Mike Mimoso and Dennis Fisher talk about the Windows Schannel vulnerability and whether it’s ripe for mass exploitation, as well as the WireLurker attack and why Apple hasn’t addressed it.
Browsing Tag: Microsoft
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site[…]
The critical vulnerability in the Schannel technology in Windows that Microsoft patched Tuesday is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.
Microsoft patched a zero-day vulnerability in OLE being used in targeted attacks as part of its November 2014 Patch Tuesday security bulletins, one of four critical updates released today.
Microsoft is expected to release 16 bulletins next week, including five rated critical, as part of its November 2014 Patch Tuesday updates.
Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future.
Researchers with Microsoft have spotted a spike in Crowti, a ransomware similar to Cryptolocker that encrypts files on victims’ machines and then asks for payment to unlock them.
The Dyreza Trojan is exploiting the recently disclosed CVE-2014-4114 vulnerability in Windows that was first used by the Sandworm attackers.
Attackers are using a zero day vulnerability in nearly all supported versions of Windows in a series of targeted attacks.
Microsoft, in 2009, silently fixed a FASTFAT driver flaw in Windows 7, leaving the same vulnerability in older Windows versions until it was patched this week.