Search This Blog

Showing posts with label Windows 11. Show all posts

To Support Passkeys, 1Password has Joined Passage

Passkey functionality, which enables users to securely log in to apps and websites without a password, will be made accessible to 1Password's customers by early 2023, the company announced.

Passkeys, which employ the WebAuthn standard developed by the FIDO Alliance and the World Wide Web Consortium, replace passwords with cryptographic key pairs that enable users to sign into accounts. These key pairs consist of a public key that can be shared and a private key that cannot be shared.

For users of Android devices, installing passwords on an Android phone or tablet is also simple. Passwords are simple to set up on an iPhone or iPad. In addition to extensions for various browsers, there still are versions for Linux, Windows 11, and macOS Ventura. The issue is that these platforms are beginning to ignore the password for the passkey.

Next year, 1Password will add support for passkeys, enabling users to log in without a password. Even for current users, the business has built up an interactive demo so they can see how the feature will operate once it is released.

Passkeys eliminate the requirement for a two-factor authentication code and are more resistant to phishing and compromised credentials than passwords in terms of password brute force attacks like password spraying.

It is accurate that 1Password claims that its version will have a few benefits over its rivals. Because it works with so many different operating systems, 1Password asserts that its passkeys are the only ones that support numerous devices and enable cross-platform synchronization.

The main benefits of passkeys, according to 1Password, are that they come with strong default encryption and do not need to be memorized because they are saved on the device, while the private key is kept private from the website being signed into. Furthermore, the private key cannot be deduced from the public key.

The world of authentication will alter as a result of passwordless technologies. This partnership must make it substantially simpler for businesses to integrate a safe, password-free authentication flow into their products in order for it to grow.


PowerToys Releases Version 0.64 With File LockSmith and Host File Editor

 

Microsoft has recently released the latest version of the PowerToys toolset, PowerToys 0.64 to the public. The new version will aid Windows users in finding the processes using selected files and unlock the same without the use of a third-party tool. 

PowerToy 0.64 additionally comes with significant enhancements in File Locksmith and Host File Editor. The first program, File Locksmith gives File Explorer a “What’s using the file?” context menu entry. It displays which Windows processes are currently using the file. 

The primary purpose of File LockSmith is to provide users with information that Windows does not provide when activities like delete or move are being executed. In case a file is in use, certain actions may not be performed by the operating system. Windows do not provide certain important information about that to the user, but File LockSmith does so.  

The second program, the Host File tool allows a user to edit the Hosts file in Window11 (or Window10) via an appropriate editor UI, instead of the user having to use Notepad. For example, the Hosts file allows users to block access to certain domains. Having this UI should make it a little less difficult to make changes to it. 

In addition to this, the PowerToy settings now possess a new feature that allows users to export or import the current settings from a file, making it easier to migrate settings across devices as per user requirements. Users now have the option to back up and restore the settings, which is useful in case PowerToy is running on various devices, or simply for backup purposes. 

Moreover, Microsoft has also made enhancements in FancyZones that lets a user set default behaviors for horizontal and vertical screens. The improvements are done, as in some cases monitor IDs tend to get reset, additionally, FancyZones settings do not apply anymore. With the latest enhancements, even if the aforementioned situation occurs, the user layout should at least make some sense based on the orientation of his screen.

Performance Hit Experienced By File Copying Due to Windows 11 22H2

 


According to reports, Microsoft began rolling out Windows 11 version 22H2 last month, just a few months after announcing it. The experience has not been completely smooth as one might think. 

"22H2 has a performance problem when copying large files from a remote computer to a Windows 11 computer or when copying files on a local drive," explains Ned Pyle, Principal Program Manager at Windows Server engineering.

There have been several reports of users reporting that the update failed with an error code of "0x800f0806". Interestingly enough, one of our Neowin members was able to figure out a workaround for this problem. There are also the usual suspects, like printer problems as a result of a revised printer policy that leads to printers not being detected after the 2022 Update, which can result in a lot of frustration. 

