Tag: Microsoft

Microsoft JET vulnerability still open to attacks, despite recent patch

A vulnerability in the Microsoft JET database engine is still open to attacks, even after Microsoft shipped an update earlier this week during the October 2018 Patch Tuesday.

The vulnerability, which was a zero-day at the time of its disclosure in mid-September, raised some alarms, mainly due to the fact that the JET database engine is included in all versions of Windows, and provided attackers with a huge attack vector they could target. Microsoft shipped an update this past Tuesday. But according to Mitja Kolsek, co-founder of 0patch, the recent patch is incomplete, and an attacker can still exploit the original vulnerability.

Read more about the issues with Microsoft’s recent JET patch on ZDNet.

Microsoft Prepares for GDPR and Builds for Security at Scale

Unlike Las Vegas, what happens in Europe won’t necessarily stay in Europe. On May 25, 2018, the European General Data Protection Regulation will go into effect, and companies not in compliance could potentially be hit with litigation and heavy fines.

Read how the software giant, Microsoft is preparing for the upcoming data breach notification regime in European Union on Biz Tech Magazine.

Microsoft Execs: Identity, Threat Intelligence Driving Company’s Security Strategy

In November 2015, Microsoft shared the details of its $1B investment in a new integrated security strategy across its portfolio of products and services including Windows, Office, and Azure. The funds were allocated toward initiatives such as doubling the number of security executives and launching the Microsoft Enterprise Cybersecurity Group (ECG) and Cyber Defense Operations Center (CDOC).

Read how threat intelligence and identity management is driving Microsoft’s security strategy on Dark Reading.

Microsoft’s enterprise-grade security is coming to Windows 10 IoT

The version of Windows 10 for devices from the Internet of Things will soon get security features from the company’s operating system for computers and tablets.

The company announced Thursday that it will bring its Bitlocker encryption and Secure Boot systems to the Windows 10 IoT Core public beta in a push to improve security.

Read about how Microsoft plans to bring enterprise grade security to the Windows 10 Internet of Things environment on PC World.

Microsoft partners with cities and governments to improve cybersecurity for citizens

City life is changing – there is no doubt about that. Unprecedented population shifts and extraordinary growth have impacted how urban populations live and work together. For city leaders, this rapid change has created not only unique challenges, but also significant opportunities.

Many are looking to technologies like the Cloud and Internet of Things (IoT) devices to solve growing problems, and for good reason. The Cloud increases efficiency and simplifies operations in ways never thought possible in the past and devices make connectivity possible anytime and anywhere.

Read more about the Microsoft’s partnership with cities and governments on Microsoft Blog.

Microsoft slams Google for spilling the beans on Windows 8.1 security flaw

Microsoft has heavily criticized Google and the company’s security disclosure policy after the firm publicly revealed a Windows 8.1 security flaw just days before Microsoft planned to issue a patch to kill the bug.

In a lengthy blog post, senior director of the Microsoft Security Response Center Chris Betz said that the threat landscape is becoming increasingly complex, and it is time for companies to stand together in response — rather than stand divided when it comes to cybersecurity strategies, such as in vulnerability and threat disclosure, as well as the release of security patches and fixes.

Read more about the Microsoft’s criticism of Google for leaking the Windows 8.1 vulnerability before it could release patch on ZDNet.

Microsoft Software Flaws Increase Sharply But Majority Affect IE

A new report by security vendor ESET holds mixed news for enterprises running on Microsoft technology.

Microsoft last year fixed nearly twice as many vulnerabilities across all its products than it did in 2013. But a vast majority of the reported flaws were in Microsoft’s Internet Explorer browser, suggesting that the company’s efforts to secure its core Windows operating system environment itself may finally be working.

Read more about ever increasing flaws in Microsoft products, especially the Internet Explorer on Dark Reading.

Alibaba, Microsoft agree to crack down on counterfeit software

Alibaba Group and Microsoft have signed a memorandum of understanding (MOU) to enhance the security of Microsoft’s intellectual property rights on two of Alibaba’s e-commerce platforms, Taobao marketplace and Tmall.com.

As part of the MOU, Alibaba will strengthen anti-counterfeit measures on the two sites, such as by removing product lists suspected of offering counterfeit or unlicensed Microsoft products.

Read more about the collaboration between Alibaba group and Microsoft to weed out counterfeit software from Alibaba’s platforms on ZDNet.

Microsoft observed a significant increase in macros based malware

The Microsoft Malware Protection Center (MMPC) has recently observed a surge in the infections of malware using macros to spread their malicious code.

The Microsoft Malware Protection Center (MMPC) is warning Office users on the diffusion of malicious macros through email attachments or social engineering websites.

Read more about the findings of Microsoft Malware Protection Center on Security Affairs.

Microsoft sites downed by ‘bad code,’ not cyberattack

Microsoft sites, including search engine Bing and MSN.com, were knocked briefly offline Friday after bad code was rolled out, according to a report.

Speculation began on Twitter that the sites were brought down by cyber-attackers in the wake of high-profile attacks against U.S. targets, including the attack on Sony Pictures in November. But, a source speaking to Reuters said the outage was not caused by an outside attack — rather, glitchy update code.

Read more about the Microsoft’s outage on Friday and the reasons behind it on ZDNet.