Jump to content

Search the Community

Showing results for tags 'bug'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. Google is investigating reports of black screens showing up on users' Chromebooks when trying to log into their Chrome OS accounts. The company has acknowledged this issue on the Google Customer Care Portal almost one hour ago and is yet to provide updates or a workaround for customers impacted by this bug. "We are aware of issues with users unable to login to Chrome OS devices and looping back to the login screen. Engineering is continuing to investigate this issue," the company said. Google hasn't yet shared the operating system versions impacted by this issue as the status page only lists Chrome OS as the affected product. Chromebook customers are sharing reports of not being able to sign into their devices across several channels, including Google's help community and social media. Some incoming reports say that 80% of users on a network aren't currently able to sign in as they're automatically kicked back onto the login screen. Others shared that the only sign their Chromebook is on is that the screen lights up even though it is entirely black. "I can still turn the brightness up and down, but nothing else," a report reads. "I have tried fulling shutting it down, and doing a hard reset with the refresh button and power button. Neither worked." "I have tried fully powering it off (Holding the button down 30 seconds), and I have tried a hard reset (Holding the refresh button and then pressing the power button) but neither has worked," another report says. Two months ago, Chromebook users were hit by another severe issue blocking them from logging into their devices after updating to Chrome OS 91.0.4472.165. Affected customers should wait for a fix to be deployed by Google and download the update using the steps available here. Until Google gets to the bottom of the current black screen bug, impacted users might also be able to work around the issue by rolling back the Chrome OS device to a previous version via USB or powerwashing (resetting their Chromebooks to factory settings). Before resetting or rolling back to a previous on your device, be aware that you should back up your files to an external hard drive or on Google Drive because all information on your Chromebook's hard drive, including all files in the Downloads folder, will be erased. Chromebooks enrolled on a work or school network will have to be reset by the administrator who manages your Google device. A Google spokesperson was not available for comment when contacted by BleepingComputer earlier today. Google Chromebook bug causes black screens after login
  2. Microsoft accidentally broke the Start menu and taskbar on systems of Windows Insiders after pushing a Teams promo to the desktops of users running Windows 11 preview builds. While the company didn't explain the reason behind Dev and Beta Channel Insiders experiencing Start menu and taskbar unresponsive and having issues accessing other OS areas, including Settings, developer Daniel Aleksandersen discovered that a buggy promo deployment caused the problem. "The problem wasn’t caused by an update delivered through Windows Update," Aleksandersen explained."Instead, it was caused by a small file [..] [that] contained an advertisement for Microsoft Teams." "The promo intended to promote the upcoming operating system’s integration with Microsoft Teams Instead, it caused Explorer (the Windows desktop shell) to stop responding and left users without a working Start menu and taskbar." Windows 11 Teams promo (Daniel Aleksandersen) Windows Insiders impacted by this issue reported that they couldn't use their computers because Explorer and the Taskbar are gone, and the Windows desktop shell is not accessible even after reinstalling the system. After being flooded with reports, Microsoft acknowledged the issue and pinned it on a "server-side deployment" problem. "Recently, Windows Insiders in both the Dev and Beta Channels began reporting that Start and Taskbar were unresponsive and Settings and other areas of the OS wouldn’t load," Microsoft said. "We quickly discovered an issue with a server-side deployment that went out to Insiders and canceled that deployment." Windows Insiders whose computers' were impacted by the buggy Teams promo need to go through the following steps to get their PCs back into a working state: Step 1: Use CTRL-ALT-DEL and choose to open Task Manager. Step 2: Choose “More details” at the bottom of Task Manager to expand Task Manager. Step 3: Go to “File” and choose “Run new task.” Step 4: Type “cmd” in the “Open” field. Step 5: Paste the following (everything in bold): reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\IrisService /f && shutdown -r -t 0 Step 6: Hit enter, and then your PC should reboot. After rebooting, everything should be back to normal. Update: When asked for more details about this issue, a Microsoft spokesperson told BleepingComputer that "Microsoft has nothing to share on this topic besides the update published in this Windows Insider Blog: Announcing Windows 11 Insider Preview Build 22449 | Windows Insider Blog and tweet from the Windows Insider Twitter." Microsoft breaks Windows 11 Start Menu, Taskbar with Teams promo
  3. Google says that users of some Android phone models are affected by a Google App bug preventing them from making and receiving calls. "After the latest update to the Google Search App on Android, the users of certain mobile phones are experiencing difficulty in receiving and making calls," a Google community manager said earlier today. The company has released an update that should likely fix this known issue on impacted Android devices. "We are currently looking into the matter and have released a new version of the app which should address the issue," Google added. While most users' phones will automatically install the Google app update the search giant published on Sunday, those who have disabled automatic updates on their device will have to install it manually from the Google Play Store. However, given that the Google Android app has over 5 billion installs worldwide, some percentage of users are likely still affected even with automatic updates toggled on. To ensure that you have the latest version installed on your phone, you need to follow these steps to update it manually: Search for the 'Google' app on 'Google Play' (or click here). Tap the Update button. LG devices likely the ones affected by the bug While Google did not share the Android phone models impacted by this Google app bug, user reports over the weekend have only mentioned LG devices such as LG G7, LG G7 ThinQ, LG V40 ThinQ, and LG Q70. Users confirmed Google's findings, saying that they could only make calls after reaching out to their carriers' support team and uninstalling or updating the buggy Google app version. "You need a lot more vigilance on QA for your updates so they the patch/update doesn't disable my phone's ability to make and receive calls," one user said in a review published today. "Like the last one did this patch/update fixed it, BUT it should of NEVER HAPPENED with proper QA." Even though some have confirmed that Google's latest update has fixed the issue blocking their calls, others had to remove the app altogether to restore their phones' call feature. "The phone worked fine before the update, no longer worked after the update and works again once I uninstalled the update," a user reported. "The update seems to cause the problem, as stated in my previous review." A Google spokesperson was not available for comment when BleepingComputer reached out for a list of impacted Android phone models earlier today. Google App bug blocks Android users from receiving, making calls
