Users of Windows 10 and Windows 11 must take quick action. In both systems, a severe vulnerability has been uncovered, which Microsoft has not only failed to address, but has actually made worse. Everything you need to know is right here.
BleepingComputer has released a fresh analysis that delves deeper into the issue. It's a zero-day privilege escalation exploit known as CVE-2021-34484 that allows hackers to gain control of Windows 10, Windows 11, and Windows Server. The shocking part is that Microsoft has been aware of it for seven months.
03/25 Update: Windows customers are in for more difficulty as Microsoft revealed that patches delivered in January for Windows Server were the source of DNS issues, leading impacted PCs to lose internet connectivity.
"DNS stub zones might not load successfully after installing updates released January 25, 2022 (KB5009616) and later on impacted versions of Windows Server running the DNS Server role, which might cause DNS name resolution to fail," Microsoft admitted in an official statement.
The business has acknowledged that two more upgrades, KB5010427 (02/15/22) and KB5011551 (03/22/22) may be responsible for the issues. Microsoft has issued a preventative patch, but it claims that it will not be able to repair compromised systems unless the owners manually apply the patch. Microsoft has supplied an installation guide as well as two download URLs (1,2) for the patches.
Microsoft's newest changes, according to BleepingComputer, have triggered a slew of issues for Windows users. Bluetooth-related blue screens, LSASS problems, Netlogon issues, and a Windows Active Directory flaw are among them. To address these issues, Microsoft has published a number of 'out-of-band' (OOB) emergency fixes. Something has to be done.
03/26 Update: Microsoft's reputation has been given a significant fresh blow following reports that the business is paying hundreds of millions of dollars in bribes to foreign governments. The payments are said to be worth more than $200 million per year, and the whistleblower, Yasser Elabd, a former Microsoft employee who worked for the business for almost 20 years, alleges he was driven out of the company by senior management when he tried to bring attention to what was going on.
"When a Microsoft executive or salesperson proposed a side agreement with the partner and the decision maker at the entity making the purchase," Elabd explains, "I discovered that when agreeing to terms of sale for a product or contract, a Microsoft executive or salesperson would propose a side agreement with the partner and the decision maker at the entity making the purchase." "This consumer decision maker would send Microsoft an email asking a discount, which would be granted, but the final client would still have to pay the full amount. The discount would then be divided among the conspirators: the Microsoft employee(s) implicated in the plan, the partner, and the purchasing entity's decision maker—usually a government figure."
Elabd provides some great instances. $33.6 million was missing from transactions with the Saudi Ministry of Interior and Kuwait, $5.5 million in Nigeria "for hardware they didn't have," and "Qatar's Ministry of Education was paying $9.5 million per year for Microsoft Office and Windows licences they weren't utilising" over a seven-year period. "Another widespread practise was forging bogus purchase orders, which sales managers likely exploited to raise their income," according to Elabd.
He claims that "experience leads me to assume that 60–70% of the company's salespeople and managers in the Middle East, Africa, and portions of Europe are receiving these payments." "This will come as no surprise to anyone who has been following Microsoft closely... What's surprising is that the Securities and Exchange Commission and the Department of Justice have both declined to investigate Microsoft for the same types of bribes in the Middle East and Africa."
Elabd's assertions have elicited no response from Microsoft. With all eyes on Microsoft right now, whatever happens next is likely to have a significant influence on the company's reputation.
Microsoft, in its defence, has released two updates in an attempt to fix the weakness, but all have failed. The second attempt was particularly problematic because it disrupted a successful third-party remedy released in November by independent security group 0patch (pronounced "Zero Patch"). Older unsupported versions of Windows 10 (1803, 1809, and 2004) are really the safest because Microsoft did not offer a second 'patch' for those editions.
In response, Microsoft released a statement to BleepingComputer recognising the flaw but noting that there is no timetable for a repair, just adding, "We're aware of this report and will take action as needed to protect users." It's worth noting that this message is identical to one provided by the business late last year after it released two additional failed patches for other issues.
The good news is that 0patch has come to the rescue once more. The group has released a new'micro-patch,' which is available for free download and is compatible with Windows 10, Windows 11, and Windows Server. Create a free 0patch Central account and install 0patch Agent to obtain it.
Nonetheless, the entire tale leaves a sour taste in the mouth. "So you better wait and watch how Microsoft will mess the patch again," security researcher Abdelhamid Naceri, who found the weaknesses in several of these patches, said before. And now we've come full circle.
Is it time to uninstall Windows? Every user must make their own decision, which is based on their unique circumstances. However, with Apple technology outperforming the great majority of Windows PCs, there has never been a more compelling reason to do so.
Source forbes
0 Comments