Patch Tuesday provides Windows IT shops with a cadence to their patch management efforts, but evolving threats and internal changes at Microsoft raise questions about its long-term viability.
Browsing Category: Microsoft
Three HP ZDI researchers won a $125,000 bounty from Microsoft for successful attacks against memory protections introduced last summer into Internet Explorer.
Microsoft is aware of a recently disclosed bug in its latest browser, Internet Explorer 11, and is actively developing a patch for the issue.
Microsoft publishes a framework and guidelines on how to effectively set up and operate threat information sharing exchanges in hopes that organizations will actually share data.
Microsoft confirmed this week that despite 2000 Mojang user credentials leaking online, the gaming firm has not been hacked.
A researcher has developed a bypass for Microsoft’s latest memory corruption mitigations in Internet Explorer, Heap Isolation and Delay Free.
Dennis Fisher and Mike Mimoso discuss the security news of the past week, including the proposed changes to the CFAA, David Cameron’s encryption comments, the NSA’s quasi-apology regarding Dual EC and the Microsoft-Google disclosure feud.
Google Project Zero has disclosed a pair of unpatched Windows vulnerabilities after the expiration of its 90-day deadline. Microsoft said it will patch one bug in February, and both sides agree the second does not merit a security bulletin.
In a new article in an academic math journal, the NSA’s former director of research says that the agency’s decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a “regrettable” choice. Michael Wertheimer, the former director of researcher at[…]
Microsoft issued eight Patch Tuesday security bulletins, including a fix for a vulnerability disclosed by Google and another under active attack.