Microsoft is warning users about targeted attacks against a new vulnerability in several versions of Windows and Office that could allow an attacker to take over a user’s machine. The bug, which is not yet patched, is being used as part of targeted attacks with malicious email attachments, mainly in the Middle East and Asia.[...]
Browsing Category: Microsoft
Microsoft is expanding its bug bounty program to open up payments of up to $100,000 to incident response teams and forensics experts who come across active attacks in the wild.
Dennis Fisher talks with Katie Moussouris of Microsoft about her childhood exploits with Commodore 64 programming, ignoring her Barbies, growing up as a hacker, her days as a pen tester and the challenges of working on security at Microsoft.
Microsoft is warning Windows XP users that once the operating system is no longer supported as of next April, their chances of being infected by malware will rise significantly.
Win/32.Upatre compromises host machines through malicious email attachments and, once installed, moves to download different malware from its command and control server.
James Forshaw generally prefers finding bugs in code logic than memory corruption issues, but he admits he was incentivized by Microsoft’s $100,000 mitigation-bypass bounty.
Microsoft released a patch for a second zero-day vulnerability in Internet Explorer yesterday, one that caught administrators off-guard.
Eight bulletins and 28 vulnerabilities, including two Internet Explorer zero days, are addressed by Microsoft’s October Patch Tuesday update.
One day after announcing that it had paid researchers $28,000 for reporting a number of vulnerabilities in Internet Explorer 11, Microsoft revealed that it has written a much bigger check–this one for $100,000–to a researcher who has discovered a new attack technique that bypasses all of the exploit mitigations on the newest version of Windows.
As part of its first-ever bounty program, Microsoft has paid out $28,000 to a small group of researchers who identified and reported vulnerabilities in Internet Explorer 11. The IE 11 bounty program only ran for one month during the summer, but it attracted a number of submissions from well-known researchers.