
Windows users need to be on high alert. Microsoft has confirmed a critical vulnerability has been found in all versions of Windows which presents an immediate threat, and you need to act now.
A critical new zero-day hack has been found which affects all Windows versions.
Tracked as CVE-2021-34484, the “zero-day” flaw enables hackers to breach all versions of Windows (including Windows 10, Windows 11, and Windows Server 2022) and take control of your computer.
Microsoft mistakenly thought it had patched the vulnerability (which was first found in August) when it was publicly disclosed in October. But the fix itself was found to be flawed, something the company admitted, and this drew even more attention to the vulnerability. Microsoft subsequently promised to “take appropriate action to keep customers protected” but two weeks later, a new fix has still not arrived.
Luckily the third-party security specialist 0patch has beaten Microsoft to the punch with a ‘micropatch that it has now made available for all Windows users “Micropatches for this vulnerability will be free until Microsoft has issued an official fix," 0patch confirmed.
You will need to register for a 0patch account and install its download agent before the fix can be applied, but with 0patch fast becoming a go-to destination for hot fixes which beat software companies to the punch this is a no brainer. Hopes will be high that Microsoft can release an effective patch sooner rather than later but, until then, all Windows users must act now if they want to be safe.
Download 0patch here:
https://blog.0patch.com/2021/11/micropatching-incompletely-patched.html
cd %windir%system32config
reagentc /disable
reagentc /enable
Hive ransomware has been targeting Microsoft exchange servers lately vulnerable to ProxyShell security issues in order to deploy various backdoors. Once the backdoor has been placed various attacks can be performed including but not limited to network reconnaissance, stealing admin accounts, taking valuable data, and even installing and deploying file-encrypting algorithms.
ProxyShell is a set of three vulnerabilities in the Microsoft Exchange Server that allows remote code execution without authentication on vulnerable deployments. The flaw has been used in past by various ransomware like Conti, BlackByte, Babuk, Cuba, and LockFile.
Security vulnerabilities have been reported to be fully patched on May 2021 but how Hive was able to still be successful in exploiting PowerShell and infiltrating into the system there seems to be still some unpatched and open issues.
Hive has gone a long way since it was first observed in the wild back in June 2021, having a successful start that prompted the FBI to release a dedicated report on its tactics and indicators of compromise.
In October 2021, the Hive gang added Linux and FreeBSD variants, and in December it became one of the most active ransomware operations in attack frequency.
Last month, researchers at Sentinel Labs reported on a new payload-hiding obfuscation method employed by Hive, which indicates active development.
wmic baseboard get product,version,serialnumber,product
runas /user:yourdomainadministrator commandThat is all that we have for you today, I certainly hope you have found something useful here and that we have managed to teach you some valuable things.
“0x80070BC9 – ERROR_FAIL_REBOOT_REQUIRED. The requested operation failed. A system reboot is required to roll back changes made.”This kind of Windows Update error is most likely caused by a newly installed problematic software, corrupted Windows Update files, or policies that restrict the behavior of the Windows Module Installer. The Windows Module Installer, also known as “WMIW” or “TiWorker.exe”, is the one that checks for new updates from the Windows server and installs them on your computer. This is why you need to make sure that you do not have any policies that control the start behavior of the Windows Module Installer since this service must not be hardened to any start value and should be managed by the operating system. To resolve the Windows Update error code 0x80070BC9, you can check out the options provided below.
DISM.exe /Online /Cleanup-image /Scanhealth DISM.exe /Online /Cleanup-image /Restorehealth