  4. Mitch McCarley reports that his clients are impacted by the August patches and multi-user QuickBooks. It looks like the August 2021 Windows Updates are causing an issue in QuickBooks. We are unable to open QB in multi-user mode, and also QB is having a hard time opening QB data files on mapped drives. Intuit Support said it’s a known issue possibly related to recent Windows Updates and there is no fix at this time. He went on to say There were a few issues: – QB could not switch to multi-user mode. – QB could no longer find the previously opened file. When I tried to browse to the mapped drive, the mapped drive not listed under This PC in the QB explorer. – With Network Discovery on and the required services enable, I could browse the network to the server and find the data file. – I could open the file directly from the mapped drive. Intuit Support only knew there was “known issue probably related to a Windows Update”, but had no other details. I’m also still tracking issues with group policy deployed printers. Microsoft has made a mess of the printer deployment via group policy. If you have v3 printer drivers they are prompting for administrative rights. If you are an IT pro I’ll urge you to join the conversation on the patchmanagement.org list where everyone is still trying to figure out a solid solution. A reminder for home/consumer users: If the patch is installed and you have no issues with printing, leave the patch installed, don’t uninstall it. August updates causing issues with multi user QuickBooks
  5. Microsoft acknowledges the blurry News and Interests text issue on Windows 10 Earlier this year, Microsoft introduced News and Interests, a feature that allowed Windows 10 users to access weather, news, traffic updates and more directly from the taskbar. Just last month, Microsoft started rolling out the News and Interests feature to all the Windows 10 users. However, soon after the update was released, users started complaining about the blurry text in News and Interests on the taskbar. Earlier today, Microsoft updated its Windows 10 Health Dashboard page to acknowledge the bug. The company wrote: Certain display configurations might cause blurry text on the news and interests button in the Windows taskbar. The company also noted that it is working on a fix which will be available in an "upcoming release". However, it did not specify the display configurations that are affected by the bug or when can users expect a patch. In the meantime, users can navigate to Settings > System > Display and set the recommended Scale and Layout. Furthermore, they can also switch News and Interests to 'icon only' which will hide the text and will act as a temporary workaround for the problem. If you are not happy with the feature then you can follow our guide to turn off the News and Interests widget permanently. Microsoft acknowledges the blurry News and Interests text issue on Windows 10
  6. Microsoft Teams hit by a bug, wants users to select a certificate [Update] Microsoft Teams seems to be experiencing a bug since this morning. A recent update seems to have caused a "Select a certificate" prompt to be displayed to Teams users before they can use the software. The issue shows up when the service tries to reach us-prod.asyncgw.teams.microsoft.com while signing into the service. The prompt displays to users even before they can log in to use the software. Microsoft has acknowledged the bug and is tracking the issue under the 'TM261228' advisory, where the company said: "We've determined a recent deployment, designed to improve service performance, is inadvertently causing impact. We're reverting the update while we monitor the affected environment to validate that it resolves the issue." Microsoft Teams users in Brazil, Costa Rica, APAC, EMEA, and EU are reported to be receiving the errors. However, Microsoft says only those users served through the infrastructure in North America are affected. Some users have been able to use the service by restarting the Microsoft Teams client. Update: Microsoft has tweeted that it has reverted the update that caused the issue and can confirm that the service is restored and functional. Source: Microsoft via Bleeping Computer Microsoft Teams hit by a bug, wants users to select a certificate [Update]
  7. Windows 10 KB5003214 update causes taskbar display glitches The latest Windows 10 2004, 20H2, and 21H1 preview update is causing display issues and glitches on the taskbar's system tray. Last week, Microsoft released the optional Window 10 KB5003214 preview update so that users and the enterprise can test the fixes coming in the mandatory June 2021 Patch Tuesday updates. This update also enables the new Windows 10 News and Interests taskbar news feed for all users of Windows 10 2004 and later. Since installing this update, numerous users report that the system tray in the Windows 10 taskbar began having display glitches where tray icons disappear, get pushed to the right, overlay each other, or get pushed off the edge of the screen. "I'm experiencing an issue that I've traced to the new "News and interests" taskbar feature. I got this feature recently - within the last few weeks, I don't recall exactly because I shut it off immediately - and things were fine," a user posted on Reddit. "But after a few updates yesterday (21H1, KB5003214, KB5003254), the notification area in the far right edge of the taskbar began behaving strangely." An example of these display glitches is shown below, where you can see the system tray icons all overlaying each other in a mess. System tray display glitches Source: Reddit After users experimented with different settings, it was determined that the bug is caused by disabling the News and Interests widget on the taskbar. Once disabled and a new system tray icon is shown, it triggers the glitch. Once you enable the News and Interests widget again on the taskbar, the icons begin to display correctly. Windows 10 users affected by this bug found that it could be fixed by uninstalling the KB5003214 preview update, but unless Microsoft fixes the issue before June 8th's Patch Tuesday, all users will be faced with this issue. H/T WindowsLatest Windows 10 KB5003214 update causes taskbar display glitches