There was another related issue that caused Microsoft to block the whole update on affected devices due to this problem. Afterward, Microsoft issued a warning to IT admins on the issue, stating that provisioning for Windows 11 22H2 is currently broken, as it discovered the existence of this issue.

Additionally, the Redmond-based firm revisited another problem that was resulting in the massive slow-down in the speed at which large files could be copied remotely on 22H2 systems as a result of a power failure. 

There have been reports that speeds are around 40% lower than expected, according to the company. Although users are experiencing more performance issues than before, the situation seems to be getting increasingly problematic.

Earlier this week, Microsoft released KB5017389 preview cumulative update for Windows operating systems. This update included the fixes for this issue as well as a free trial of the update for those who have not yet downloaded it. The support document provides more information regarding this issue and also offers a free trial of the release.

It might take longer than expected for Windows 11 version 22H2 to copy large files with multiple gigabytes (GB) to complete the task as previously thought.

Despite the newly acknowledged issue, Microsoft added that Windows devices that are used in small or personal networks are less likely to be affected by it than those used for business networks.

A workaround is available for this issue, it has also been reported that Microsoft has shared a workaround for customers who are affected by the known issue after updating their devices to Windows 11 22H2.

There are several ways in which impacted users can mitigate the performance hit of file copying over SMB by using file copy tools that do not use a cache manager (buffered I/O) such as any of the freeware applications available on the Internet.

To resolve this issue, Microsoft is currently investigating and working on a solution to address it. As part of a future release, the issue will be addressed in a more detailed way, and this will be included in a more detailed update. 

It has been more than two years since Microsoft released Windows 11 22H2, and they have now added compatibility holds to make sure the upgrade is no longer available on some systems, due to printer problems or blue screens.

As part of this week's announcement, Microsoft confirmed that the Windows 11 2022 Update is also causing provisioning issues, which is causing Windows 11 endpoints to be partially configured and not complete the installation process. 

After entering a new deployment phase on Tuesday, October 4, Windows 11 22H2 is now available to all seekers on qualifying devices, and it has been installed on some of the devices already.

Microsoft Adds Default Account Lockout Policy in Windows 11 to Block RDP Brute-Force Attacks

 

In the latest Windows 11 builds, Microsoft introduced default Account Lockout Policy which will automatically lock user accounts after 10 consecutive failed login attempts for 10 minutes. 

The account brute forcing process involves inputting a massive number of passwords consecutively using automated tools. The new policy blocks such attacks and can be found in Windows 11 Insider Preview Build 22528.1000 and newer. 

"Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," David Weston, Microsoft's VP for Enterprise and OS Security, stated. "This technique is commonly used in Human Operated Ransomware and other attacks - this control will make brute forcing much harder which is awesome!" 

Brute forcing credentials is a common methodology employed by hackers to infiltrate Windows systems via Remote Desktop Protocol (RDP) when they don't know the account passwords. The use of Remote Desktop Services is so popular among hackers that the FBI said RDP is responsible for nearly 70-80% of all network breaches leading to ransomware assaults. 

The tech giant is gradually blocking all entry vectors employed by ransomware attackers to infiltrate Windows networks and systems. Earlier this year, Microsoft made some security-focused changes including auto-blocking Office macros in downloaded documents and enabling multi-factor authentication (MFA) in Azure AD. The change was temporarily rolled back earlier this month, but it’s back now. 

“We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share,” Kellie Eickmeyer, Principal Program Manager at Microsoft, announced on Wednesday. 

Windows 10 systems also come with an Account Lockout Policy but are not enabled by default, allowing hackers to brute force their way into Windows systems with exploited Remote Desktop Protocol (RDP) services. Admins can enable this policy on Windows 10 in the Group Policy Management Console from Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy. 

This is a major step taken to enhance security since many RDP servers, particularly those used to assist teleworkers access corporate assets, are directly exposed to the Internet, exposing the businesses' network to attacks when poorly configured.

