Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.
Browsing Category: Microsoft
Microsoft has reclassified the Ask Toolbar as unwanted software, which means its security tools will automatically detect and remove all versions, except for the most recent, from Windows computers.
Dennis Fisher and Mike Mimoso discuss the Duqu 2.0 attack and its ramifications, the addition of HSTS support to Windows 7 and 8.1 and the rest of the news of the week.
Microsoft announced it has added HTTP Strict Transport Security (HSTS) to Internet Explorer 11 on Windows 8.1 and Windows 7, in addition to its native inclusion in Microsoft Edge on Windows 10.
Microsoft released two critical bulletins—eight overall—as part of the June 2015 Microsoft Patch Tuesday security updates. One of the critical bulletins patches 24 vulnerabilities in Internet Explorer.
Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted.
After several false starts, Microsoft finally is planning to support SSH in Windows and the company’s engineers also will contribute to the OpenSSH project.
Microsoft security products will begin detecting software containing search protection functions and classifying it as malicious on June 1.
Researchers from Core Security were able to exploit a security vulnerability in Windows’ group policy — MS15-011 — that was patched by Microsoft in February.
Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade 512-bit Diffie-Hellman cryptography. The most serious[…]