Microsoft News, Articles and Updates

Patch Tuesday: Microsoft patches Remote Desktop Protocol exploit

This month's Microsoft patch Tuesday included more than 70 patches 15 of which were marked as critical and one that could exploit authentication in Microsoft Remote Desktop Protocol.

Microsoft partners with MK college to plan Institute of Tech Bletchley Park

On Wednesday 7 March Milton Keynes College in partnership with Microsoft held a bid event for the creation of the Institute of Digital Technology at Bletchley Park, home of the World War Two Codebreakers.

MS Word feature can be exploited to display videos that mine cryptocurrency

Malicious actors can abuse Microsoft Word's Online Video feature to deliver videos that secretly exhaust their viewers' computer processing power in order to mine cryptocurrencies, according to Israeli cyber-security firm Votiro.

Google divulges vulnerability in Microsoft Edge before patch is ready

Microsoft misses Project Zero disclosure deadline. Security researchers at Google's Project Zero have publicised a flaw in Microsoft Edge before a patch has been readied.

Reported vulnerabilities in Microsoft products more than doubled since 2013

The total number of reported vulnerabilities in Microsoft's software products, including those in the new Windows 10 operating system, rose over two-fold in the last four years and critical vulnerabilities rose by 60 percent.

Microsoft Patch Tuesday: Nearly 50 patches, most for privilege escalation

Microsoft patched nearly 50 vulnerabilities this month, including patches for an Adobe Flash Player zero-day vulnerability that was announced earlier this month.

Windows Installer service hacked to infect victims' systems with malware

Cyber-criminals are using a malware spam campaign to exploit a remote code execution vulnerability in Microsoft Office to download and execute malicious scripts on victims' systems.

New and old Windows vulnerabilities top Alienvault list

Adobe's Flash Player may gain a lot of negative headlines, but when it comes to the most frequented targeted software Microsoft Office and Windows beat out the much maligned Adobe software.

'Locky' ransomware exploits Windows DDE weakness

Microsoft has said it will continue to support and not remove DDE as an Office document feature despite its acting as a highly effective exploit method for cyber-criminals.

Microsoft halts Spectre/Meltdown patch roll out after AMD BSoD issues

Microsoft is having a different type of Patch Tuesday, instead of simply pushing out security updates the company is dealing with several new issues surrounding the patches it released last week to mitigate Spectre/Meltdown issues.

Microsoft bug CVE-2017-11882 exploited to deliver Loki information stealer

Attackers continue to exploit a recently patched remote code execution vulnerability in the Microsoft Equation Editor component of Microsoft Office, using the bug to deliver a modified version of Loki information-stealing malware.

Loki Bot expands from Excel spreadsheet to attack other office applications

Security researchers have discovered a new attack vector launched through Microsoft Excel spreadsheets, and the Loki Bot has just recently expanded into other Office applications.

Microsoft launches privilege escalation attack on itself with Office 365

A flaw in the way Microsoft Azure Active Directory (AD) Connect configures the AD synchronisation account in Office 365 hybrid installations, creates stealthy admins in the user group by default.

EC amicus brief in Microsoft Irish server case to define SCOTUS data laws

The European Commission has said it will file an amicus brief with the US Supreme Court in the US versus Microsoft case on behalf of the European Union (EU).

Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber-espionage operation that targeted a Middle Eastern government organisation.

Researchers dissect open-source ransomware programs Bugware and Vortex

Researchers from Zscaler's ThreatLabZ division on Friday released an analysis report on two relatively new open-source ransomware programs, Bugware and Vortex, after tracking recent spam campaigns pushing the strains.

Cisco patches multiple vulnerabilities in WebEx platforms

Cisco released patches for multiple vulnerabilities in its WebEx Recording Format and Advanced Recoding Format Players to address vulnerabilities.

Cobalt malware leverages recently patched 17-year-old Microsoft flaw

Cobalt malware was documented exploiting the 17-year-old CVE-2017-11882 vulnerability via spam just a few days after researchers noted a similar spam campaign exploiting an RTF documents.

Microsoft Patch Tuesday: 20 critical issues addressed

Microsoft's November Patch Tuesday rollout included patches 53 flaws, 20 rated critical, spread across a variety of products, including Edge, Internet Explorer, Windows and Office.

Microsoft adds ransomware defence with new Windows update

Microsoft is claiming that the latest version of Windows 10, the Fall Creator's Update, is the most secure version of the operating system yet released.

Update: Microsoft 2013 secret vulnerabilities database breach - long tail

In 2013 Microsoft discovered that hackers had breached the secret internal database it uses to track vulnerabilities, it then quietly upped its security, segmenting the database from its network and compelling two-factor authentication.

Patch Tuesday Microsoft: 62 vulnerabilities, 28 critical, 1 in the wild

Microsoft's October Patch Tuesday release covered a wide spectrum of problems with the majority possibly resulting in remote code execution (RCE) and CVE-2017-11826 being publicly disclosed and actively exploited.

Microsoft Patch Tuesday: 21 critical updates listed, one zero day fixed

Patch Tuesday security updates includes a fix for a zero-day flaw found in the wild and used to target Russian speakers along with the details on the BlueBorne vulnerability that potentially impacts five billion Bluetooth devices.

Flaw in Windows kernel hinders identification of potentially dangerous files

A programming error in the Microsoft Windows kernel might inhibit security software vendors and kernel developers from properly identifying modules loaded during runtime.

Update: Free translation service denies report that it had a breach

It has been reported that a free online translation tool which uses machine translation service Microsoft Translator, has suffered a major data breach, but the company has denied that it is a breach.

Malicious PowerPoint slide show files deliver REMCOS RAT

Malware distributors are now maliciously crafting PowerPoint Open XML Slide Show (PPSX) files to take advantage of a Microsoft Office vulnerability.

Microsoft Patch Tuesday addresses nearly 50 flaws

Microsoft had a busy month patching flaws with nearly 50 security issues fixed, many of which have a severity rating of critical" or "important" with remote code execution vulnerabilities.

Microsoft patches memory corruption & info disclosure vulnerabilities

Microsoft has patched a memory corruption vulnerability and an information disclosure vulnerability in Microsoft Office Outlook.

Windows 10 source code leaks online - centred on WiFi & storage devices

Microsoft confirms leak, raises security concerns that a range of new attacks created around USB storage devices and new man-in-the-middle techniques could arise