  8. Microsoft Outlook bug prevents viewing or creating email worldwide A Microsoft Outlook update released today for the desktop client introduced bugs that prevent users from creating or viewing mail. Today, Microsoft released Outlook version 2104 build 13929.20372, and after installing the update, users of the click-to-run desktop client found that they could no longer properly view emails or create new ones. When attempting to view an email, instead of seeing the entire message body, they only see a small portion or a single line of the email message, as shown below. Missing Outlook email content Source: BleepingComputer To make it even more frustrating, when creating a new email message, every time you press enter, all the previously written content will be removed, as shown below. Outlook email text disappearing when you press enter Source: BleepingComputer The Microsoft 365 Status Twitter account has tweeted that they are investigating an issue with "email message visibility in Outlook," and that Outlook on the Web is unaffected. In an incident status message in the Microsoft 365 Admin Center titled 'EX255650: Issue affecting viewing email content in Outlook', Microsoft suggests users use web and mobile clients until the issue is resolved. Title: Issue affecting viewing email content in Outlook User Impact: Users may be unable to view email message content within Outlook. More info: Initial reports indicate that Outlook on the web is unaffected and users with access to Outlook on the web can view email messages there while we work on a solution. Current status: We're gathering and analyzing data in an effort to isolate the cause of impact. Initial reports indicate that impact is specific to the Outlook client and users with access to other protocols, such as Outlook on the web or the Outlook mobile app, can view message content in those platforms as a potential workaround. Scope of impact: This issue could affect any user attempting to view an email message in the Outlook client. How to fix the Microsoft Outlook issues If you are experiencing this issue in Microsoft Outlook, users have reported that you can fix the bug by rolling back to a previous Microsoft Outlook version. BleepingComputer has tested this method, and it resolved the problems in our Outlook desktop client. Method 1: Roll back Microsoft Office to latest April 2021 release To roll back to the April 23rd, 2021, release and fix the Microsoft Outlook problems, please follow these steps: Open a command prompt by clicking on the Start Menu and typing CMD. When the 'Command Prompt' result appears, click on it. In the command prompt type cd "C:\Program Files\Common Files\microsoft shared\ClickToRun" and press enter. You will now be in the ClickToRun folder. Type officec2rclient.exe /update user updatetoversion=16.0.13901.20462 and press enter. Entering commands in Command Prompt Microsoft Office will now download the specified version of Microsoft Office and roll back to that previous version. Please be patient as this may take a few minutes or longer, depending on your computer and Internet connection speed. Rolling back Microsoft Office to the previous version When the updates are finished installing, you will be shown a screen stating 'Updates were installed.' You can press the Close button on this screen. Microsoft Office updates were installed Microsoft Outlook will now be rolled back to the previous version, and you should be able to start Microsoft Outlook again. You can now close the Command Prompt by clicking on the X button. Please let us know if this works for you. This is a developing story. Source: Microsoft Outlook bug prevents viewing or creating email worldwide
  9. SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered. A vulnerability in an SDK that allows users to make video calls in apps like eHarmony, Plenty of Fish, MeetMe and Skout allows threat actors to spy on private calls without the user knowing. Researchers discovered the flaw, CVE-2020-25605, in a video-calling SDK from a Santa Clara, Calif.-based company called Agora while doing a security audit last year of personal robot called “temi,” which uses the toolkit. Agora provides developer tools and building blocks for providing real-time engagement in apps, and documentation and code repositories for its SDKs are available online. Healthcare apps such as Talkspace, Practo and Dr. First’s Backline, among various others, also use the SDK for their call technology. SDK Bug Could Have Impacted Millions Due to its shared use in a number of popular apps, the flaw has the potential to affect “millions–potentially billions–of users,” reported Douglas McKee, principal engineer and senior security researcher at McAfee Advanced Threat Research (ATR), on Wednesday. McKee said he did not find evidence of the bug is being exploited in the wild. The flaw makes it easy for third parties to access details about setting up video calls from within the SDK across various apps due to their unencrypted, cleartext transmission. This paves the way for remote attackers to “obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic,” according to the vulnerability’s CVE description. Researchers reported this research to Agora.io on April 20, 2020. The flaw remained unpatched for about eight months until Dec. 17, 2020 when the company released a new SDK, version 3.2.1, “which mitigated the vulnerability and eliminated the corresponding threat to users,” McKee said. Researchers first were alerted to an issue when, during their analysis of the temi ecosystem, they found a hardcoded key in the Android app that pairs with the temi robot. Upon further exploration, they found a connection to the Agora SDK through “detailed logging” by developers to the Agora.io dashboard, McKee said. Upon examination of the Agora video SDK, researchers discovered that it allows information to be sent in plaintext across the network to initiate a video call. They then ran tests using sample apps from Agora to see if third parties could leverage this scenario to spy on a user. SDK Bug Allows Attackers to Circumvent Encryption What they discovered through a series of steps is that they can, a scenario that affects various apps using the SDK, according to McKee. Further, threat actors can hijack key details about calls being made from within apps even if encryption is enabled on the app, he said. The first step for an attacker to exploit the vulnerability