Latest news with #PatchTuesday
Yahoo
11 hours ago
- Yahoo
Microsoft's July Patch Tuesday Update for Windows 11 Adds PC Migration Tool
Microsoft released its monthly Patch Tuesday update for Windows 11, KB5062553, on July 8. This update debuts a PC-to-PC migration tool, which is now visible in the Windows Backup app. Microsoft says that full migration support during PC setup will be added in a future update, and the rollout is happening in phases, as reported by XDA. The update also brings changes to the taskbar, which now resizes icons automatically if it becomes too crowded. In the European Economic Area, users are getting better and easier controls for setting default browsers and file associations, with a new one-click 'Set default' button in the settings. Browsers that can open PDF files can now be set as the default handler with a single click. The update also includes fixes to improve Windows Search speed and reduce screen flashes when changing GPU settings. Issues with notification sounds, app responsiveness after gaming, and crashes have been addressed as well. It also comes with fixes for 137 vulnerabilities, including one zero-day and quite a few critical flaws. The migration tool is still in its early stages. You may need to do some manual setup for advanced system settings and apps that are not from the Store. Microsoft says more support for the migration tool will come in future updates. You can get the update automatically through Windows Update, or you can download it manually from the Microsoft Update Catalog.
Yahoo
11 hours ago
- Yahoo
Microsoft Backtracks on 'Fixed' Windows 11 Firewall Issue
Microsoft is addressing an ongoing Windows 11 problem that triggers error messages in the Event Viewer. The issue, which began with the operating system's June 2025 preview update and was mistakenly marked as fixed earlier this month, causes an error with the label "Config Read Failed" to appear in the Events log each time a user restarts their PC. This error is recorded as Event ID 2042 for Windows Firewall With New Security. In a new update, Microsoft explained that this event log is connected to Windows Firewall and shows the message "More data is available." The company says these errors do not mean there is an actual problem with Windows Firewall. Instead, these alerts arise from a mysterious new functionality Microsoft is working on. As a result, the error message "can be safely ignored," the company noted. Microsoft initially announced that this bug had been fixed in its July Patch Tuesday updates. But the company later corrected itself, saying the issue had been marked as resolved by mistake. Microsoft apologized for the confusion and revealed that a real fix will be included in an update soon.
Tom's Guide
2 days ago
- Tom's Guide
Microsoft releases emergency security updates to fix SharePoint zero-day flaws — everything you need to know
Microsoft has released two emergency patches to address zero-day vulnerabilities that have been found in SharePoint RCE. Actively exploited in attacks, the two flaws (tracked as CVE-2025-53770 and CVE-2025-53771) are both 'ToolShell' attacks that compromise services and that build on flaws that were fixed as part of July's Patch Tuesday updates. As reported by Bleeping Computer, the new flaws were exploited by researchers back in May at a Berlin hacking contest. They did so by using a vulnerability chain that enabled the researchers to achieve remote code execution in Microsoft SharePoint. Threat actors were then able to use zero-day flaws that built on the patches from previous issues and have been conducting toolshell attacks on SharePoint servers that have directly affected over 50 organizations. The emergency patches that Microsoft has pushed out have fixed both flaws in Microsoft SharePoint Subscription Edition and SharePoint 2019 but there is currently no fix available for SharePoint 2016. Administrators should install the available updates immediately, and then rotate the machine keys as well as consider analyzing the logs and file system for the presence of malicious files or any evidence of exploitation. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button. Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Forbes
14-07-2025
- Forbes
Microsoft Security Update Breaks Windows 10 Search Feature
Windows 10 emoji search broken by security update. Let's get the elephant in the room out of the way to begin with: Security patching is critical to protecting your Windows computer and the data it uses. I refer to it as the apocryphal pachyderm because it often feels like Microsoft is doing its best to convince us otherwise through the sheer number of issues that its security patches cause. Want recent examples? I hope you are sitting down: Windows 11 update causes firewall error, Windows 10 update causes startup loop of death, scan for Windows updates stops working, Windows security update causes mass confusion. The latest Windows security update issue is no laughing matter, or crying, winking or grimacing for that matter. Here's what you need to know about the Patch Tuesday fix that appears to have broken emoji search