724 matches found
KB4465660 BitLocker Security Feature Bypass Vulnerability
The remote Windows host is missing security update 4465660. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploi...
A week in security (November 5 – 11)
Last week on Malwarebytes Labs, we looked at browser lockers that fly under the radar with complete obfuscation, transport and logistics in our series about compromising vital infrastructure, Google logins now requiring JavaScript, how to create a sticky cybersecurity training program, and an...
Servicing stack update for Windows 10 Version 1607: May 17, 2018
Servicing stack update for Windows 10 Version 1607: May 17, 2018 Summary This update makes the following stability improvements for the Windows 10 Version 1607 servicing stack: Addresses an issue that causes BitLocker to go into recovery mode when updates are applied. Addresses an issue that migh...
Security of Solid-State-Drive Encryption
Interesting research: "Self-encrypting deception: weaknesses in the encryption of solid state drives SSDs": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are...
Guidance for configuring BitLocker to enforce software encryption
Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives SEDs. Customers concerned about this issue should consider using the software only encryption provided by BitLocker Drive Encryption™. On Windows computers with self-encrypting drives,...
Self-encrypting hard drives do not adequately protect data
Overview There are multiple vulnerabilities in implementations of ATA Security or TCG Opal Standards in Self-Encrypting Disks SEDs, which can allow an attacker to decrypt contents of an encrypted drive. Description CVE-2018-12037 There is no cryptographic relation between the password provided by...
KLA11345 Guidance for configuring BitLocker to enforce software encryption
Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives and recommends customers to use the software only encryption provided by BitLocker Drive Encryption. For the details, see ADV180028 Original advisories ADV180028 Related products...
[SECURITY] Fedora 28 Update: dislocker-0.7.1-10.fc28
Dislocker has been designed to read BitLocker encrypted partitions "drives " under a Linux system. The driver has the capability to read/write partitions encrypted using Microsoft Windows Vista, 7, 8, 8.1 and 10 AES-CBC, AES-XTS, 128 or 256 bits, with or without the Elephant diffuser, encrypted...
HPSBHF03595 rev. 6 - LoJax UEFI Rootkit
Potential Security Impact Elevation of Privilege, Information Disclosure, Loss of Confidentiality, Loss of Integrity. Source: HP, HP Product Security Response Team PSRT Reported by: ESET Research VULNERABILITY SUMMARY HP has identified a potential security vulnerability with a UEFI rootkit LoJax...
[SECURITY] Fedora 29 Update: dislocker-0.7.1-10.fc29
Dislocker has been designed to read BitLocker encrypted partitions "drives " under a Linux system. The driver has the capability to read/write partitions encrypted using Microsoft Windows Vista, 7, 8, 8.1 and 10 AES-CBC, AES-XTS, 128 or 256 bits, with or without the Elephant diffuser, encrypted...
August 9, 2016 — KB3176492 (OS Build 10240.17071)
August 9, 2016 — KB3176492 OS Build 10240.17071 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability for Internet Explorer 11 and WebDAV shares. Addressed issue affecting some...
March 8, 2016 — KB3140745 (OS Build 10240.16725)
March 8, 2016 — KB3140745 OS Build 10240.16725 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved support for apps, smart card logon, dual Ethernet cards, and Appraiser. Improved...
August 9, 2016 — KB3176493 (OS Build 10586.545)
August 9, 2016 — KB3176493 OS Build 10586.545 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability by allowing more time for devices to recover from connected standby mode...
September 28, 2017—KB4038801 (OS Build 14393.1737)
September 28, 2017—KB4038801 OS Build 14393.1737 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updated the BitLocker.psm1 PowerShell script to not log passwords when logging is enabled...
August 23, 2016 — KB3176934 (OS Build 14393.82)
August 23, 2016 — KB3176934 OS Build 14393.82 This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Network Controller, DNS server, gateways, Storage Spaces Direct, Group Managed Service...
November 27, 2017—KB4051033 (OS Build 14393.1914)
November 27, 2017—KB4051033 OS Build 14393.1914 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where screen tearing and scrambled content appear in applications when a...
October 27, 2016 — KB3197954 (OS Build 14393.351)
October 27, 2016 — KB3197954 OS Build 14393.351 This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Internet Explorer 11, Start, File Explorer, action center, graphics, and the Windows kernel...
Researchers Heat Up Cold-Boot Attack That Works on All Laptops
A pair of researchers have developed an attack method that can bypass mitigations for cold-boot attacks on laptops. A physical attacker can compromise a laptop that’s in sleep mode, potentially lifting sensitive passwords, encryption keys and other information. The ramifications are, on the...
May 21, 2018—KB4103714 (OS Build 16299.461)
May 21, 2018—KB4103714 OS Build 16299.461 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses additional issues with updated time zone information. Addresses an issue that causes...
R0Ak (The Ring 0 Army Knife) - A Command Line Utility To Read/Write/Execute Ring Zero On For Windows 10 Systems
r0ak is a Windows command-line utility that enables you to easily read, write, and execute kernel-mode code with some limitations from the command prompt, without requiring anything else other than Administrator privileges. Quick Peek r0ak v1.0.0 -- Ring 0 Army Knife...