NCC April Microsoft: Customer and User Focused?

April 29, 2022

Bill Gates designed Microsoft to make personal computers more user friendly. While the Microsoft operating system is among the easiest to learn, unfortunately it is also the most hackable. Black hat bad actors adore Microsoft systems, especially when the company releases a new update. Bleeping Computer shares a problem with the newest Windows update: “Microsoft: Windows Domain Controller Restarts Caused By LSASS Crashes.”

The bug occurred in the Local Security Authority Subsystem Service (LSASS). The LSASS crashed, users lost access to their Windows accounts, shown an error message, then the system rebooted. The LSASS crash bug was one of many issues that a Microsoft patch fixed in January 2022:

“Microsoft addressed the LSASS crash issue in out-of-band updates released in mid-January 17 [1, 2] to fix numerous other critical bugs introduced during the January 2022 Patch Tuesday, including Hyper-V no longer starting, L2TP VPN connections failing, and ReFS volumes becoming inaccessible.”

Bad actors discover coding errors in Microsoft systems then exploit them. The bad actors detect many vulnerabilities during updates, then they quickly devise plans to take advantage of users. Threat Post explains a new hacker trick in, “Microsoft Accounts Targeted By Russian-Themed Credential Harvesting.” Russia has threatened cyber attacks with their current war plan, so it did not take long for bad actors to create spam campaigns. The spam email reads:

“Unusual sign-in activity

We detected something unusual about a recent sign-in to the Microsoft account

Sign-in details

Country/region: Russia/Moscow

IP address:

Date: Sat, 26 Feb 2022 02:31:23 +0100

Platform: Kali Linux

Browser: Firefox

A user from Russia/Moscow just logged into your account from a new device, If this wasn’t you, please report the user. If this was you, we’ll trust similar activity in the future.

Report the user

Thanks,

The Microsoft account team”

As with other spam, users are encouraged to click on a link and submit a response. If users respond to the link, they will most likely receive an email asking for login details and payment information.

My thought was that Windows Defender and other Microsoft security services would handle these types of issues. Guess not.

Whitney Grace, April 29, 2022

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta