So it seems like getting rid of Ballmer was the best thing Microsoft has done in years, Satya is definitely pushing them in a much more positive direction with a focus on Azure and open sourcing technology and moves like this OpenSSH on Windows! A real show of support for open source technology and a […]
So yah, it seems like every implementation of TLS is broken and some may say this Microsoft Schannel vulnerabilty is actually worse than Heartbleed. Why is it worse you ask? Because it allows remote code execution, which honestly – is about as bad as it gets. This is a critical update, a really, really critical […]
Now it was only last month when everyone was wrapped up in the MS12-020 RDP Exploit Code In The Wild issue. As it turns out, Microsoft have been hiding some more serious security issues under the carpet. Apparently attackers are already exploiting the MS12-027 flaw in ActiveX in the wild – although Microsoft of course […]
Attack Surface Analyzer is developed by the Security Engineering group, building on the work of our Security Science team. It is the same tool used by Microsoft’s internal product groups to catalogue changes made to operating system attack surface by the installation of new software. Attack Surface Analyzer takes a snapshot of your system state […]
Tags: attack surface, attack surface analyzer, manage attack surface, microsoft, microsoft asa, microsoft attack surface analyzer, microsoft security, risk-management, security audit tool, security management, security-audit, windows, windows-security
Posted in: Countermeasures, Exploits/Vulnerabilities, Security Software, Windows Hacking | Add a Comment
What a massive mother-load of patches Microsoft has unleashed on this month patching more than 34 security vulnerabilities including the fairly high profile vulnerability exploited at the Pwn2Own contest earlier this year in April. Good news as long as all the average Internet users actually use Windows Update and install the latest patches, which somehow […]
Tags: IE, IE-security, internet explorer patch, internet explorer security, internet-explorer, microsoft, microsoft black tuesday, microsoft patch tuesday, microsoft patches, patch-tuesday, pwn2own, pwn2own patch, sans, windows, windows patches, windows-security
Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a Comment
Many users are expecting a patch for the Microsoft IIS Semicolon Bug, but from the recently published bulletin by Microsoft it seems that is highly unlikely during this patch cycle. Microsoft Security Bulletin Advance Notification for January 2010 It seems they will only be pushing out a fairly low priority fix which is rated critical […]
So a pretty serious remote vulnerability has been discovered in Windows 7, as usual Microsoft is downplaying the problem asking you to block the ports on your firewall rather than fixing the issue. I’d imagine the problem would only really be a big issue inside networks as who exposes SMB ports to the outside world […]
Tags: hacking-windows, microsoft, microsoft security, smb exploit, smb flaw, windows, windows 7, windows 7 0day, windows 7 exploit, windows 7 oday, windows 7 security, windows 7 vulnerability, windows vulnerability, windows-exploit, windows-security
Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a Comment
There have been a few stories about Windows 7, even one about Windows 7 UAC before and now it’s officially on sale I’d expect there to be many more. As always malware and mass infections is a numbers game so the bad guys will always target the most popular and prolific operating systems to increase […]
Tags: malware, microsoft, sophos, trojan, uac, user access control, viruses, windows, windows 7, windows 7 malware, windows 7 security, windows 7 uac
Posted in: Countermeasures, Malware, Windows Hacking | Add a Comment
It seems like another fairly critical flaw has been discovered in Microsoft Windows. It’s serious as it allows remote code execution, which basically means if you get hit with it your machine is owned. It seems DirectX 7, 8 and 9 in Windows 2000, XP and Server 2003 are at risk. Windows Vista, Server 2008 […]
Tags: directx exploit, directx vulnerability, hacking directshow, hacking directx, hacking microsoft, hacking quicktime, hacking-windows, malware, microsoft windows, windows, windows vulnerability, windows-exploit, windows-security
Posted in: Exploits/Vulnerabilities, Malware, Windows Hacking | Add a Comment
Microsoft is in the news again, but this time for holding back on something security related. It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too. A lot of Windows networks use ISA (as it used to be called) – in the […]
