Microsoft’s lawsuit against the U.S. government for the right to tell its customers when a federal agency is looking at their emails is getting widespread support by privacy advocates. For many, Microsoft’s stance lends an important and powerful voice to ongoing efforts to reform the Electronic Communications Privacy Act that is at the heart of...

Despite the Badlock hype machine cranked up high, we don’t know much about this impending soul-crushing vulnerability other than it could be bad, it could be in the Windows Server Message Block and it already has its own requisite logo and website. Nonetheless, we have a little more than two weeks before the next Microsoft...

If it ain’t broke, don’t fix it. If there’s one thing the recent surge in threats using macros to spread malware has shown, it’s that the vector is clearly working for attackers. Developers at Microsoft hope a feature in the latest version of Microsoft Office will reduce the frequency of those attacks by giving administrators...

USB-related vulnerabilities make people nervous; you need look no further than Stuxnet and BadUSB to see the dangers associated with infected portable storage devices and peripherals. Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on edge. Though the flaw was rated “important,” likely because it...

Microsoft released a baker’s dozen worth of security bulletins on Tuesday, including five rated critical and two rated important that could result in remote code execution attacks against compromised machines. Two of the bulletins rated critical address flaws in Internet Explorer and Microsoft Edge. The IE bulletin, MS16-023, patches 13 vulnerabilities in the browser, all...

TENERIFE, Spain – Network defenders who rely solely on lists of assets to protect are running a fool’s errand. Instead, it’s crucial to think in graphs to not only visualize threats, but also to understand network edges, and dependencies between assets and accounts in order to be able to capture attacker activities and render them...

The Internet Systems Consortium (ISC) on Tuesday patched a denial-of-service vulnerability in numerous versions of DHCP. The flaw affects nearly all IPv4 DHCP clients and relays and most servers, ISC said in its advisory. “A badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or relay program to terminate abnormally,”...

Microsoft Silverlight vulnerabilities certainly don’t have the same hacker cred as bugs in Adobe Flash, for example, but nonetheless, that does not diminish their value, nor does that mean they should be ignored. Microsoft patched a critical flaw in the application framework on Tuesday, and researchers at Kaspersky Lab’s Global Research and Analysis Team caution...

Microsoft released a scant nine bulletins today for Patch Tuesday, but six of them are marked critical and seven can lead to remote code execution. The updates, which address 25 vulnerabilities will be the last many who run Internet Explorer 8, 9, and 10 will receive unless they elect to update to a newer browser. The patches, the...

Anxiety was high around April 8, 2014 when Microsoft officially closed the door on security support for Windows XP. Many envisioned black hats worldwide stockpiling exploits waiting for the day when XP machines would be left permanently exposed. The anticipated malware apocalypse, however, never really came for the remaining XP machines in circulation. And now...