Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="tag:nu.federati.net,2022-12-17:noticeId=3418127:objectType=comment">LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 18-Dec-2022 03:44:16 JST</a><a href="https://nu.federati.net/lnxw48a1" title="lnxw48a1@nu.federati.net"><img src="https://gnusocial.jp/avatar/7486-48-20220828023927.webp" width="48" height="48" alt="LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}" style="position: absolute; left: 0; top: 0;">LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}</a><div><a href="https://nu.federati.net/notice/3418126" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article>Speaking of that, the 2022-December Windows updates include some developer certificate revocations. They were being used to sign malicious drivers. If you have not updated yet, it is #<span><a href="https://nu.federati.net/tag/timetoupdate" rel="tag">time_to_update.</a></span> <br> <br> &gt; "In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers," Microsoft wrote, adding that its "investigation revealed that several developer accounts for the Microsoft Partner Center were engaged in submitting malicious drivers to obtain a Microsoft signature."<br> <br> &gt; The IT giant stressed there had been no compromise of its own network and systems; this was a case of rogue developers submitting bad drivers, and waiting for Microsoft to wrongly OK them, and then use the code in the wild against victims, we're told.<br> <br> #<span><a href="https://nu.federati.net/tag/win10" rel="tag">Win10</a></span> #<span><a href="https://nu.federati.net/tag/win11" rel="tag">Win11</a></span> #<span><a href="https://nu.federati.net/tag/windowsupdate" rel="tag">Windows_Update</a></span> #<span><a href="https://nu.federati.net/tag/malware" rel="tag">malware</a></span> #<span><a href="https://nu.federati.net/tag/patchtuesday" rel="tag">patch_tuesday</a></span></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/872654#notice-1881689">In conversation</a><time datetime="2022-12-18T03:44:16+09:00" title="Sunday, 18-Dec-2022 03:44:16 JST">Sunday, 18-Dec-2022 03:44:16 JST</time> <span>from <span><a href="https://nu.federati.net/notice/3418127" rel="external" title="Sent from nu.federati.net via OStatus">nu.federati.net</a></span></span><a href="https://nu.federati.net/notice/3418127">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 18-Dec-2022 03:44:16 JSTLinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
in reply to
- LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
Speaking of that, the 2022-December Windows updates include some developer certificate revocations. They were being used to sign malicious drivers. If you have not updated yet, it is #time_to_update.

> "In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers," Microsoft wrote, adding that its "investigation revealed that several developer accounts for the Microsoft Partner Center were engaged in submitting malicious drivers to obtain a Microsoft signature."

> The IT giant stressed there had been no compromise of its own network and systems; this was a case of rogue developers submitting bad drivers, and waiting for Microsoft to wrongly OK them, and then use the code in the wild against victims, we're told.

#Win10 #Win11 #Windows_Update #malware #patch_tuesday
In conversationSunday, 18-Dec-2022 03:44:16 JST from nu.federati.netpermalink

Public

Embed Notice

HTML Code

Corresponding Notice