Microsoft last Friday said it was looking into a long-known vulnerability in Internet Explorer (IE) that could be used to access users’ data and Web-based accounts.
The bug can allow hackers to hijack Web mail accounts, steal data, and send illicit tweets, said Google security engineer Chris Evans in a message posted on the Full Disclosure mailing list.
Microsoft released this week an upgrade to a tool that helps secure applications for the Internet without having to recode them.
Posted by CmdrTaco | Posted in Microsoft, News | Posted on 01-09-2010
An anonymous reader writes “You would think that shutting down software could be fairly simple from an end user’s view. If I ask you to shut it down, would you mind shutting it actually down, please? well, it’s a bit more complicated than that, because you need to ask the user if they really want to shut down and if unsaved documents should be saved. And that warrants a patent that, also covers Mac OS X. Next time you shut down Windows, remember how complicated it is for Windows to shut down. Perhaps that is the reason why this procedure can take minutes in some cases.”
Read more of this story at Slashdot.
Microsoft on Tuesday again abstained from naming which of its Windows programs, if any, contain bugs that could lead to widespread “DLL load hijacking” attacks.
Also on Tuesday, the company published an automated tool to make it easier for users to block attacks exploiting vulnerabilities in a host of Windows applications.
Posted by timothy | Posted in Microsoft, News | Posted on 29-08-2010
An anonymous reader writes “The H Online writes: ‘Microsoft has placed its process for secure software development under a Creative Commons License. The company hopes that this will lead to more developers utilising its process for programming software more securely across the entire product lifecycle …’”
Read more of this story at Slashdot.
A new version of the malware that crippled Windows PCs last February sidesteps safeguards designed to block rootkits from hijacking machines running 64-bit editions of Windows, researchers said Thursday.
“A new era has officially dawned; the era of x64 rootkits,” said Prevx researcher Marco Giuliani in a post to the company’s blog yesterday.
Sun is the king of unpatched software vulnerabilities followed closely by Microsoft and Mozilla, according to the mid-year security report by IBM’s X-Force.
Microsoft has told a researcher that it won’t patch a problem that has left scores of Windows applications open to attack.
According to a growing number of reports, crucial Windows functionality has been misused by countless developers, including Microsoft’s, leaving a large number of Windows programs vulnerable to attack because of the way they load components.
An unpatched problem with Windows applications is much worse than first thought, with hundreds of programs, not just 40, vulnerable to attack, a Slovenian security company said today.
“It was a shocking surprise,” said Mitja Kolsek, CEO of Acros Security. “It appears that most every Windows application has this vulnerability.”
Posted by Soulskill | Posted in Microsoft, News | Posted on 13-08-2010
An anonymous reader writes “Though Microsoft had initially made a commitment to create versions of dynamic languages that are customized for .NET, recent reports make it clear that the company may be stepping back from this plan. Much early speculation on this change in focus comes from Jim Schementi, previously the program manager in charge of Microsoft’s implementation of the Ruby software known as IronRuby. Schementi reports on his blog that the team dedicated to working on IronRuby has decreased to one employee. According to Schementi, his departure from the company came as Microsoft began to display a ‘serious lack of commitment’ to any .NETized dynamic languages, including IronRuby.”
Read more of this story at Slashdot.
Microsoft warned customers this week that a record number of just-patched bugs will probably be exploited in the next 30 days.
People still running the now-retired Windows XP Service Pack 2 (SP2) can trick the operating system into installing security updates, a researcher said Monday.
Microsoft said it is investigating an unpatched vulnerability in Windows after an Israeli researcher revealed a bug in the operating system’s kernel driver.
According to Gil Dabah, a researcher from Tel Aviv who goes by the nickname “arkon,” the Windows’ kernel harbors a heap overflow vulnerability. Dabah also posted a short proof-of-concept to demonstrate the bug on RageStorm.com, a site he and two others run.
Posted by CmdrTaco | Posted in Microsoft, News | Posted on 02-08-2010
harrymcc writes “For decades, the simple little games that come with operating systems have been some of the most-used software on the planet. Legendary geeks such as Bill Gates, Steve Wozniak, and Andy Herzfeld have tried their hands at writing them. And yet they get no respect — or, actually, attention of any kind. Technologizer’s Benj Edwards aimed to rectify that with a look at forty years’ worth of bundled OS games, from 1971 Unix text-based ones to Woz’s Little Brick Out to such Windows mainstays as Solitaire, Minesweeper, and Reversi.” Article is an annoyingly long slide show (would it kill people to put a reasonable amount of content on pages?) but there’s some fun stuff in there.
Read more of this story at Slashdot.
Posted by Soulskill | Posted in Microsoft, News | Posted on 31-07-2010
Trailrunner7 writes “Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn’t identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for several weeks now, most notably with the Stuxnet malware. The advance notification from Microsoft on Friday said that the company is patching a critical vulnerability that is being actively exploited in the wild and affects all supported Windows platforms. The LNK flaw in the Windows shell was first identified earlier this month when researchers discovered the Stuxnet worm spreading from infected USB drives to PCs. Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer.”
Read more of this story at Slashdot.
Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, August 2.
The company said it is satisfied with the quality of the “out-of-band” update — Microsoft’s term for a patch that falls outside the usual monthly delivery schedule — but also acknowledged that it has tracked an upswing in attacks.
Even Microsoft can’t move software makers to patch their products.
According to data released Wednesday by the company, third-party developers patched just 45 percent of the vulnerabilities that Microsoft’s security team reported to them during the 12 months from July 2009 to June 2010.
Adobe Systems and Microsoft are now working together to give security companies a direct line into their bug-fixing efforts.
The German security company G Data released a tool on Tuesday that blocks attacks using Microsoft’s shortcut vulnerability but also preserves shortcut icons unlike the hotfix released recently by Microsoft.
