Microsoft later this month will release a new version of its EMET protection tool, and this iteration will include a certificate pinning feature that will enable users to associate a specific certificate with a given certificate authority. The feature is designed a defense against man-in-the-middle attacks that use forged certificates to redirect users or intercept protected traffic.
Browsing Category: Microsoft
Microsoft released a Fix It temporary mitigation for a zero-day vulnerability in Internet Explorer 8 that was used in a watering hole attack against the U.S. Department of Labor’s website.
Four months after he was arrested in Thailand, a man suspected of being one of those running the SpyEye botnet appeared in court late last week in Atlanta to answer charges that he was part of the crew using the malware to steal millions of dollars from victims worldwide. Hamza Bendelladj was indicted in late 2011[…]
Microsoft has released a new version of the MS13-036 patch that was causing some customers’ machines to crash. The company had recommended in the days after the original fix was first released that customers uninstall the MS13-036 patch while Microsoft investigated the cause of the problems.
Microsoft is ready to officially declare network worms passé for the enterprise. In its latest Security Intelligence Report, released Wednesday, Microsoft said that risks posed by Web-based threats to large, distributed network environments have surpassed malware such as Conficker. The report is based on data collected from more than one billion endpoints in more than[…]
Microsoft announced last night that it has stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue screen. Microsoft recommends users uninstall the patch, which is also causing compatibility with some endpoint security software.
Microsoft reportedly will implement two-factor authentication on users’ accounts at some point down the line, according to reports this week.
UPDATE – In an unexpected turn, Microsoft’s monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago.The popular hacker contest attracted researchers from all over who were targeting all the major browsers, as well as third-party software such as Flash and Java.
Appropriately enough for the start of the baseball season, Microsoft is going to go 4-for-4 and release another set of critical Internet Explorer patches on Tuesday, the fourth consecutive month in which serious vulnerabilities in the browser are being addressed in Microsoft’s Patch Tuesday monthly security updates.
Microsoft said it has received 70,000 reports this week of a new Trojan disguised as an Adobe Flash Player update that will change your browser’s home page and redirect a Web session to an attacker’s page.