is to identify the proper network traffic he or she wants to target. ATR achieved this by building a network layer in less than 50 lines of code using a Python framework called Scapy “to help easily identify the traffic the attacker cares about,” McKee explained. “This was done by reviewing the video call traffic and reverse-engineering the protocol,” he said. In this way researchers were able to sniff network traffic to gather information pertaining to a call of interest and then launch their own Agora video applications to join the call, “completely unnoticed by normal users,” McKee wrote. While developers do have the option in the Agora SDK to encrypt the call, key details about the calls are still sent in plaintext, allowing attackers to acquire these values and use the ID of the associated app “to host their own calls at the cost of the app developer,” McKee explained. However, if developers encrypt calls using the SDK, attackers can’t view video or hear audio of the call, he said. Still, while this encryption is available, it’s not widely adopted, McKee added, “making this mitigation largely impractical” for developers. Other Apps Impacted by Faulty SDK In fact, in addition to temi, researchers examined a cross-section of apps on Google Play that use Agora—including MeetMe, Skout and Nimo TV—and found that all four of the applications have hardcoded App IDs that allow access to call details and do not enable encryption. “Even though the encryption functions are being called, the application developers are actually disabling the encryption based on this documentation,” McKee explained. “Without encryption enabled and the setup information passed in cleartext, an attacker can spy on a very large range of users.” Agora did not immediately respond to an email request for comment sent by Threatpost on Thursday. ATR said the company “was very receptive and responsive to receiving” information about the vulnerability, and that after testing the SDK they “can confirm it fully mitigates CVE-2020-25605.” Source: SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps
  10. Google Photos Videos Were Shared With Strangers Google's Takeout service was designed to let people download their data, but accidentally sent videos from Google Photos accounts to strangers. Google has confirmed videos saved in your Google Photos account could have been sent to a stranger because of a "technical issue." As reported by 9to5Google, the issue was rooted in Google's Takeout service which is designed to let people download their data. However, from Nov. 21 to Nov. 25 last year those backups could have had videos that "incorrectly exported to unrelated users' archives." Even though some videos could have been shared with other people, Google has not been specific as to which videos were shared. Instead, the tech giant says that "one or more videos in your Google Photos account was affected by this issue." In a statement, Google said: "We are notifying people about a bug that may have affected users who used Google Takeout to export their Google Photos content between November 21 and November 25. These users may have received either an incomplete archive, or videos—not photos—that were not theirs. We fixed the underlying issue and have conducted an in-depth analysis to help prevent this from ever happening again. We are very sorry this happened." Google also says that the issue affected less than 0.01 percent of Photos users attempting Takeouts, and no other product was affected. However, since Google Photos has over one billion users, even such a small percentage means around 100,000 people potentially had their videos shared with strangers. Source: Google Photos Videos Were Shared With Strangers
  11. New Docker Container Escape Bug Affects Microsoft Azure Functions Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure compute infrastructure. Following disclosure to Microsoft, the Windows maker is said to have "determined that the vulnerability has no security impact on Function users, since the host itself is still protected by another defense boundary against the elevated position we reached in the container host." Azure Functions, analogous to Amazon AWS Lambda, is a serverless solution that allows users to run event-triggered code without having to provision or manage infrastructure explicitly while simultaneously making it possible to scale and allocate compute and resources based on demand. By incorporating Docker into the mix, it makes it possible for developers to easily deploy and run Azure Functions either in the cloud or on-premises. Since the trigger code is an event (e.g., an HTTP request) that is configured to call an Azure Function, the researchers first created an HTTP trigger to gain a foothold over the Function container, using it to find sockets belonging to processes with "root" privileges. From there, one such privileged process associated with a "Mesh" binary was identified to contain a flaw that could be exploited to grant the "app" user that runs the above Function root permissions. While the Mesh binary in itself had little to no documentation to explain its purpose, Intezer researchers found references to it in a public Docker image, which they used to reverse engineer and achieve privilege escalation. In the final step, the extended privileges assigned to the container (using the "--privileged" flag) were abused to escape the Docker container and run an arbitrary command on the host. Intezer has also released a proof-of-concept (PoC) exploit code on GitHub to probe the Docker host environment. "Instances like this underscore that vulnerabilities are sometimes out of the cloud user's control," Intezer Labs researchers said. "Attackers can find a way inside through vulnerable third-party software. "It's critical that you have protection measures in place to detect and terminate when the attacker executes unauthorized code in your production environment. This Zero Trust mentality is even echoed by Microsoft." Source: New Docker Container Escape Bug Affects Microsoft Azure Functions
