Without making too much fuss about it, Microsoft patched a zero-day vulnerability used in live attacks by a cyber-espionage group named Zirconium. The zero-day, tracked as CVE-2017-0005, affects the Windows Win32k component in the Windows GDI (Graphics Device Interface), included in all Windows OS versions.
Microsoft has patched a zero-day vulnerability that was used in the massive AdGholas malvertising campaign and later integrated into the Neutrino exploit kit.
We're almost two weeks away from Windows Vista's official End of Life (EoL) date, April 11, 2017, more than ten years after Microsoft officially launched Windows, back in January 2007.
Three angry Windows 10 users have filed a lawsuit against Microsoft over botched Windows 10 upgrades, which plaintiffs claim destroyed their data, damaged computers, and incurred lost time and money.
A security researcher has detailed a way to log into any account on the same computer, even without knowing its password. The trick works on all Windows versions, doesn't require special privileges, and the researcher can't figure out if it's a Windows feature or security flaw.
Users of new CPU architectures will not receive Windows 7 and 8.1 updates anymore, according to a Microsoft support topic published last week.
A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning.
Ransomware operators have changed tactics again, making the job of security vendors harder once more, as they switched to a new method of packing their malware inside NSIS installers.
A vulnerability discovered by Google Project Zero security researchers and left without a patch by Microsoft received a temporary fix from third-party security vendor ACROS Security.
Starting with Windows 10 build number 15042, Microsoft will allow administrators to block the installation of Win32 applications on their computer.
Google has gone public with details of a second unpatched vulnerability in Microsoft products, this time in Edge and Internet Explorer, after last week they've published details about a bug in the Windows GDI (Graphics Device Interface) component.
Just by preventing access to admin accounts, a system administrator could safeguard all the computers under his watch and prevent attackers from exploiting 94% of all the critical vulnerabilities Microsoft patched during the past year.