Security firms have peeled back the layers on two zero day vulnerabilities that are currently being used in limited, targeted attacks against the Windows Kernel.
Browsing Tag: Microsoft
Microsoft announced that it has extended support for SHA-2 and TLS in supported versions of Windows.
With details of the new POODLE attack on SSLv3 now public, browser vendors are in the process of planning how they’re going to address the issue in their products in a way that doesn’t break the Internet for millions of users but still provides protection.
A cyberespionage team, possibly based in Russia, has been using a Windows zero day vulnerability to target a variety of organizations in several countries, including the United States, Poland, Ukraine and western Europe.
Microsoft published its Patch Tuesday advance notification, advising IT shops to be ready for nine bulletins, including three critical patches.
A weakness in Windows, similar to Shellshock, may put Windows Server deployments at risk to remote code execution.
All versions of an HTML editor used in several Microsoft properties, including ASP.NET, suffer from a high-risk cross-site scripting (XSS) vulnerability.
While bounties have now become commonplace, simply offering one doesn’t guarantee any level of success for a vendor.
Microsoft today launched the Microsoft Online Services Bug Bounty Program which will pay out a minimum of $500 for vulnerabilities found in its cloud services such as Office 365.
Scott Charney, the head of Microsoft’s Trustworthy Computing efforts, said that he was the one who decided it was time to move the TwC group in a new direction and integrate the security functions more deeply into the company as a whole.