Microsoft issued an advisory that its Schannel implementation of SSL is vulnerable to FREAK downgrade attacks.
Browsing Category: Microsoft
Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsoft’s Internet Explorer browser.
Europol and several private technology companies announced the overnight takedown of the command and control infrastructure supporting the Ramnit botnet.
At the Security Analyst Summit, Katie Moussouris encouraged enterprises to build bug bounty programs that feed a software development lifecycle.
Google announced that it was adding a 14-day grace period to its 90-day vulnerability disclosure deadline if the affected vendor says it will have a patch ready inside the extension.
Dennis Fisher and Mike Mimoso discuss Patch Tuesday, the Facebook ThreatExchange platform, Mozilla’s extension signing plan, plus questions from readers!
Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft.
Details were released on two Microsoft Group Policy vulnerabilities affecting all Windows machines going back to Windows Server 2003. The flaws were addressed in separate Patch Tuesday security bulletins.
Microsoft released its February 2015 Patch Tuesday security bulletins, including a massive update for Internet Explorer and a patch for a Windows zero day disclosed by Google.
Patch Tuesday provides Windows IT shops with a cadence to their patch management efforts, but evolving threats and internal changes at Microsoft raise questions about its long-term viability.