Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript, according to a Tuesday advisory by Trend Micro’s Zero Day Initiative group. […]
The number of reported vulnerabilities in Microsoft software has mounted from 325 in 2013 to 685 last year, a rise of 111 percent, according to new research. Moreover, there has also been a 54 percent increase in critical Microsoft vulnerabilities since 2016, researchers at Avecto said in their report, which is based on data from […]
Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free. The attacks do not generate the same type of default warning from Microsoft associated with macro-based attacks, according to […]
Microsoft has been forced to issue an out-of-band patch to fix problems caused by a buggy Intel update for one of the Spectre vulnerabilities disclosed earlier this month. The Redmond fix (KB4078130) was issued over the weekend and disables the mitigation for branch target injection vulnerability CVE-2017-5715. The fix covers Windows 7 (SP1), Windows 8.1 […]
Spam campaigns delivering Zyklon HTTP malware are attempting to exploit three relatively new Microsoft Office vulnerabilities. The attacks are targeting telecommunications, insurance and financial service firms. According to FireEye researchers who identified the campaigns, attackers are attempting to harvest passwords and cryptocurrency wallet data along with recruiting targeted systems for possible future distributed denial of […]
It’s bad news for older Windows 7 and Windows 8 machines Microsoft is taking the surprise step of detailing how Spectre and Meltdown firmware updates may affect PC performance. The tech industry has been scrambling to issue updates to protect against the two CPU security flaws over the past week, and there have been many […]
Amazon, Google and Microsoft rush to fix chip flaws that could leave cloud customers at risk of having their data accessed or stolen by other users As the cloud provider community mobilises to protect users from two long-standing processor-based security flaws, researchers suggest a rip and replace of their underlying CPU hardware may be required […]
Despite a rash of attacks leveraging Dynamic Data Exchange fields in Office, including some spreading destructive ransomware, Microsoft has remained insistent that DDE is a product feature and won’t address it as a vulnerability. Microsoft on Wednesday did, however, put some guidance in admins’ hands as to how to safely disable the feature via new […]
Security experts are urging network administrators to patch a Microsoft Office vulnerability that has been exploited in the wild. The vulnerability (CVE-2017-11826) could allow remote code execution if a user opens a specially crafted Office file. It was one of 62 vulnerabilities patched by Microsoft as part of its monthly Patch Tuesday updates released today. […]
Java developers can now use Azure Functions, Microsoft’s serverless computing platform, to build and deploy applications on the Redmond, Wash. software marker’s cloud. Serverless computing is gaining ground among businesses and the world’s major cloud providers, but contrary to the image the term conjures up, servers are still very much involved in serverless applications. What’s […]
