Microsoft Windows intelligent digital assistant, Cortana enabled the execution of arbitrary commands with elevated privileges on a locked machine - so turn off the Cortana interaction from the lock screen, unless absolutely necessary
Microsoft's June 2018 Patch Tuesday cumulative rollout for Windows 10 contains a mitigation for the fourth Spectre variant known as Speculative Store Bypass (CVE-2018-3639).
Microsoft has announced a £5.6 billion deal to acquire software development platform GitHub, arguably the most visible open source resource online.
A newly discovered banking malware that's been actively targeting Brazilians behaves as a remote access trojan (RAT) and uses a Microsoft SQL Server database server as an unconventional command-and-control infrastructure.
A privilege escalation vulnerability patched last week in Microsoft Windows and an Adobe Reader remote code execution bug fixed in a product update were both jointly targeted by a PDF-based zero-day exploit.
Microsoft Corporation's Patch Tuesday security update yesterday fixed 67 bugs, including two that have been actively exploited in zero-day attacks, and another two whose details became public.
Microsoft's Office 365 has been found vulnerable to attack methodology that enables malicious links to sneak past most of the product's cyber-security defences by splitting off the dangerous part of the link to it is not spotted.
Last week Microsoft Corporation updated its Windows Host Compute Service Shim (hcsshim) library to correct a critical remote code execution bug caused by improper input validation when importing a container image.
In November last year, six months after the WannaCry ransomware attack took place, the NHS entered into a landmark Custom Support Agreement with Microsoft.
Microsoft has released two updates as part of the company's on-going effort to secure devices running Intel processors from the Spectre vulnerability.
Possibly the second most ambitious crossover in history after Infinity War. Thirty eight companies have signed an accord to develop long-term, wide-reaching cyber-security akin to a "Digital Geneva Convention."
Microsoft has rolled out a series of new tools to protect its Office 365 Home and 365 Personal customers from a variety of cyber-threats, including ransomware.
Microsoft Corporation on Tuesday announced an emergency patch for a memory corruption vulnerability in its Microsoft Malware Protection Engine (MMPE) that remote attackers can exploit to execute arbitrary code.
Hackers more likely to use cryptocurrency mining malware than an exploit kit, report says. Malware campaigns have shifted focus onto Microsoft and cryptocurrency mining rather than using flaws in Adobe Flash and exploit kits.
Microsoft has just patched a vulnerability in the primary tool the company uses to help provide remote assistance to its users, but until all devices are updated there is still some danger.
Microsoft has kicked off a bug bounty programme that could bring in between US$ 25,000 and US$ 250,000 (£17,800 to £178,000) to anyone able to find vulnerabilities similar to the now infamous Spectre and Meltdown.
Independent researchers collected £190,000 in bug purchases this week at the annual Pwn2Own contest at CanSecWest in Vancouver.
This month's Microsoft patch Tuesday included more than 70 patches 15 of which were marked as critical and one that could exploit authentication in Microsoft Remote Desktop Protocol.
On Wednesday 7 March Milton Keynes College in partnership with Microsoft held a bid event for the creation of the Institute of Digital Technology at Bletchley Park, home of the World War Two Codebreakers.
Malicious actors can abuse Microsoft Word's Online Video feature to deliver videos that secretly exhaust their viewers' computer processing power in order to mine cryptocurrencies, according to Israeli cyber-security firm Votiro.
Microsoft misses Project Zero disclosure deadline. Security researchers at Google's Project Zero have publicised a flaw in Microsoft Edge before a patch has been readied.
The total number of reported vulnerabilities in Microsoft's software products, including those in the new Windows 10 operating system, rose over two-fold in the last four years and critical vulnerabilities rose by 60 percent.
Microsoft patched nearly 50 vulnerabilities this month, including patches for an Adobe Flash Player zero-day vulnerability that was announced earlier this month.
Cyber-criminals are using a malware spam campaign to exploit a remote code execution vulnerability in Microsoft Office to download and execute malicious scripts on victims' systems.
Adobe's Flash Player may gain a lot of negative headlines, but when it comes to the most frequented targeted software Microsoft Office and Windows beat out the much maligned Adobe software.
Microsoft has said it will continue to support and not remove DDE as an Office document feature despite its acting as a highly effective exploit method for cyber-criminals.
Microsoft is having a different type of Patch Tuesday, instead of simply pushing out security updates the company is dealing with several new issues surrounding the patches it released last week to mitigate Spectre/Meltdown issues.
Attackers continue to exploit a recently patched remote code execution vulnerability in the Microsoft Equation Editor component of Microsoft Office, using the bug to deliver a modified version of Loki information-stealing malware.
Security researchers have discovered a new attack vector launched through Microsoft Excel spreadsheets, and the Loki Bot has just recently expanded into other Office applications.
A flaw in the way Microsoft Azure Active Directory (AD) Connect configures the AD synchronisation account in Office 365 hybrid installations, creates stealthy admins in the user group by default.