  12. Some M1 Mac users reporting screensaver takeover bug Including me Photo by Vjeran Pavic / The Verge I picked up a new MacBook Air with Apple’s M1 chip, and I’ve absolutely loved it so far. It’s really speedy and the battery is fantastic. But I’ve been dealing with one nagging issue. Every once in a while, for reasons that I haven’t been able to figure out, a screensaver will suddenly take over the entire computer — despite the fact that I never use a screensaver. And frustratingly, the screensaver renders my laptop inoperable until I completely close the screen and reopen it. It seems I’m not the only one seeing this bug, according to this MacRumors article. Others have shared similar issues with M1-equipped MacBook Airs, Pros, and Minis on MacRumors’ forums, Reddit (in a few threads), and Apple’s support forums. And one user on MacRumors said they’ve seen the bug on their 16-inch MacBook Pro, which has an Intel chip, so perhaps this is a problem with macOS Big Sur. Here’s a video of the bug, shared by MacRumors forum member dawideksl: Many people reporting the issue in this Reddit thread say they have multiple accounts on the same computer. And for what it’s worth, I’ve set up two accounts on my MacBook Air. One user on Apple’s support forums disabled Fast User Switching and said they weren’t seeing the screensaver, so perhaps that’s a workaround until Apple addresses the bug. Apple didn’t immediately reply to a request for comment. Some M1 Mac users reporting screensaver takeover bug
  13. Windows 10 bug crashes your PC when you access this location A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands. Last week, BleepingComputer learned of two bugs disclosed on Twitter by a Windows security researcher that can be abused by attackers in various attacks. The first bug allows an unprivileged user or program to enter a single command that causes an NTFS volume to become marked as corrupted. While chkdsk resolved this issue in many tests, one of our tests showed that the command caused corruption on a hard drive that prevented Windows from starting. Today, we look at the second bug that causes Windows 10 to perform a BSOD crash by merely attempting to open an unusual path. Opening this path causes a BSOD Since October, Windows security researcher Jonas Lykkegaard has tweeted numerous times about a path that would immediately cause Windows 10 to crash and display a BSOD when entered into the Chrome address bar. When developers want to interact with Windows devices directly, they can pass a Win32 device namespace path as an argument to various Windows programming functions. For example, this allows an application to interact directly with a physical disk without going through the file system. Lykkegaard told BleepingComputer that he discovered the following Win32 device namespace path for the 'console multiplexer driver' that he believes is used for 'kernel / usermode ipc.' When opening the path in various ways, even from low-privileged users, it would cause Windows 10 to crash. \\.\globalroot\device\condrv\kernelconnect When connecting to this device, developers are expected to pass along the 'attach' extended attribute to communicate with the device properly. CDCreateKernlConnection showing the 'attach' extended attribute Lykkegaard discovered if you try to connect to the path without passing the attribute due to improper error checking, it will cause an exception that causes a Blue Screen of Death (BSOD) crash in Windows 10. Even worse, low privileged Windows users can attempt to connect to the device using this path, making it easy for any program executed on a computer to crash Windows 10. In our tests, we have confirmed this bug to be present on Windows 10 version 1709 and later. BleepingComputer was unable to test it in earlier versions. BleepingComputer reached out to Microsoft last week to learn if they knew of the bug already and if they would fix the bug. “Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible,” a Microsoft spokesperson told BleepingComputer. Threat actors can abuse the bug While it has not been determined if this bug could be exploited for remote code execution or elevation privilege, in its current form, it can be used as a denial of service attack on a computer. Lykkegaard shared with BleepingComputer a Windows URL file (.url) with a setting pointing to \\.\globalroot\device\condrv\kernelconnect. When the file is downloaded, Windows 10 would try to render the URL file's icon from the problematic path and automatically crash Windows 10. BSOD caused by accessing the \\.\globalroot\device\condrv\kernelconnect BleepingComputer has since found numerous other ways to exploit this bug, including methods to cause BSODs automatically on Windows login. In a real-life scenario, this bug could be abused by threat actors who have access to a network and want to cover their trail during an attack. If they have admin credentials, they could remotely execute a command that accesses this path on all of the Windows 10 devices on a network to cause them to crash. The havoc caused on the network could delay investigations or prevent administrative controls from detecting an attack on a particular computer. In 2017, a similar attack scenario was used by threat actors during a bank heist on the Far Eastern International Bank (FEIB) in Taiwan. In that attack, the threat actors deployed the Hermes ransomware on the network to delay investigations into the attack. Source: Windows 10 bug crashes your PC when you access this location
  14. Windows 10 build 21292.1010 breaks x64 emulation on ARM PCs As of mid-December, Windows Insiders with ARM64 PCs were able to run x64 apps in emulation, opening up the PCs to the rest of the Windows ecosystem. Yesterday, however, the team released a cumulative update for the latest Dev channel build, and as it turns out, the update breaks the feature, so you might want to skip it. The update in question is KB4601937, and the blog post has been updated to day, "After installing Build 21292.1010 (KB4601937), x64 emulation on ARM PCs will not work. There is an issue with the way the update is installed that breaks this functionality. As a workaround, you can uninstall KB4601937 to get x64 emulation working again on your ARM PC." This cumulative update was introduced as something that includes nothing that's new. According to Microsoft, it only exists to test out the servicing pipeline, meaning that the company just wants to make sure, as it does periodically, that it hasn't broken the ability to ship cumulative updates. But being an update with no features, it would be reasonable to expect that it's low-risk, and that it wouldn't break. The update should be easy enough to roll back, if you're experiencing issues. From Windows Update, go to 'View update history', and select 'Uninstall updates'. Windows 10 build 21292.1010 breaks x64 emulation on ARM PCs
