Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft’s August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security[…]
Browsing Category: Microsoft
Old malware tricks never really die, they just get recycled and passed down to the next generation of attackers. The latest technique to get run through the wayback machine is the use of the right-to-left override character in Unicode, a tactic that enables malware authors to hide the real name of a malicious executable or, in a recent case, a registry key.
Microsoft has re-released one of the August security patches for Windows Server 2008 in order to fix a regression issue that would cause some servers to stop working. The MS13-066 patch was released again Monday after Microsoft discovered the problem last week.
Microsoft has pulled back MS13-061, a critical patch released yesterday for Exchange Server 2013 because it breaks indexing on the messaging server.
Buried in the details of the Microsoft Patch Tuesday release for August is the explanation of an important change that the company made to Windows that defeats a group of exploit mitigation bypasses. The change is a small one, but it prevents dangerous attacks that previously worked on most supported version of Windows.
Microsoft’s August 2013 Patch Tuesday security updates includes patches for critical remote code execution vulnerabilities in a number of products.
In what has become a familiar scenario over the last couple of years, attackers have compromised a key Tibetan web site and loaded it with code that redirects some users to a third-party site that installs an APT-style backdoor. The attack has hit the Web site of the Central Tibetan Administration, a site belonging to[…]
Microsoft will ship three critical bulletins among its August 2013 Patch Tuesday security updates, including patches for critical, remotely exploitable vulnerabilities in IE, Exchange Server and Windows.
Microsoft issued an advisory warning of a weakness in the PEAP authentication protocol for Windows Phone 8.
Microsoft is expanding its MAPP program that shares attack and protection information with other security vendors and will now be sharing some data with incident responders, as well. The new system will enable organizations such as CERTs and internal IR teams to exchange information on specific attacks and general threats.