that allow us to ensure the safety of our computer are also varied.

A total of 89 important and 9 critical patches

Included are 24 Chromium CVEs released earlier this month and now addressed in Microsoft’s Edge browser, plus two CVEs in open source projects (Curl and Libarchive), resulting in a total of 122 fixes that need to be applied.

“Affected systems include: Windows and associated components, Edge, Exchange Server, Office and associated components, SharePoint Server, .NET Framework, Microsoft Dynamics, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP).”

Of the 96 Windows CVEs and the two open source fixes, nine were rated Critical and 89 as High Priority. People say that six of them are publicly knownAlthough they are not yet subject to active exploitation, at least to the best of Microsoft’s knowledge.

Microsoft releases 96 patches for Windows 9 fix critical bugs

Fixed vulnerabilities

The critical Curl bug (CVE-2021-22947) that allows MITM attackers to inject bogus response data when using STARTTLS to initiate a TLS connection was fixed with the release of version 7.79.0 on September 15th.

Zero Day Initiative (ZDI) Dustin Childs advises another critical Microsoft Exchange Remote Code Execution (RCE) bug (CVE-2022-21846), which, like several recent Exchange bugs, has been designated by the United States National Security Agency.

On the other hand, in March of last year Microsoft fixed four Exchange vulnerabilities exploited by a China-based hacking group known as “Hafnium”, which is accused of stealing data from US defense contractors and private sector companies.

Furthermore, the CyberArk security business believes that some attention should be paid to the vulnerability, rated as Important, in Windows Remote Desktop Services (CVE-2022-21893) that the company discovered and disclosed to Microsoft.

“This vulnerability allows any standard non-privileged user connected to a remote machine through a remote desktop to gain access to the file system of the client machines of other connected users,” view and modify clipboard data of other connected users and impersonate the identity of other registered users. on the machine using smart cards, ”said Gabriel Sztejnworcel, CyberArk software architect.

Receive security notifications

For its part, Microsoft, in addition to reporting its set of patch notifications, said that it is reviewing the way it shares information through its security update guide. One of the big changes is that it is no longer necessary to have an email address with Live ID for those users who want to receive security notifications.

Other security advisories from Adobe, Mozilla, and Android

For his part Adobe reported five security bulletins covering 41 CVEs in Acrobat and Reader, Illustrator, Adobe Bridge, InCopy, and InDesign. More than half of these notices are reported through ZDI and 26 of the fixes were associated with Acrobat and Reader, 16 of them designated as critical. The worst thing in this case is that it enables RCE if the user opens a PDF for malicious purposes.

Meanwhile, Mozilla issued three security advisories covering 18 CVEs, nine of which are considered critical. Finally, earlier this month Android issued a security bulletin with 33 CVEs. Only one of them was classified as critical, (CVE-2021-30285). Since it affects a closed source Qualcomm component, it has not been publicly disclosed.

Click to comment

Leave a Reply

Your email address will not be published.


Apple Declares 2013 and 2014 iMacs Obsolete and Watch Series 2 Smartwatches ‘Vintage’



Apple Declares 2013 and 2014 iMacs Obsolete and Watch Series

Apple has added three models of iMacs to its list of obsolete products: a 21.5-inch screen from 2013, a 21.5-inch screen from 2014, and a 27-inch Retina 5K screen also from 2014.

Apple Declares 2013 and 2014 iMacs Obsolete and Watch Series 2 Smartwatches 'Vintage'

Apple typically deprecates products seven years after they were released, so it’s no surprise that the 2013 and 2014 iMacs are on the list.

As for smart watches Apple Watch Series 2, they are recognized as “vintage”. This category usually includes devices that have been released for five years. There may be problems with the official repair of the aforementioned iMacs.

Continue Reading


There are almost 1 billion 5G users. Ericsson report shows that operators often ask for more money for such tariffs.



There are almost 1 billion 5G users Ericsson report shows

According to a report by Ericsson cited by The Verge, by the end of this year, the number of 5G subscribers in the world will reach 1 billion.

Of course, this is far from the performance of 4G networks, which are now used by about 5 billion people, but still this is a fairly significant part of the market.

There are almost 1 billion 5G users. Ericsson report shows that operators often ask for more money for such tariffs.

Of course, 5G adoption is far from uneven. In North America, about 35% of subscribers will use 5G networks by the end of this year.

At the same time, the report indicates that operators often ask for more money for the higher speeds offered by new networks. Dividing into corresponding tariffs is popular among operators in Western Europe, but overall, 25% of operators worldwide charge extra for 5G. And the average markup is 40%.

Ericsson believes that, unfortunately, this trend will continue for several more years, as operators need to compensate for the costs of developing a new network.

Continue Reading


Is Apple Helping the Chinese Government Fight Protests? The company cut the AirDrop function in the Middle Kingdom



Is Apple Helping the Chinese Government Fight Protests The company

The history of protests in China is overgrown with new interesting details related to IT companies.

Is Apple Helping the Chinese Government Fight Protests?  The company cut the AirDrop function in the Middle Kingdom

Just weeks before the protests began, Apple reportedly made a major change to how AirDrop works, and only in China. After updating to iOS 16.1.1, AirDrop in the mode of receiving messages from everyone became possible only for 10 minutes, after which AirDrop simply turns off. In normal mode, AirDrop has no time limit, as there is none now and all over the world outside of China.

The fact is that AirDrop is one of the ways protesters communicate, and not only in China. AirDrop works locally in smartphone-to-smartphone mode, without relying on external networks, so it cannot simply be blocked or read data. But in this case, for some reason, Apple decided to seriously change the function, although it did not turn it off completely.

The CNBC resource also notes that the corresponding update was released a month after Chinese President Xi Jinping was re-elected for a third term.

Recall that Huawei smartphones have been noticed that they automatically delete videos that depict events related to protests in China.

Continue Reading

Most Popular