for Windows 10 users. Microsoft Security Update Breaks Windows 10 Emoji Search As is often the case, the latest Windows security patch problem was first reported by a user on Reddit. Specifically, a user called Joé McKen, who posted to the Windows 10 subreddit on July 10 stating that: 'After installing the July 2025 cumulative update (KB5062554), the emoji picker still mostly works – you can call it up with (Win + .) and clicking an emoji pastes it correctly – but the emoji search function is completely bricked.' This was soon added to by a myriad of other Windows 10 users complaining of the same issue, and I have since confirmed it to be the case on my test machine. Now, fair enough, you may be thinking, 'What's the big deal with a search for smiley faces not working properly?' and you have a point, albeit simultaneously missing a much bigger one. While not being able to search for an emoji isn't the most significant issue I've ever encountered, it's part of a downward spiral of security updates causing problems. A spiral that suggests something isn't right in the process of ensuring that said fixes are bug-free before releasing them to the masses. And in the case of Windows 10, we are talking about masses in the order of at least 400 million users. And that, dear reader, is a huge problem. If the average user is dissuaded from applying security updates because they are concerned about what might break next, then it opens the door to hackers and cybercriminals. More accurately, it opens the window; the attack window. This is the time that a threat actor has to act between a vulnerability being disclosed and it being fixed on people's machines. Unpatched vulnerabilities are a prime cause of initial access when it comes to ransomware and assorted other cyberattacks. The longer you give threat actors to attack, the more you are at risk. Anything that damages the trust between the vendor, Microsoft, and the user is as much a threat as the hackers themselves, in my never humble opinion. So, while losing access to emoji searching for a bit while waiting for Microsoft to work out what went wrong and correct it isn't the biggest deal, the bigger picture is. I have approached Microsoft for a statement regarding the Patch Tuesday security update breaking Windows 10 emoji search.
Forbes
11-06-2025
- Forbes
Microsoft Issues Windows 10 And 11 Update As Attacks Already Underway
Microsoft issues security update as Windows attacks begin. Users of the Windows operating system, be that Windows 10, Windows 11 or any of the Windows Server variants, are used to reading Microsoft cyberattack warnings. Some warnings, however, are more critical than others. Whenever a Windows zero-day exploit is involved, then you really need to start paying close attention. These are the vulnerabilities that have not only been found by threat actors, but also exploited and are under attack already by the time that the vendor, in this case Microsoft, becomes aware of them. Microsoft, and by extension you, are then playing catch-up to get protected against the cyberattacks in question. Here's what you need to know about CVE-2025-33053 and what you need to do right now. Don't wait, update Windows right now. The June 10 Patch Tuesday security rollout has brought with it a few unwelcome surprises, as is often the case. None more so than CVE-2025-33053, which is not only a zero-day, in that it is already known to have been exploited by threat actors, but is also being leveraged widely by cyberattacks, and that's very worrying indeed for all Windows users. A Microsoft executive summary describes the threat from CVE-2025-33053 as 'external control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.' Or, in other words, a remote code execution vulnerability that can do some very bad things indeed. Tenable Research Special Operations has analyzed the threat, and Satnam Narang, the senior staff research engineer at Tenable, said that it has been confirmed in a Check Point Research report, a known threat group, Stealth Falcon, has 'launched a social engineering campaign to convince targets to open a malicious .url file, which would then exploit this vulnerability, giving them the ability to execute code.' That's problematical, as Narang explained, 'it is rare to hear of a zero-day reported during Patch Tuesday as being leveraged widely. We typically expect these types of zero-days to be used sparingly, with an intention to remain undetected for as long as possible.' All the more reason to get your systems updated as soon as possible. The attackers are not waiting, and neither should you. 'The advisory also has attack complexity as low,' Adam Barnett, lead software engineer at Rapid7, said, 'which means that exploitation does not require preparation of the target environment in any way that is beyond the attacker's control.' Indeed, exploitation just requires a user to click on a malicious link, oh what a surprise. 'It's not clear how an asset would be immediately vulnerable if the service isn't running,' Barnett concluded, adding 'but all versions of Windows receive a patch.' You know what to do, go and do it know.
