With less than three full months gone in 2013, Facebook, Apple and Microsoft all have admitted publicly to serious security breaches, something that would have seemed like an elaborate practical joke just a couple of years ago. But the times and the climate have changed, and if you needed more evidence of these facts, it arrived last week in the form of the first Microsoft Transparency Report.
Browsing Category: Microsoft
Microsoft received more than 11,000 requests for user information or content data from law enforcement agencies in the United States last year and supplied some user content in more than 1,500 of those cases. Overall, the company received more than 70,000 requests from law enforcement agencies worldwide and gave up some user content in 2.2 percent of those cases.
The Ramnit malware family has been given a facelift with new anti-detection capabilities, a troubleshooting module, as well as enhanced encryption and malicious payloads.
For the second month in a row, Microsoft has released a cumulative update for Internet Explorer, patching a number of critical remote code execution vulnerabilities in the browser, including one previously disclosed. It also patched a serious kernel mode driver vulnerability that could enable attackers to gain root access to a machine using a malicious USB drive, a la Stuxnet.
Software giant Microsoft plans to ship seven bulletins in the March 2013 edition of Patch Tuesday. Four of the bulletins are receiving high-severity, critical ratings.Three of the four critically rated bulletins that affect Microsoft Windows, Internet Explorer, Silverlight, Office, and Server Software could lead to remote code execution while the final critically rated bulletin could allow for privilege elevations.
Various news outlets reported late Friday that Microsoft’s public cloud storage service suffered a global outage due to a lapsed security certificate.Beginning around 4 p.m. EST, developers and other Azure customers began being blocked from accessing files.
Internet Explorer continues to dominate Microsoft’s 2013 security updates. Among the 12 bulletins and 57 vulnerabilities patched in today’s release was a cumulative update for the maligned browser and another fix for a bug being exploited in the wild.Last month, an out-of-band fix for IE 6-8 patched zero-day flaws being exploited in a series of watering hole attacks against government, telecommunications, manufacturing and human rights sites.
Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions’ relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy.The results aren’t so surprising; areas such as Europe with well-defined, long-standing and enforceable policies rate much better than less developed nations where crime per capita is higher, there’s less broadband penetration and a higher rate of piracy.
Microsoft announced yesterday it will ship 12 bulletins addressing 57 vulnerabilities in the February 2013 Patch Tuesday release of security updates. Five of the updates, which Microsoft will release Tuesday, received “critical” ratings while the remaining seven are considered “important.”
Internet Explorer users, exposed to a zero-day vulnerability in the browser and a faulty temporary Fix It from Microsoft, finally got some relief today when the company, as promised, released an out-of-band patch.Meanwhile, a handful of new telco, manufacturing and human rights sites have been infected and have been serving exploits since the public release of the zero-day, a researcher told Threatpost.