After the dust had started to settle in the wake of the OpenSSL Heartbleed vulnerability earlier this month, one of the common sentiments that emerged was that the small group developing and maintaining the software needed some help. And money. And resources. But mostly money. Now, the OpenSSL Foundation, along with a number of other[…]
Browsing Tag: Microsoft
Microsoft has updated its free Threat Modeling Tool with enhancements to the threat-generation logic, a new drawing surface and the ability to migrate old threat models and definitions.
Microsoft announced it will no longer ship security fixes to users that failed to install the update for Windows 8.1 that was packaged with the April Patch Tuesday release.
As expected, Microsoft issued its final epitaph for Windows XP today, pushing out four security bulletins for 11 vulnerabilities, including the last updates it will address in the oft maligned, thirteen-year-old operating system.
Security researchers who have privately disclosed Windows XP vulnerabilities to Microsoft may never see patches for their bugs with XP’s end of life date at hand. Will there be a rash of public disclosures?
Microsoft confirmed today it will support HTTPS Strict Transport Protocol (HSTS) in Internet Explorer 12, bringing its browser in line with other major vendors in its support of the protocol.
Microsoft has announced it will change the way it classifies adware by beginning to block unwanted and intrusive advertisements from users.
Windows XP will no longer be supported after next week, but how legitimate are concerns that hackers will unleash a malware apocalypse once patches end?
The exploit that attackers are using to target a zero day vulnerability in Microsoft Word relies on a complex series of pieces, including an ASLR bypass, ROP techniques and shellcode with several layers of tools designed to detect and defeat analysis. Microsoft officials said the exploit is being used in targeted attacks right now and[…]
Microsoft issued an advisory today warning of targeted attacks against a zero-day vulnerability in Microsoft Word. The exploits in the wild target Word 2010, but the Office software is vulnerable all the way back to Word 2003.