Microsoft released a security advisory today warning users of a denial of service vulnerability in its Malware Protection Engine which ships with a number of Microsoft security products.
Browsing Tag: Microsoft
Microsoft’s June 2014 Patch Tuesday security updates patched 66 vulnerabilities, including 59 in a critical Internet Explorer cumulative update.
Microsoft said it will patch a zero-day vulnerability in Internet Explorer in its June 2014 Patch Tuesday security updates.
Microsoft general counsel Brad Smith lays out five areas where the U.S. government needs to make positive strides in reforming surveillance.
HackerOne, has scored a major coup in hiring Katie Moussouris, the driving force behind Microsoft’s bounty program, to oversee its policy and disclosure philosophy and work with customers on the intricacies of vulnerability disclosure.
Microsoft’s new myBulletins service is a dashboard view of Microsoft products in their environment and any related security bulletins and updates. Some are critical of its lack of security advisories and lack of notifications.
UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup[…]
Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP’s Zero[…]
Researchers at Cisco spotted a recent malvertising campaign where victims were redirected by ads on the AppNexus network to sites hosting the Angler Exploit Kit and exploits against Silverlight vulnerabilities.
Microsoft issued advisories informing users they can now disable RC4 in .NET, in addition to additional credential protection for Windows and that it had revoked digital signatures for four UEFI modules.