Tag: microsoft
-
Out-of-band patch released for all Windows versions
Kerberos bug means one set of credentials suffices to rule them all. If you are a Windows systems administrator, the content of this blog post will (hopefully) not come as a surprise. If it does, you should finish reading it quickly and make some time to apply the out-of-band patch MS14-068 to all Windows systems…
-
VB2014 paper: DMARC – how to use it to improve your email reputation
Terry Zink presents case study in which he describes setting a DMARC policy for Microsoft. Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘DMARC – how to use it to improve your email reputation’, by Microsoft’s Terry Zink. Email…
-
Windows Error Reporting used to discover new attacks
No excuse for sending error reports in cleartext. All happy programs are the same. But each unhappy program crashes in its own way. In a report published yesterday, security firm Websense has shown how Windows Error Reporting can be used to detect hitherto unknown attacks. Windows Error Reporting was introduced by Microsoft with Windows XP…
-
VirusTotal support integrated into new version of Process Explorer
Sysadmins can check hashes of processes against file-checking service database. Microsoft and Google are known for their fierce competition, but when it comes to security, the tech giants are eager to put that aside. Hence as of this week, Google ‘s VirusTotal has been integrated into Microsoft ‘s Process Explorer . The planned integration was…
-
Privilege escalation vulnerability targets Windows XP and Server 2003
Vulnerability being used in the wild in combination with exploit of patched Adobe Reader vulnerability. Researchers at FireEye have discovered a new privilege escalation vulnerability affecting Windows XP and Windows Server 2003 that is being used in the wild. For those US-based system administrators who were hoping to spend the Thanksgiving weekend away from their…
-
Good and bad news for victims of targeted attacks against Microsoft products
Bug bounty program extended; TIFF zero-day used in the wild. This week, Microsoft has good news and bad news for those targeted by zero-day exploits in its products. The bad news is that a new zero-day exploit has been discovered in a graphics library that is used by Office 2010 . To exploit the vulnerability,…
-
Microsoft releases advisory offering workarounds for IE vulnerability
German government advises users to use alternative browser. Microsoft has released a security advisory to address the zero-day vulnerability in its Internet Explorer browser that we wrote about yesterday . Among the advised actions to mitigate the vulnerability are the deployment of a mitigation toolkit and turning off active scripting for all but trusted websites.…
-
Microsoft to publish security bulletins in CVRF format
Standard will streamline process of reviewing patches. Software giant Microsoft has announced that it has started to publish its monthly security bulletins in the CVRF format. CVRF, or Common Vulnerability Reporting Framework, is a standard developed by the Industry Consortium for Advancement of Security on the Internet (ICASI), which was founded in 2008 to address…
-
Hefty Patch Tuesday bulletin rounds off bumper year
No sign of an end to vulnerability glut. Microsoft released its monthly Patch Tuesday security bulletin yesterday, with details of a hefty 17 alerts covering 40 separate vulnerabilities. Although only two of this month’s haul were marked as ‘Critical’, many others could be used to launch malicious attacks on vulnerable systems. The Critical alerts included…