  15. Microsoft fixes Secure Boot bug allowing Windows rootkit installation Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system’s booting process even when Secure Boot is enabled. Secure Boot blocks untrusted operating systems bootloaders on computers with Unified Extensible Firmware Interface (UEFI) firmware and a Trusted Platform Module (TPM) chip to help prevent rootkits from loading during the OS startup process. Rootkits can be used by threat actors to inject malicious code into a computer's UEFI firmware, to replace the operating system's bootloader, to replace parts of the Windows kernel, or camouflage maliciously crafted drivers are legitimate Windows drivers. The security feature bypass flaw, tracked as CVE-2020-0689, has a publicly available exploit code that works during most exploitation attempts which require running a specially crafted application. "An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software," Microsoft explains. Affected Windows versions include multiple Windows 10 releases (from v1607 to v1909), Windows 8.1, Windows Server 2012 R2, and Windows Server 2012. How to install the security update To block untrusted or known vulnerable third-party bootloaders when Secure Boot is toggled on, Windows devices with UEFI firmware use the Secure Boot Forbidden Signature Database (DBX). The KB4535680 security update released by Microsoft as part of the January 2021 Patch Tuesday addresses the vulnerability by blocking known vulnerable third-party UEFI modules (bootloaders) to the DBX. Users have to install this standalone security update in addition to the normal security update to block attacks designed to exploit this Secure Boot vulnerability. If automatic updates are enabled on the computer, the security update will be installed automatically, without user intervention needed. However, on systems where updates need to be installed manually, you will be required to first download KB4535680 for their platform from the Microsoft Update Catalog. Next, you will have to make sure that a specific Servicing Stack Update is installed before deploying the standalone security update (you can find the list here). If you also need to manually install the January 2021 Security Updates, the three updates should be installed in the following order: Servicing Stack Update Standalone Secure Boot Update listed in this CVE January 2021 Security Update On systems where Windows Defender Credential Guard (Virtual Secure Mode) is also enabled, installing the KB4535680 standalone update will require two additional reboots. Microsoft also released guidance for applying Secure Boot DBX updates after the disclosure of the BootHole GRUB bootloader vulnerability in July 2020 which also allows for Secure Boot bypass. The company added at the time that it "plans to push an update to Windows Update to address" the BootHole vulnerability in 2021. Source: Microsoft fixes Secure Boot bug allowing Windows rootkit installation
  16. Cyberpunk 2077 reportedly has a nasty save game corruption bug on PC Big-time crafters beware (Image credit: CD Projekt Red) There’s now evidence that Cyberpunk 2077 on PC is affected by one of the worst kinds of bug – a save game corruption gremlin. As Tom’s Hardware spotted, apparently larger saved games (over 8MB) can be plagued with the possibility of going bad, and this might affect those who really get into the crafting side of Cyberpunk 2077 – seeing as that’s a major cause of the file size becoming larger. This complaint from PC gamers surfaced on CD Projekt Red’s own forums and via Reddit, with one post doing a good bit of digging and comparing, coming to the conclusion that crafting and 8MB+ save game file sizes are to blame. If you get hit by this bug, when trying to load a game, you’ll see an error message instead: “Saved data is damaged and cannot be loaded”. According to some of the reports from affected gamers, once the save game file starts to creep up towards 8MB, you may experience long loading times that involve staring at a black screen for 30 seconds or so. If this is happening, consider it a warning that if your save continues to expand, you may experience a corruption issue (so perhaps lay off on the crafting – although that’s hardly an ideal solution). While the developer is apparently aware of a problem here, according to Tom’s, there has been no official announcement of the bug – although a moderator on the CD Projekt Red forums has offered a bit of advice in terms of backing up saves and repairing the game, although the feedback to the usefulness of those measures is rather negative. Furthermore, you should consider re-enabling any mods you might have been using that you’ve disabled. Apparently this could cause problems with save data, as the moderator states: “Any modification to the game can leave reference data that will corrupt the game’s ability to read the save files unless the modifications are also running.” GOG.com has further acknowledged this issue in a support center troubleshooting post, which advises those affected that: “Unfortunately the save is damaged and can’t be recovered. Please use an older save file to continue playing and try to keep a lower amount of items and crafting materials.” Stadia woes The bug has also been observed on Google Stadia saves as well as with the PC version of Cyberpunk 2077, so streamers, you’ve been warned. Seemingly the console versions aren’t affected, but of course they have their own major issues as we’ve seen. Indeed, the PC version is in far better shape than either the PS4 or Xbox One flavors, generally speaking when it comes to performance and polish, but a save game corruption popping up is a distinct blow on PC to say the least. Whether hotfix 1.05, which just arrived for consoles and is planned to land on the PC soon, will do anything, we shall just have to see, but nothing is mentioned in the patch notes. In the aforementioned support post, GOG.com noted: “The save file size limit might be increased in one of the future patches, but the corrupted files will remain that way.” If nothing is done with version 1.05 on PC, the next patch is due in January – unless the developer decides to release a standalone hotfix of some kind. Whatever the case, this is a nasty bug which really does need to be dealt with sooner rather than later. Cyberpunk 2077 reportedly has a nasty save game corruption bug on PC
  17. This new Windows 10 bug could be bad news for gamers Error code 0x803F8001 (Image credit: Shutterstock) Users of the Xbox Game Bar may have noticed a few issues after a recent update of Windows 10, and it seems the latest bug to plague the Microsoft operating system is crashing the Xbox Game Bar on launch, and even completely blocking some users completely. The error message appearing on screen reads 0x803F8001, and appears to be caused by a server-side change made to Windows 10 on November 5. The bug is a global issue and only affects users with Windows 10 version 1809 or later, so if you utilize the Xbox Game Bar and haven't updated your machine yet, it may be best to hold off until the error is resolved No solution yet At the time of writing, there doesn’t appear to be a fix for the issue, with forums filling with user reports and complaints. It also isn’t apparent what’s actually causing the issue, and no official statement from Microsoft has been made. We’ve contacted Microsoft for a response, but until then, this unfortunately looks to be a case of simply waiting it out. Via Windows Latest This new Windows 10 bug could be bad news for gamers
