Attackers are able to bypass the reflective cross-site scripting filter in Internet Explorer; the weakness is accepted by Microsoft as part of its design philosophy for the filter and will not be fixed.
Browsing Category: Microsoft
Microsoft issued an advisory warning of a local privilege escalation zero day in Windows XP being exploited in the wild. Experts, meanwhile, renew their calls to move off XP, which will no longer be supported as of April 2014.
Microsoft is planning to roll out a new encrypted email service on its Office 365 site that will make sending and receiving secure email much simpler.
If Bill Cheswick had his way, the future of computing and computer security would look a lot like the distant past, with trusted platforms, small programs, applications that can’t affect the operating system and resistance to user mistakes.
Microsoft and Google are cooperating in an effort to make it much more difficult for child predators to find illegal images online by blocking search results for about 100,000 search terms. The companies also are collaborating on methods to better identify illegal abuse images and remove them more quickly. Both Microsoft’s Digital Crimes Unit and[...]
The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said that is now recommending to developers that they deprecate RC4 and stop using the SHA-1 hash algorithm.
Microsoft today issued eight bulletins addressing 19 separate vulnerabilities in its Windows operating system, Internet Explorer Web browser, Office, and other products.
Microsoft announced today that a patch for the Internet Explorer zero day vulnerability was already set to be included in tomorrow’s Patch Tuesday updates.
Dennis Fisher and Mike Mimoso talk about the major stories from the last couple of weeks, including the changes to the Microsoft bug bounty program, the new Internet bug bounty, the Apple transparency report and a new paper on a weakness in Bitcoin.
Microsoft said today it will not patch a zero-day vulnerability disclosed this week being used in targeted attacks in the Middle East and Asia.