Microsoft and Security Issues

posted by Roy Schestowitz on Oct 28, 2023

• Windows TCO

  • Stanford public safety department [cracked], networks temporarily down

    This breach is the third to happen at Stanford this year, with a system error in February and data leaks caused by third party software in April. Both incidents impacted the privacy of individuals in the community, though it is unclear whether the breach currently under investigation is of a similar nature to previous cases.

  • University looks to tighten technology safety during Cybersecurity Awareness Month

    Schindler said academic programs and curriculums geared toward cybersecurity at the university must be constantly updated due to the different threats in order to prepare students pursuing cyber-related jobs.

  • Detroit-Area District Cancels Classes Due to Cyber Incident

    John Tafelski, assistant superintendent for curriculum and instruction, sent a letter to members of the school community on Sunday stating that the school district recently discovered a cybersecurity incident that affected some of its systems.

• PIRG petitions Microsoft to extend the life of Windows 10

  As a reminder, while Windows 10 was largely backwards-compatible with computers running older operating systems, Microsoft slapped hardware requirements on Windows 11 that rendered machines even just a few years old unable to upgrade – the main issues center on the CPU and TPM requirements.

  There was an initial burst of Windows 11 adoption by those with suitable hardware. There has been a slow trickle for the rest as devices have been replaced. With less than two years to go, Windows 11 is far from where it needs to be if it is to send Windows 10 into the abyss.

• Microsoft seeks EU Digital Market Acts exemption for underdog apps like Edge

  "Now, I think you'll agree that what you normally count on the internet is users, monthly users," von Tetzchner said.

  "So Microsoft is trying to get away from that and just using a very low number and in doing so trying to basically make the argument since their usage is so low that the rules shouldn't apply to Edge or Bing."

• Are AI chatbots risking a new wave of convincing scams?

  We tried out ChatGPT and Bard to see whether they would let us create scam messages. They did.

• F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP

  Tracked as CVE-2023-46747 (CVSS score of 9.8) and impacting the Traffic Management User Interface of the solution, the vulnerability allows an unauthenticated attacker to execute arbitrary code remotely.

• F5 hurriedly squashes BIG-IP remote code execution bug

  Researchers at Praetorian first discovered the authentication bypass flaw in BIG-IP's configuration utility and published their findings this week of what is the third major RCE bug to impact BIG-IP since 2020.

  Tracked as CVE-2023-46747, the vulnerability was assigned an initial severity score of 9.8 out of a possible 10 on the CVSS scale and if exploited could lead to total system compromise.