News

Microsoft Windows software

• July 09, 2007 09 Jul'07

  Microsoft July updates for critical Excel, Windows and .NET flaws

  Of the six security updates Microsoft released Tuesday, experts expressed the most concern about a critical glitch in the .NET Framework that could leave client machines and Web servers open to attack.

• July 06, 2007 06 Jul'07

  Microsoft preps six security updates for Windows, Office

  Microsoft will release six security updates on Tuesday 10 July to address flaws attackers could exploit to launch malicious code and access sensitive information on victims' machines.

• May 24, 2007 24 May'07

  Microsoft investigates new Office zero-day flaw

  Attackers could exploit a newly-discovered zero-day flaw in Office 2000 to run malicious code on targeted machines, Symantec warned.

• April 12, 2007 12 Apr'07

  Microsoft DNS server flaw called dangerous

  UPDATE: Microsoft said Sunday that attacks are still limited, but a proof of concept code to exploit the vulnerability is publicly available.

• March 25, 2007 25 Mar'07

  Microsoft investigates Windows Vista Mail flaw

  Attackers could exploit a flaw in Windows Vista Mail to compromise PCs by tricking the user into opening a malicious email attachment. Microsoft is investigating.

• February 08, 2007 08 Feb'07

  Roundup: Vista security, breakability touted at RSA Conference

  At RSA Conference 2007, Microsoft extolled the security virtues of its new operating system, but others weren't afraid to demonstrate how Vista security is lacking.

• February 04, 2007 04 Feb'07

  Vista exploitable, researcher says

  Marc Maiffret, CTO and chief hacking officer of eEye Digital Security, said he has found a way to elevate system privileges by exploiting a flaw in Windows Vista.

• January 30, 2007 30 Jan'07

  Symantec exploitation video hits YouTube

  Symantec posted a clip on the popular video-sharing site showing researchers using a newly discovered flaw in Microsoft Word to drop an executable on a vulnerable machine.

• January 30, 2007 30 Jan'07

  Windows Vista voice command tricked

  An attacker found a way to play audio commands at a user's machine tricking the voice command capability in Vista into running arbitrary code.

• January 30, 2007 30 Jan'07

  Microsoft disputes Word zero-day report

  Symantec is warning of a new zero-day vulnerability in Microsoft Word. But Microsoft doesn't believe the flaw is new.

• January 24, 2007 24 Jan'07

  Microsoft investigates new Word zero-day

  An unpatched memory-corruption flaw in Microsoft Word is the target of "limited" attacks in the wild, Microsoft confirmed Thursday.

• January 11, 2007 11 Jan'07

  Oracle emulates Microsoft with advance patch notice

  Oracle will patch 52 security flaws across its product line Tuesday, according to its inaugural CPU advance notification bulletin.

• January 10, 2007 10 Jan'07

  Out-of-cycle Microsoft patch likely, experts say

  Patch specialists and IT administrators were surprised Microsoft didn't fix much-publicised Word zero-day flaws Tuesday. But they don't fault the company for holding back.

• January 09, 2007 09 Jan'07

  Remote flaw in Vista could earn finder $8,000

  VeriSign Inc.'s iDefense Labs is offering an $8,000 bounty to any researcher who finds a remotely exploitable flaw in Windows Vista.

• January 08, 2007 08 Jan'07

  Critical fixes for Excel, Outlook and Windows

  Microsoft starts the year with security updates for Excel, Outlook and Windows. Three of the fixes are rated critical.

• January 07, 2007 07 Jan'07

  Microsoft nixes four patch bulletins

  Eight security updates were originally scheduled for Patch Tuesday , but Microsoft has decided to hold back on half of them.

• December 11, 2006 11 Dec'06

  Microsoft fixes two zero-day flaws

  The December security update from Microsoft includes patches for zero-day flaws in Visual Studio and Windows Media Player, but two zero-day flaws in Word remain unfixed.

• December 06, 2006 06 Dec'06

  Microsoft to fix Visual Studio, Windows flaws

  Microsoft plans to release five security updates to address vulnerabilities in Windows and a flaw in Visual Studio as part of its monthly security bulletin release cycle.

• December 06, 2006 06 Dec'06

  Zero-day flaw found in Windows Media Player

  Attackers could exploit a new zero-day flaw in Windows Media Player to cause a denial of service or launch malicious code. The threat is Microsoft's second zero-day flaw in a week.

• October 18, 2006 18 Oct'06

  Rural Payments Agency project failed after IT system costs spiralled

  Delays in implementing a bespoke IT system led to the Rural Payments Agency (RPA) failing to pay subsidies to farmers on time, according to a National Audit Office report.

• September 04, 2006 04 Sep'06

  New Microsoft Word zero-day exploit discovered

  Trojan.MDropper-Q is exploiting a vulnerability in Microsoft's word-processing application that could allow attackers to take control of certain machines.

• August 02, 2006 02 Aug'06

  Twelve Microsoft fixes coming on Patch Tuesday

  Microsoft Tuesday will release a dozen new security bulletins for its Windows and Office products, likely including fixes for several outstanding PowerPoint flaws.

• July 31, 2006 31 Jul'06

  Security Bytes: ISS warns of new Microsoft Windows flaw

  Attackers could exploit the latest Microsoft Windows flaw to crash vulnerable machines and Symantec fixes a Brightmail AntiSpam flaw.

• July 11, 2006 11 Jul'06

  Critical flaws found in Excel, Flash Player

  FrSIRT says holes in Microsoft's spreadsheet program and Adobe's media player could allow attackers to take control of affected machines and initiate malicious commands.

• November 30, 2005 30 Nov'05

  Out-of-cycle IE patch may be imminent

  Microsoft may release a critical Internet Explorer fix before the next Patch Tuesday, amid reports that malicious code is targeting a memory corruption flaw.

• July 21, 2005 21 Jul'05

  Users look for value boost from Microsoft licence rejig

  Software Assurance needs to offer better support, say IT directors

• July 06, 2005 06 Jul'05

  PING with Karen Worstell

  The Microsoft CISO discusses how she keeps Redmond and its products secure.

• March 07, 2005 07 Mar'05

  Windows vulnerable to LAND attack

  Security researchers say this type of attack leaves enterprise customers of popular Windows products open to a denial of service. There is good news, though.

• August 24, 2004 24 Aug'04

  Latest worm uses IM to lure victims

  A version of the worm which spread from infected Microsoft Internet Information Services (IIS) web servers in June has been...