A vulnerability in the Microsoft JET database engine is still open to attacks, even after Microsoft shipped an update earlier this week during the October 2018 Patch Tuesday.
The vulnerability, which was a zero-day at the time of its disclosure in mid-September, raised some alarms, mainly due to the fact that the JET database engine is included in all versions of Windows, and provided attackers with a huge attack vector they could target. Microsoft shipped an update this past Tuesday. But according to Mitja Kolsek, co-founder of 0patch, the recent patch is incomplete, and an attacker can still exploit the original vulnerability.
Read more about the issues with Microsoft’s recent JET patch on ZDNet.
Unlike Las Vegas, what happens in Europe won’t necessarily stay in Europe. On May 25, 2018, the European General Data Protection Regulation will go into effect, and companies not in compliance could potentially be hit with litigation and heavy fines.
Read how the software giant, Microsoft is preparing for the upcoming data breach notification regime in European Union on Biz Tech Magazine.
In November 2015, Microsoft shared the details of its $1B investment in a new integrated security strategy across its portfolio of products and services including Windows, Office, and Azure. The funds were allocated toward initiatives such as doubling the number of security executives and launching the Microsoft Enterprise Cybersecurity Group (ECG) and Cyber Defense Operations Center (CDOC).
Read how threat intelligence and identity management is driving Microsoft’s security strategy on Dark Reading.
City life is changing – there is no doubt about that. Unprecedented population shifts and extraordinary growth have impacted how urban populations live and work together. For city leaders, this rapid change has created not only unique challenges, but also significant opportunities.
Many are looking to technologies like the Cloud and Internet of Things (IoT) devices to solve growing problems, and for good reason. The Cloud increases efficiency and simplifies operations in ways never thought possible in the past and devices make connectivity possible anytime and anywhere.
Read more about the Microsoft’s partnership with cities and governments on Microsoft Blog.
Microsoft has heavily criticized Google and the company’s security disclosure policy after the firm publicly revealed a Windows 8.1 security flaw just days before Microsoft planned to issue a patch to kill the bug.
In a lengthy blog post, senior director of the Microsoft Security Response Center Chris Betz said that the threat landscape is becoming increasingly complex, and it is time for companies to stand together in response — rather than stand divided when it comes to cybersecurity strategies, such as in vulnerability and threat disclosure, as well as the release of security patches and fixes.
Read more about the Microsoft’s criticism of Google for leaking the Windows 8.1 vulnerability before it could release patch on ZDNet.
A new report by security vendor ESET holds mixed news for enterprises running on Microsoft technology.
Microsoft last year fixed nearly twice as many vulnerabilities across all its products than it did in 2013. But a vast majority of the reported flaws were in Microsoft’s Internet Explorer browser, suggesting that the company’s efforts to secure its core Windows operating system environment itself may finally be working.
Read more about ever increasing flaws in Microsoft products, especially the Internet Explorer on Dark Reading.
Alibaba Group and Microsoft have signed a memorandum of understanding (MOU) to enhance the security of Microsoft’s intellectual property rights on two of Alibaba’s e-commerce platforms, Taobao marketplace and Tmall.com.
As part of the MOU, Alibaba will strengthen anti-counterfeit measures on the two sites, such as by removing product lists suspected of offering counterfeit or unlicensed Microsoft products.
Read more about the collaboration between Alibaba group and Microsoft to weed out counterfeit software from Alibaba’s platforms on ZDNet.
Microsoft sites, including search engine Bing and MSN.com, were knocked briefly offline Friday after bad code was rolled out, according to a report.
Speculation began on Twitter that the sites were brought down by cyber-attackers in the wake of high-profile attacks against U.S. targets, including the attack on Sony Pictures in November. But, a source speaking to Reuters said the outage was not caused by an outside attack — rather, glitchy update code.
Read more about the Microsoft’s outage on Friday and the reasons behind it on ZDNet.