  18. Microsoft warns Windows 10 update breaks Office updates The Windows 10 update bugs are mounting (Image credit: Shutterstock) Microsoft has warned Windows 10 users that recent updates come with a number of bugs. Reportedly, one of the flaws prevents individuals from updating Office products due to a certificate loss issue. After downloading October 2020 Patch Tuesday updates, some Windows 10 users received an error message reading, “Download of Office 365 file failed, error =” when trying to apply the latest Office updates. Microsoft is yet to reveal a workaround for the problem, meaning individuals must uninstall the faulty Windows update, then update Office and then re-install the Windows patch. Microsoft engineer David James tweeted that the issue seems to be caused by the Windows 10 updates generating a certification failure, which prevents Memcm and Configuration Manager from downloading Office updates. Update denied Unfortunately for Microsoft, the Office update error is not the only issue users have been having with its Windows patches recently. There have also been reports of October Windows 10 patches causing File Explorer issues and even the dreaded Blue Screen of Death. Microsoft has not commented on these system crash issues but did admit that system and user certificates could be lost during the update process. “This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager,” a Microsoft support document explained. “This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.” Microsoft recommends that users install patches for their operating system using the official Windows Update service, rather than any other method in order to reduce the likelihood of any issue cropping up. Via Windows Latest Microsoft warns Windows 10 update breaks Office updates
  19. Microsoft posts a workaround for the 'Reset this PC' bug plaguing some Windows 10 PCs Microsoft offers an in-built solution to reset a Windows 10 PC through the Settings app if users choose to do so due to a corrupt build or issues with the operating system. The tool also gives users the choice to keep their files and only reset the OS settings to factory default. However, the feature might not be working as expected for some users running Windows 10 version 2004. The company today posted a support article acknowledging the issue with the ‘Reset this PC’ feature that causes the tool to fail and prompt an error that reads “There was a problem when resetting your PC. No changes were made". The company also posted a workaround for users who are unable to use the feature and are experiencing the said error. Here is the workaround as shared by Microsoft: Open an elevated command prompt. To do this, click Start, type Command Prompt or cmd in the Search box, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow Type the following command, and then press Enter: dism /online /cleanup-image /restorehealth Reboot your system, and attempt Reset this PC again. The workaround involves using the Deployment Image Servicing and Management (DISM) tool to attempt to fix the issue. However, Microsoft does not mention any timelines on when a permanent fix for the problem is expected. Interestingly, this is not the first time that the problem with the ‘Reset this PC’ feature has been acknowledged. A security update back in February introduced a similar issue and affected Windows 10 versions all the way back to version 1809. The update was then pulled by the company. While today’s documentation only mentions the May 2020 Update, it is not clear if the problem has been fixed for the earlier versions. Source: Microsoft Support via BleepingComputer Microsoft posts a workaround for the 'Reset this PC' bug plaguing some Windows 10 PCs
  20. Another iOS 14 bug resets default app settings for the email and browser apps One of the major new features in iOS 14 is the ability to set third-party apps as the default for the email and browser apps. However, a bug in the OS ended up resetting the app defaults to Apple’s offerings every time the device was restarted. The Cupertino giant issued a fix for the issue with iOS 14.0.1. As it turns out, the problem might persist, this time resetting the defaults every time the user-defined apps are updated via the App Store. Twitter user David Clarke posted a video of the behavior (spotted by The Verge) where an update to the Gmail app results in the default email app switching to Apple Mail. The setting for the default browser app supposedly behaves similarly, resetting any defaults set by users. The problem seems to be present on the latest iOS 14.1 update released yesterday. Considering that the issue has been confirmed to affect both the email and browser defaults, it is less likely that the behavior is caused by the apps itself and not the OS. It is possible that the upcoming iOS 14.2 update contains a fix for the problem, though, the release notes for iOS 14.2 Beta 4 do not contain a mention of the issue. For now, users affected by these problems can turn off automatic updates so as to not have to constantly change the defaults every time the apps are updated. Another iOS 14 bug resets default app settings for the email and browser apps
  21. Microsoft close to fixing Windows 10 website logout bug Windows 10 users have been suffering a strange issue where they are constantly logged out from their web sessions in Chrome when they restart their PC, meaning for example that they keep on having to re-enter their password on Facebook or Twitter. The issue started in May and appears to be related to the May 2020 Update for Windows 10 Not only Chrome is affected, but only Edge and apps such as OneDrive. Microsoft and Google engineers have been attempting to debug the issue, and a few days ago a Google engineer said Microsoft can now reproduce the elusive issue, meaning a fix should be on the way soon. Thanks all for confirming, big relief to get this one solved! I’ve heard back from Microsoft they can repro now, so an official fix should be on the way. via WindowsLatest Microsoft close to fixing Windows 10 website logout bug
  22. Microsoft is working on a fix for 'Error code 6' crash on Microsoft Edge for Mac Microsoft has acknowledged an issue on Microsoft Edge for Mac that is causing the web browser to crash with 'Error code 6'. Earlier this week, users took to Microsoft Answers forum (via Techdows) to report the issue with Edge on macOS Catalina. According to users, Microsoft Edge started crashing after updating to Safari 14. The browser crashes after opening a new tab, settings, and even Edge extensions, with the error, "The page is having a problem. Try coming back to it later”. It also suggests users to refresh the page or open a new tab but none of the workarounds solves the problem. Fortunately, the Microsoft Edge Dev Twitter account has now confirmed that the culprit has been found and they are working on a fix that will roll out to Edge users in all the channels. In the meantime, the Edge Dev team has suggested rebooting Mac as a temporary fix to the problem. Some users have tried reinstalling Microsoft Edge but that does not fix the problem and hence, is not advised. Unfortunately, we don't know what exactly caused the problem but we do expect Microsoft to shed light on the problem once the fix has rolled out to Mac users. Microsoft is working on a fix for 'Error code 6' crash on Microsoft Edge for Mac
