Recently Browsing 0 members
No registered users viewing this page.
Microsoft Teams hit by a bug, wants users to select a certificate [Update]
by Subir Kathuria
Microsoft Teams seems to be experiencing a bug since this morning. A recent update seems to have caused a "Select a certificate" prompt to be displayed to Teams users before they can use the software. The issue shows up when the service tries to reach us-prod.asyncgw.teams.microsoft.com while signing into the service. The prompt displays to users even before they can log in to use the software.
Microsoft has acknowledged the bug and is tracking the issue under the 'TM261228' advisory, where the company said:
Microsoft Teams users in Brazil, Costa Rica, APAC, EMEA, and EU are reported to be receiving the errors. However, Microsoft says only those users served through the infrastructure in North America are affected. Some users have been able to use the service by restarting the Microsoft Teams client.
Update: Microsoft has tweeted that it has reverted the update that caused the issue and can confirm that the service is restored and functional.
Source: Microsoft via Bleeping Computer
By Abhay V
Microsoft Defender bug creates "thousands" of files in the boot drive, fix rolling out now
by Abhay Venkatesh
In the past few days, numerous reports on Reddit and Microsoft’s forums began pointing towards issues with Microsoft Defender that was causing users’ boot drives to fill up. While some users complained of small files less than 2KB in size causing minor problems, other reported seeing multiple gigabytes of storage hijacked by thousands of files in the Windows Defender folder. The files were showing up in the programData\Microsoft\Windows Defender\Scans\History\Store folder, causing massive backups as well.
Guessing from a long list of responses on multiple forum threads and on Reddit, the bug was affecting users running multiple security software on Windows Server 2016 and 2019. Some users reported being unable to open the folder itself, thanks to the boot drive filling up and causing slowdowns. While some admins suggested disabling real-time protection in Defender, others began sharing command-line scripts to delete files in the History folder.
Image credit: BleepingComputer A response on another Reddit thread from a user who raised the issue with Microsoft’s support teams suggests that the firm has acknowledged the issue and is already rolling out a fix for the problem. This was corroborated by another user’s comment on the support forums. The culprit supposedly is present in the Engine version 1.1.18100.5 and is being fixed with an update, bumping the version up to 1.1.18100.6. The update has begun propagating to users in the “normal release cycles” and will make it to mainstream users tomorrow, May 6, the user adds.
The bug has understandably been a frustrating one for system admins, thanks to the system slowdowns and backup issues caused to Windows Server users. If you have been facing this issue, it is best to check for updates in Windows Update to look for the fix.
Source: Microsoft Docs forums (1)(2) via Deskmodder.de | Image credit: BleepingComputer
By Usama Jawad96
Microsoft quietly fixes weird Windows 10 drive corruption bug, but only in Insider build
by Usama Jawad
Last month, it was revealed that Windows 10 contains a weird bug in which the OS throws an error message that the drive is corrupted and that you should reboot the system, when a certain location is accessed via the Command Prompt or a browser. While Microsoft appears to have quietly fixed the issue in the latest Insider Preview build 21322, it still appears to be present in other versions of Windows 10.
Bleeping Computer reports that when you run the change directory "cd" command on the Command Prompt with a specific location, Windows warns that "The file or directory is corrupted and unreadable", recommending that you reboot the machine with chkdsk to fix the drive. This happens even when users with low privileges access the NTFS volume. Microsoft had previously stated that the corruption message is inaccurate and the drive isn't actually corrupted, but another report from OSR claims that in its testing, one instance of Windows 10 failed to reboot even after repeated chkdsk.
Microsoft has fixed the issue in its latest Windows 10 Insider Preview build 21322 pushed out a few days ago, and it does not allow users to access the problematic location as can be seen below:
Naturally, we tested accessing the location on our virtual machines powered by other, older versions of Windows too. On Windows Vista, the location in question is not accessible either:
However, when we tried to access the location via Command Prompt on an old machine with Windows 10 Pro version 1803 - which is an older version of the operating system that is no longer supported. True to reports, there is an error message that the "file or directory is corrupted and unreadable", and the system recommends that you close all apps, restart the PC, and repair drive errors to fix the issue:
In our case, Windows 10 fortunately did manage to reboot with chkdsk and did not get stuck in a loop. We expect other versions of Windows 10 prior to Insider build 21322 to behave in the same way, barring any serious anomalies:
It's a six-year-old PC! It is important to note that other vendors and companies are trying to block access to the problematic location from their end. Mozilla Firefox 85.0.1 has a check which disables access to locations with the ":$" symbol, while OSR has released an unofficial patch which disallows access to the path. That said, it is rather strange that Microsoft is not pushing out a hotfix for older versions of Windows 10. We have seen similar issues with other operating systems such as iOS in the past, and while they may not be dangerous in most cases, it is always worth fixing these issues to prevent viral pranks that can be a nuisance for PC owners who are not tech-savvy.
