Browsing Category: Microsoft

Categories: Microsoft, Vulnerabilities

Microsoft released its monthly security updates today and put special urgency on a cumulative security update for Internet Explorer 9. Critical vulnerabilities were found in the way the browser handles objects in memory which could lead to an attacker remotely executing code. Victims would have to land on a website hosting an exploit, Microsoft said. The company said there are no public exploits for this vulnerability.

Read more...

Categories: Microsoft

Windows 8 isn’t yet a week old, but the scammers and phishing crews already are taking their swings at it, setting up new campaigns based on the shiny new operating system. Security researchers have identified a new scareware campaign playing off of the Windows 8 launch, as well as a phishing email trying the same tack.

Read more...

Categories: Microsoft

Today’s release of the Microsoft Windows 8 operating system brings embedded hardware-level security to the forefront. Microsoft, going forward, will require the Trusted Platform Module (TPM) chip on Windows PCs, phones and tablets, moving security checks to the platoform’s lowest level. TPM isn’t new, but security experts hope this move by Microsoft lays the foundation for future security mechanisms built on top of TPM that deter today’s most sophisticated boot-level incursions.

Read more...

Categories: Microsoft

When Microsoft went after the Nitol botnet in September, one of the key details in the investigation was the fact that much of the botnet was built by pre-loading malware onto laptops during the manufacturing process in China. This was the clearest case yet of the phenomenon of certified pre-owned devices making their way through the supply chain and into the market. As it turns out, nearly half a million of those infected machines showed up here in the U.S.

Read more...

Categories: Microsoft

Microsoft on Friday said it has reached a settlement with a Russian programmer it named as a defendant in a lawsuit related to the operation of the notorious Kelihos botnet. The company said that it no longer believes Andrey N. Sabelnikov was the operator of the botnet, but was instead responsible for writing some code that was later used by the botnet.

Read more...

Categories: Microsoft, Vulnerabilities

Microsoft rolled out seven security updates today, including a fix for a critical remotely exploitable Word vulnerability. In all, 20 vulnerabilities were repaired by Microsoft, which also issued an advisory regarding poorly generated digital certificates that have to be replaced and the distribution of an automated mechanism that will check for certificate key lengths and revoke any shorter than 1024 bits.

Read more...