Yang Yu’s submission to the Microsoft bug bounty program completely elude ASLR and DEP mitigations built into Windows, earning him $100,000.
Browsing Tag: Microsoft
Researcher Yang Yu was awarded $100,000 from Microsoft for writing three mitigation bypass variants as part of the company’s bounty program. Yu is the second $100,000 winner since the bounty program was launched last June.
A new campaign, dubbed Operation SnowMan, was been spotted leveraging a previously unknown zero-day in Internet Explorer 10 after the U.S. Veterans of Foreign Wars’ website was compromised this week.
Microsoft’s February 2014 Patch Tuesday security bulletins included the addition of two critical bulletins, including the first cumulative patches of the year for Internet Explorer.
The Microsoft bug bounty program has been a success so far and the company is looking for new ways to expand it in the future.
Microsoft will release two critical bulletins next week as part of the February Patch Tuesday updates, as well as an update that will deprecate use of the MD5 hash.
Contestants at Pwn2Own will be chasing a $150,000 grand prize for a mitigation bypass against Microsoft EMET.
Just like it’s done time and time before, the Syrian Electronic Army (SEA) broke into yet another media outlet late last week, hacking a handful of social media accounts belonging to CNN, including seven Twitter accounts and two Facebook accounts.
A cross-site scripting vulnerability in Microsoft Office 365 casts attention on the need to shore up the security of cloud-based enterprise applications.
Microsoft will continue to support the antimalware engine that protects Windows XP until July 2015, despite the operating system’s expected end-of-life in April.