While Microsoft patched five critical vulnerabilities today, including the GDI+ zero day, experts urge a close look at an “important” patch addressing an ASLR bypass.
Browsing Tag: Microsoft
Microsoft account holders will soon be able to monitor recent log-in activity, generate a recovery code, and better manage security notifications.
Microsoft’s takedown of the ZeroAccess botnet wasn’t a complete success. Experts point out that Microsoft targeted only the money-making aspects of the botnet, and that its communication protocol was untouched.
Microsoft’s crusade against botnets raged on yesterday as the Redmond, Washington-based computer giant and a coalition of law enforcement agencies and Internet security companies disrupted the notorious ZeroAccess botnet.
Microsoft’s advanced notification of its December 2013 Patch Tuesday security updates includes a patch for the TIFF zero day. Microsoft will release 11 bulletins, five of the critical.
Microsoft is taking a number of steps to try and reassure customers about the integrity of the company’s offerings and to greatly expand the use of encryption across its services.
Attackers are able to bypass the reflective cross-site scripting filter in Internet Explorer; the weakness is accepted by Microsoft as part of its design philosophy for the filter and will not be fixed.
VMware released patches yesterday to fix a vulnerability that could have led to a privilege escalation in older Windows systems running in virtual environments.
Microsoft issued an advisory warning of a local privilege escalation zero day in Windows XP being exploited in the wild. Experts, meanwhile, renew their calls to move off XP, which will no longer be supported as of April 2014.
Developers behind the Angler Exploit Kit have added a new exploit over the last week that leverages a vulnerability in Microsoft’s Silverlight framework.