This can occur when a local user on a Windows 8.1 or Windows 10 computer has access to a network share or local host path and runs a specially crafted application that can access and possibly modify data on the network share or local host path. End users who have access to these shared resources should be aware that this vulnerability exists and take steps to protect themselves from accessing and possibly modifying data on these shared resources. The Windows notification system will report this vulnerability, which can then be used to help identify affected systems. Windows will issue a security advisory detailing this vulnerability in the upcoming release of Windows 10 Redstone. Microsoft is making extensive improvements to the security of the Windows notification system in the upcoming release of Windows 10 Redstone. This update includes an additional validation step before Windows sends out notifications that will help ensure that no malicious applications can be used to send out notifications on behalf of Windows.
What does this update provide?
This update provides the following new capabilities:
- Additional validation step before Windows sends out notifications.
- Inclusion of a system health telemetry package.
- Windows System Health Telemetry is now available in the next release of Windows 10 Redstone.
Microsoft is aware of and investigating an issue with Windows 10 in the upcoming release of Windows 10 Redstone.
As a user of Microsoft products, you should be aware of and take steps to protect yourself from an issue with Windows 10 in the upcoming release of Windows 10 Redstone.
Microsoft is investigating this issue and will provide more information when it becomes available.
Vulnerability overview
A vulnerability was identified in the way that the Windows notification system notifies users of vulnerabilities in the upcoming release of Windows 10 Redstone. This vulnerability could allow a local user on a Windows 8.1 or Windows 10 computer to intercept notifications and possibly modify them, allowing them to take actions as if they were the legitimate owner of the vulnerable computer.
Windows 10 Redstone (April 2018) Security Updates
This update includes improvements to the Windows notification system that will help protect against a common scenario where hackers send out malicious notifications on behalf of Windows. Additional enhancements include:
- An additional validation step before Windows sends out notifications that will help ensure that no malicious applications can be used to send out notifications on behalf of Windows.
- Notifications for apps that have been allowed to use the Windows notification system will now be delivered using HTTPS.
- Improvements in how Microsoft responds to tampering events from unauthorized or malicious applications with access to the Windows notification system, including blocking commands and locking down the affected account.
How Does the Windows Notification System Work?
The Windows notification system is a system that sends notifications to the user when an application has made changes to a file or directory on their computer. These notifications are usually sent from applications such as Microsoft Office and Microsoft Outlook, but can also be sent by any application that makes changes to files on the local disk. This notification system can also send notifications to users about security events such as malware detections, but it’s primarily used to notify users when applications have made changes.
If you want your business to be secure, then you need to ensure that it's protected against cyber attacks. One of the ways for this protection is through cybersecurity training for your employees. While cybersecurity training is helpful, sometimes it may not be enough because some employees may not know how to identify potential threats.
In order to combat this issue, one option is outsourcing cybersecurity training services so your company can keep up with industry-standard practices and get more exposure in terms of exposure options available at a lower cost than would otherwise be possible if they had hired their own trainers.
Timeline
Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/11/2022 19:16:00 UTC