HackerOne, has scored a major coup in hiring Katie Moussouris, the driving force behind Microsoft’s bounty program, to oversee its policy and disclosure philosophy and work with customers on the intricacies of vulnerability disclosure.
Browsing Tag: Microsoft
Microsoft’s new myBulletins service is a dashboard view of Microsoft products in their environment and any related security bulletins and updates. Some are critical of its lack of security advisories and lack of notifications.
UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup[…]
Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP’s Zero[…]
Researchers at Cisco spotted a recent malvertising campaign where victims were redirected by ads on the AppNexus network to sites hosting the Angler Exploit Kit and exploits against Silverlight vulnerabilities.
Microsoft issued advisories informing users they can now disable RC4 in .NET, in addition to additional credential protection for Windows and that it had revoked digital signatures for four UEFI modules.
Microsoft pushed its largest batch of Patch Tuesday updates so far this year today – eight bulletins, two critical – addressing important 13 issues in Internet Explorer and Sharepoint Server, along with Windows, Office and its .NET Framework.
Microsoft will patch Internet Explorer again one week after an out-of-band patch for a zero-day vulnerability in the browser.
Microsoft’s latest Security Intelligence Report identifies two malware families, Rotbrow and Brantall, previously thought to be benign that have been dropping the Sefnit botnet.
Microsoft released an out-of-band emergency security update for a zero day in Internet Explorer. The patch is available to unsupported Windows XP machines as well.