Tag: updates

Microsoft pushes OOB safety updates for Windows Snipping resource flaw

Laurent

Microsoft released an crisis security update for the Windows 10 and Home windows 11 Snipping instrument to deal with the Acropalypse privateness vulnerability.

Now tracked as CVE-2023-28303, the Acropalypse vulnerability is brought about by image editors not properly getting rid of cropped impression knowledge when overwriting the unique file.

For case in point, if you just take a screenshot and crop out delicate info, these as account quantities, you must have sensible anticipations that this cropped data will be taken off when saving the graphic.

Having said that, with this bug, equally the Google Pixel’s Markup Tool and the Home windows Snipping Tool were being observed to be leaving the cropped information in just the first file.

For instance, in the impression beneath, you can see how excess facts is saved immediately after the IEND file marker, which denotes the stop of a PNG file. Normally, there must be no knowledge following the IEND marker.

Cropped data mistakenly saved after IEND marker
Cropped info mistakenly saved right after IEND marker
Source: BleepingComputer

This excess info could be applied to partially get well the cropped picture material, probably exposing delicate material that was under no circumstances meant to be general public.

Security researchers have advised BleepingComputer that the variety of general public images impacted by this flaw may well be high, with VirusTotal by itself web hosting around 4,000 pictures influenced by the Acropalypse bug.

For that reason, on providers catering to graphic web hosting, the amount of Acropalypse-impacted photographs is very likely a lot better.

Microsoft releases OOB protection update

As BleepingComputer noted, Microsoft was testing a fix for the Windows 11 Snipping Device bug in the Home windows Insider Canary channel.

Previous evening, Microsoft publicly introduced protection updates for both of those the Windows 10 Snip & Sketch and Windows 11 Snipping Device application to take care of the Acropalypse flaw.

“We have produced a safety update for these equipment by way of CVE-2023-28303. We advocate customers apply the update,” Microsoft informed BleepingComputer.

Soon after setting up this security update, Home windows 11 Snipping Resource will be model 10.2008.3001., and Home windows 10 Snip & Sketch

Read More... Read More

New Windows Server updates bring about DC boot loops, crack Hyper-V

Laurent

The most recent Home windows Server updates are creating extreme difficulties for administrators, with domain controllers acquiring spontaneous reboots, Hyper-V not setting up, and inaccessible ReFS volumes until finally the updates are rolled again

Yesterday, Microsoft produced the Home windows Server 2012 R2 KB5009624 update, the Home windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as aspect of the January 2022 Patch Tuesday.

Right after setting up these updates, directors have been battling several challenges that are only fixed immediately after taking away the updates.

Home windows domain controller boot loops

The most significant concern launched by these updates is that Home windows domain controllers enter a boot loop, with servers obtaining into an unlimited cycle of Home windows commencing and then rebooting immediately after a handful of minutes.

As initial documented by BornCity, this problem influences all supported Home windows Server variations.

“Looks KB5009557 (2019) and KB5009555 (2022) are triggering one thing to fall short on domain controllers, which then preserve rebooting each and every couple minutes,” a user posted to Reddit.

A Home windows Server administrator explained to BleepingComputer that they see the LSASS.exe procedure use all of the CPU on a server and then in the long run terminate.

As LSASS is a vital method needed for Home windows to work accurately, the running program will routinely restart when the method is terminated.

The subsequent error will be logged to the party viewer when restarting thanks to a crashed LSASS method, as one more user on Reddit shared.

“The approach wininit.exe has initiated the restart of laptop [computer_name] on behalf of user for the next rationale: No title for this explanation could be uncovered Purpose Code: 0x50006 Shutdown Form: restart Comment: The process method ‘C:WINDOWSsystem32lsass.exe’ terminated unexpectedly with position code -1073741819. The system will now shut down and restart.”

Hyper-V no lengthier starts off

In addition to the boot loops, BleepingComputer has been informed by Windows directors that soon after putting in the patches, Hyper-V no extended starts on the server.

This bug principally affects Windows Server 2012 R2 server, but other

Read More... Read More