Search This Blog

Showing posts with label Versions. Show all posts

PowerToys Releases Version 0.64 With File LockSmith and Host File Editor


Microsoft has recently released the latest version of the PowerToys toolset, PowerToys 0.64 to the public. The new version will aid Windows users in finding the processes using selected files and unlock the same without the use of a third-party tool. 

PowerToy 0.64 additionally comes with significant enhancements in File Locksmith and Host File Editor. The first program, File Locksmith gives File Explorer a “What’s using the file?” context menu entry. It displays which Windows processes are currently using the file. 

The primary purpose of File LockSmith is to provide users with information that Windows does not provide when activities like delete or move are being executed. In case a file is in use, certain actions may not be performed by the operating system. Windows do not provide certain important information about that to the user, but File LockSmith does so.  

The second program, the Host File tool allows a user to edit the Hosts file in Window11 (or Window10) via an appropriate editor UI, instead of the user having to use Notepad. For example, the Hosts file allows users to block access to certain domains. Having this UI should make it a little less difficult to make changes to it. 

In addition to this, the PowerToy settings now possess a new feature that allows users to export or import the current settings from a file, making it easier to migrate settings across devices as per user requirements. Users now have the option to back up and restore the settings, which is useful in case PowerToy is running on various devices, or simply for backup purposes. 

Moreover, Microsoft has also made enhancements in FancyZones that lets a user set default behaviors for horizontal and vertical screens. The improvements are done, as in some cases monitor IDs tend to get reset, additionally, FancyZones settings do not apply anymore. With the latest enhancements, even if the aforementioned situation occurs, the user layout should at least make some sense based on the orientation of his screen.

Fortinet Fix Multiple Path Traversal Vulnerabilities


Fortinet has patched a slew of security flaws in many of its endpoint security products. On Tuesday, the California-based cybersecurity behemoth, which accounts for more than a third of all firewall and unified threat management deployments globally, published a massive number of firmware and software upgrades (July 5). 

Multiple relative route traversal faults in FortiDeceptor's administrative interface, which sets up virtual computers that act as honeypots for network intruders, are among a quartet of high-severity problems (CVE-2022-30302). 

According to the accompanying Fortinet alert, abusing these may permit a remote and authorised attacker to obtain and delete arbitrary files from the underlying filesystem using carefully crafted web requests. Similarly, path traversal in the named pipe responsible for the FortiESNAC service might allow attackers to gain privilege escalation in Windows versions of the endpoint security and VPN application FortiClient (CVE-2021-41031). 

Meanwhile, the FortiNAC network access control system was vulnerable to a "empty password in configuration file vulnerability," which allowed an authorised attacker to access the MySQL databases via the command line interface (CLI) (CVE-2022-26117). 

Additional flaws

The other high severity issue, which affects the FortiAnalyzer security event analysis appliance, the FortiManager network management device, the FortiOS operating system, and the FortiProxy web proxy, "may allow a privileged attacker to execute arbitrary code or command via crafted CLI 'execute restore image' and 'execute certificate remote' TFTP protocol operations" (CVE-2021-43072). 

Meanwhile, FortiEDR endpoint security solution cross-site scripting (XSS) vulnerabilities (CVE-2022-29057); a privilege escalation issue in FortiManager and FortiAnalyzer (CVE-2022-26118); and stack-based buffer overflows in diagnostic CLI commands impacting FortiOS and FortiProxy (CVE-2022-26118) (CVE-2021-44170). 

The sixth and final medium severity problem affects FortiOS, FortiProxy, FortiSwitch ethernet switches, the FortiRecoder video surveillance system, and the FortiVoiceEnterprise communications system (CVE-2021-42755). Last but not least, a low severity XSS vulnerability impacts FortiOS (CVE-2022-23438).