Microsoft

Since the beginning of recorded time, security researchers, software vendors and hackers have been issuing security advisories in all kinds of nutty formats. Some feature excellent ASCII art, some have clever inside jokes and some come from Microsoft. Now, there's a effort underway, called the Common Vulnerability Reporting Framework, to standardize the way that vulnerabilities are reported so that they're in a common, machine-readable format.  Read more »

Howard Schmidt, the top White House information security adviser, is retiring after more than two years on the job and several decades in security both in government and private industry. Schmidt is in his second stint as the White House security chief and he's leaving at a time when cybersecurity has moved into the top tier of military and economic concerns for the country. Read more »

It's been more than 10 years now since Microsoft began the initiative that would eventually become Trustworthy Computing, and while the effects it's had inside the company have been well documented, the utility and adoption of the Security Development Lifecycle by outside organizations and customers is less well-known. Several large organizations have adopted the SDL, either in whole or in part, and Microsoft executives say that the effects on these organizations are going to be just as important as they were for Microsoft. Read more »

Microsoft released seven bulletins fixing 23 vulnerabilities in their patch Tuesday announcement today. The Redmond, Wash., software giant rated three of the bulletins as ‘critical,’ all of which could lead to remote code execution, and the remaining four as ‘important.’ Read more »

Two months after exploit code the Microsoft RDP MS12-020 vulnerability made its way into the open before the company released a patch, Microsoft has put the blame for the leak on a Chinese security company, Hangzhou DPTech Technologies. Microsoft said Thursday that it has removed the company from its MAPP information-sharing program. Read more »

Microsoft announced today that they will be shipping three critical and five important bulletins in the May edition of patch Tuesday. Read more »

Many Mac users recently have found themselves stumbling out of the darkness, shielding their eyes from the spotlight that attackers and malware writers are now shining on them. Malware having been a rarity on OS X, it's taking some time to adjust, but while that's happening the attackers are busy honing their game. Microsoft researchers have analyzed a new piece of malware that's targeting  Macs running Snow Leopard and found that the malware uses a multi-stage attack that's similar to typical Windows malware infection routines. Read more »

UPDATE: Microsoft has issued a temporary permanent fix for a previously undisclosed bug in its MSN Hotmail Web email service that could have allowed remote attackers to reset account passwords. Read more »

Old pieces of malware--especially successful ones--don't really die. They typically will just sort of fade into the background as newer attacks come to the fore and grab the headlines. Such is the case for one of the more notorious headline-grabbing pieces of malware of all time: Conficker. Not only has Conficker not disappeared, attacks from the worm have actually started to increase again, according to new data. Read more »

Microsoft issued six patches, four of which were critical in the April 2012 software updates. Read more »