By Usama Jawad96
Google Project Zero discloses high severity elevation of privilege flaw in Windows
by Usama Jawad
Google Project Zero is quite well-known for discovering vulnerabilities in the software developed by the company itself as well as those built by other firms. Its methodology involves identifying security flaws in software and privately reporting them to vendors, giving them 90 days to fix them before public disclosure. Depending upon the complexity of the fix required, it sometimes also offers additional days in the form of a grace period.
The security team has discovered and disclosed multiple security flaws in the past few years following the vendor's inability to patch them in a timely manner. This includes Qualcomm's Adreno GPU drivers, Microsoft's Windows, Apple's macOS, and more. Now, it has publicly disclosed a security bug in Windows which, if exploited, can lead to elevation of privilege.
We'll try to spare you the nitty-gritty details as usual by presenting you a simplified meat-of-the-matter statement as follows: A malicious process can send Local Procedure Call (LPC) messages to the splwow64.exe Windows process, through which an attacker can write an arbitrary value to an arbitrary address in splwow64's memory space. This essentially means that the attacker controls this destination address and any contents that get copied to it.
The flaw in question isn't exactly new. In fact, a security researcher at Kaspersky reported it earlier this year and Microsoft patched it back in June. However, this patch has now been determined as incomplete by Google Project Zero's Maddie Stone, who says that Microsoft's fix only changes the pointers to an offset, which means that an attacker can still exploit it using the offset value.
The zero-day was reported privately to Microsoft by Google Project Zero on September 24, with the standard 90-day deadline set to expire on December 24. Microsoft initially planned to release a fix in November, but that release time frame then slipped to December. After that, it told Google that it had identified new problems in its testing, and it will now release a patch in January 2021.
On December 8, the two parties met to discuss progress and next steps, where it was determined that the 14-day grace period cannot be offered to Microsoft since the company plans to release the patch on Patch Tuesday on January 12, 2021, six days over the grace period deadline. Stone has stated that while she doesn't think that an incomplete fix deserves a new 90-day deadline, this has still been followed as the default since Google's current policies do not cover this use-case. The Project Zero team plans to revisit its policies again next year, but has publicly disclosed the vulnerability with proof-of-concept code. The technical report is unclear which versions of Windows this affects, but Kaspersky's report from a few months ago indicates that attackers have been using it to target new builds of Windows 10.
By Usama Jawad96
Your Cyberpunk 2077 save file will be irreversibly damaged if you collect too many items
by Usama Jawad
File this under the list of issues plaguing CD Projekt Red's (CDPR) AAA title Cyberpunk 2077, but apparently, if you craft way too many items in-game, your save file will be irreversibly damaged and you will lose all progress contained in it. This issue started making the rounds on GOG forums a few days ago but has now come under the spotlight due to the company's response.
Much like The Witcher 3, Cyberpunk 2077 also allows players to collect various items to craft new materials for utilization or to sell them for commercial gains. This is a pretty standard mechanic that is a core component of major RPG titles. However, if you do this excessively in Cyberpunk 2077, you will corrupt your save file and lose all progress.
As highlighted in various Reddit and GOG threads a few hours ago, save files are reportedly capped at 8MB. If you exceed this limit - which is very much doable if you like to collect and craft items -, your save file will be irreversibly damaged. This is presented by a warning sign on the save file, saying that "Saved data is damaged and cannot be loaded".
This issue is confirmed to be present on the PC version of the game, and other Reddit threads have indicated that the same happens on console counterparts of the game as well. CDPR has confirmed the problem and stated that:
While CDPR hasn't confirmed as to why this limit exists in the game - particularly when this mechanic is such a core component of the "true" RPG experience -, it is likely due to some technical limitation and will be fixed in a future patch, currently anticipated in January 2021. However, until then, players are on their own.
Source: CDPR via Reddit (1) (2) (3), GOG