Over at the Zero Day blog [zdnet.com], I covered the saga of the one-year-old Windows token kidnapping vulnerability that remains unpatched and is now being exploited in malicious hacker attacks.
Browsing Tag: Microsoft
Microsoft’s batch of security patches for March 2009 has been released released with fixes for 8 vulnerabilities in the Windows operating system.
In all, the Redmond, Wash. software maker shipped three bulletins, one rated “critical,” the company’s highest severity rating. Here are the raw details:
Tech security company Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure.
The authors developed the model by studying the security practices at Google, Microsoft, Adobe, and other tech companies, as well as non-tech companies that write their own software like Wells Fargo, and Depository Trust & Clearing Corp.
According to a Patch Tuesday advance notice from Microsoft, there will be three security bulletins released on March 10, one rated critical.
The other two bulletins are rated “important” and can expose Windows users to spoofing attacks. All supported versions of Windows will be affected by next Tuesday’s releases, including the newer Windows Vista and Windows Server 2008.
On the Microsoft Secure Windows Iniative blog, software engineer Chengyun discusses the default behaviour of ActiveX controls embedded in Office documents. The software giant also provides information on how can an attacker abuse ActiveX and how Office users can change the behavior of ActiveX controls embedded in Office documents.
Microsoft’s research unit is investing resources in a new Web browser that could eventually signal a shift away from the ubiquitous Internet Explorer.
According to a research paper released this week, the project is called Gazelle and is positioned as a secure web browser constructed as a multi-principal operating system.
Reports have been circulating in the last couple of days about an unpatched vulnerability in Microsoft Excel, and the software giant has now confirmed the problem. The flaw allows attackers to run code on remote machines if they can entice a user into opening a malicious Excel file.