  23. Recent Windows 10 version 2004 Patch Tuesday updates are reportedly breaking WSL 2 Microsoft released its regular suite of Patch Tuesday updates to all supported versions of Windows 10, Windows 8.1, and Windows 7 ESU customers yesterday. However, users of Windows Subsystem for Linux 2 (WSL 2) have begun reporting that the updates are causing issues with the environment. The troublesome update seems to be the one released for the May 2020 Update (version 2004), filed under KB4571756. Installing the cumulative update that bumps up the build to 19041.508 supposedly causes WSL2 to not load and display an “Element not found error”. It is not clear how widespread the issue is, and if there are any specific configurations that are causing the issue. Users on GitHub report that the problems began surfacing after installing the update, and that uninstalling the quality update fixed the problem. Interestingly, though users claim to be able to get WSL 2 working post uninstalling KB4571756, the problem with WSL prompting an error has existed since late July and also plagues users when they try to upgrade from WSL 1 to WSL 2. Another thread suggests that the errors are being served in Insider Preview builds, suggesting that the problem is not specific just to current production versions of the OS. It is not clear what exactly causes the issue since it affects multiple versions of the OS. It is also not clear if it was fixed with a previous patch for the production versions that reappeared with the latest round of updates. There are no reports on whether the error is seen on Windows 10 versions 1903 and 1909 since WSL 2 was backported to those versions last month. While the known issues on the KB article does not list the WSL 2 problems, a response on GitHub suggests that the company is working on a fix. For those running production builds that rely on WSL 2, it is best to pause the latest updates from installing. The only workaround for those that are facing issues after the update is to uninstall the cumulative patch by heading to Settings > Update & Security > Windows Update > View update history > Uninstall updates and uninstalling KB4571756.. Source: GitHub via Techdows Recent Windows 10 version 2004 Patch Tuesday updates are reportedly breaking WSL 2
  24. Some Windows Insiders are seeing build expiration warnings If you're on the Windows Insider Program and you're getting a message that the build you're on is about to expire, you're not alone. Due to an oversight, the build expiration date was set to July 31 all the way up until build 20161, which was released on July 1. Two weeks later, build 20170 was released, changing the expiration date to January 31 of next year. Unfortunately, build 20170 has an issue with AMD processors, so if you're like the user linked to above, you're still stuck on build 20161. The good news is that that bug should be resolved, and you should get a new build long before the expiration date. Builds usually arrive on Wednesdays, so assuming that there is one tomorrow, you'll still have nine days before your build expires. There's another group of users that are going to have issues though, and this has to do with how the Windows Insider Program has been restructured. Previously, the Fast and the Slow rings have been on the same development branch. Now, the Dev channel is in a perpetual state of prerelease builds while the Beta channel is tied to a specific release. When switching from the Fast ring to the Slow ring, or switching from the Dev channel to the Beta channel, the process has been the same for a while. You'll stop receiving builds, and you'll get a new update whenever your channel catches up. This worked fine in the Fast and Slow ring days because they were getting similar builds. It's different now, as the Beta channel is on build 19042 and the Dev channel is on 20xxx. In short, if you switched your machine from the Dev channel to the Beta channel before build 20170 came out, your build is going to expire on July 31. Your options are the same as they've always been. You can temporarily switch back to the Dev channel to get a new build, which will expire next January, or you can do a clean installation of Windows 10. You can, of course, wait for an update. To be clear, expired builds won't put your machine in an unusable state like they did years ago. You'll just keep getting warnings about it, and then those warnings will get more frequent. The problem with waiting for an update is that you're going to be waiting for a while. It seems that 21H1 isn't going to be the major update that we were expecting, so if you thought the Beta channel would catch up in September or October, you're probably wrong. Now that the Windows Insider Program has been completely restructured, albeit gradually over the last year and a half, this is a problem that Microsoft is going to have to sort out going forward. Build expiration dates typically changed every six months or so, and the Dev channel switches to the Beta channel yearly at best. Some Windows Insiders are seeing build expiration warnings
  25. Microsoft releases an update to fix the Windows 10 blue screen issue involving Thunderbolt docks Some users running Windows 10 version 2004 (Windows 10 May 2020 Update) on their PCs faced blue screen error when plugging or unplugging a Thunderbolt dock. In May, Intel and Microsoft found the incompatibility issues causing this blue screen error. All Windows 10 PCs with at least one Thunderbolt port, Kernel DMA Protection enabled and Windows Hypervisor Platform disabled were affected by this issue. To protect users from blue screen errors, Microsoft stopped the roll-out of Windows 10 Version 2004 to these users. Microsoft has recently released the new KB4565503 update that fixes this Thunderbolt dock blue screen issue. Since the issue is resolved, the safeguard hold has been removed. If you are running a Windows 10 PC with Thunderbolt dock connected, you can now download the Windows 10 version 2004 update (Windows 10 May 2020 Update) through Windows Update. Microsoft releases an update to fix the Windows 10 blue screen issue involving Thunderbolt docks
×
×
  • Create New...