Microsoft Launches New Privacy Features for Windows 11

 

Microsoft is developing a new privacy dashboard to patch its vulnerabilities for Windows 11 that will allow users to view which apps and tools have access to sensitive hardware components such as the camera, microphone, location, phone calls, messages, and screenshots. It's included in one of June Windows 11 Preview Builds and now is ready for testing in the Dev Channel for Windows Insiders.

Users will be able to view the newly implemented tool in the Privacy & Security > App Permissions section, where a "Recent activity" option will be available, as per Microsoft. Users will be able to locate the monitored category of information in this section. "Once clicked, it will show every instance of one of the programs installed on a user's machine that has recently accessed sensitive devices and information," says the next step. Even though the list contains information about the most recent time the program accessed the service, clicking on any of the entries yields no additional information.

Several users would be able to proactively protect themselves from ransomware and phishing attacks that are unwittingly deployed by malicious actors due to this additional layer of privacy. Malware or malicious software may obtain access to a user's privacy in some cases via spying on its camera or microphone, or by reading file paths, process IDs, or process names.

If Windows Hello is turned off, your PC will be unable to access your camera. Some apps use the Camera app to capture pictures, by the Camera app's camera access setting. No images will be taken and sent to the app that accessed them unless you manually select the capture button in the Camera app.

Desktop apps can be downloaded from the internet, stored on a USB drive, or installed by your IT administrator. Microsoft has not yet officially launched this new privacy option, according to its Windows Insider Blog. This information comes from Microsoft's Vice President of Enterprise and OS Security, David Weston, in a tweet on Thursday. 

Windows has never had a privacy feature as useful as this, but it appears that Microsoft is working to strengthen the operating system's privacy controls. With Android version 12, Google provided a similar capability, although its execution is far from satisfactory.

New Variant of Magniber Ransomware is Targeting Windows 11 Users

 

Security analysts at 360 Security Center have unearthed a new strain of Magniber ransomware targeting Windows 11 systems. Since May 25, the attack volume of Magniber has surged significantly, and its primary transmission package names have also been upgraded, such as: win10-11_system_upgrade_software.msi, covid.warning.readme.xxxxxxxx.msi, etc. 

The ransomware is propagated via several online platforms, cracked software websites, fake pornographic websites, etc. When users visit these phony websites, they are lured to download from third-party network disks. 

According to researchers, the ransomware itself has not changed much, and can target multiple variants of Windows operating systems. The ransomware employs the RSA+AES encryption methodology to encrypt files. The RSA used is as long as 2048 bits, which is currently difficult to crack technically. 

After being encrypted by the ransomware, the file suffix is a random suffix, and each victim will have a separate payment page. If the ransom cannot be paid within the specified time, the link will be invalid. If the victim can pay the ransom within 5 days, he only needs to pay 0.09 Bitcoin, else the ransom will be doubled after 5 days. 

This is the second incident within two months hackers targeted Windows users. Earlier in April, the malicious actors employed fake Windows 10 updates to spread the Magniber ransomware strain. The fake Windows 10 updates were distributed under multiple names such as Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi via platforms such as pirated sites, posing as legitimate cumulative or security updates. 

The malicious campaign started on April 8th, 2022, and has witnessed massive distribution worldwide since then. Meanwhile, it remains unclear how the fake Windows 10 updates are being promoted and distributed from fake warez and crack sites. 

According to security researchers, no safe decryptor exists for ransomware. Additionally, any weaknesses of the malware are also known to reverse its infection as of yet. The ransomware presently targets regular users and students, and not corporate customers. Thus, the users need to remain vigilant, avoid downloading cracked versions, and use legit sites only. 

The ransomware was first spotted in 2017 targeting victims in South Korea. Back in 2021, the ransomware was using the PrintNightmare exploit to Target Windows users, and earlier this year in January, it was distributed via Microsoft Edge and Chrome.