Microsoft's Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar.
Moments ago, Microsoft published the September 2017 Patch Tuesday, and this month the OS maker fixed 82 security bugs. Among the patches, there is one zero-day vulnerability exploited in the wild and three bugs whose details became public but have yet to be exploited in attacks.
Bashware is the name of a new technique that allows malware to use a new Windows 10 feature called Subsystem for Linux (WSL) to bypass security software installed on an endpoint.
Microsoft has declined to patch a security bug Cisco Talos researchers discovered in the Edge browser, claiming the reported issue is by design. Apple and Google patched a similar flaw in Safari (CVE-2017-2419) and Chrome (CVE-2017-5033), respectively.
On October 17, Microsoft will launch the next major version of Windows 10, nicknamed the Fall Creators Update (CFU).
After an 18-month legal battle with Germany's Baden-Würtenberg consumer rights center, Microsoft admitted to wrongdoing when it downloaded over 6GBs of data on user devices during its Windows 10 push in mid and late 2015.
Kaspersky Lab and Microsoft simultaneously announced that they've reached common ground on an antitrust complaint the antivirus vendor filed with Russian and European authorities in late 2016 and mid-2017, respectively.
Marisa Rogers, privacy officers for Microsoft's Windows and Devices Group, says that 71% of the users who updated to the Windows 10 Creators Update in the past months have chosen to enable the "Full" diagnostics and telemetry collection settings during the upgrade process.
The Microsoft August 2017 Patch Tuesday security patches include fixes for 48 issues, of which 25 are rated critical, but none is as ominous as CVE-2017-8620.
Microsoft released the August 2017 Patch Tuesday security bulletin, and this month the company fixed 48 security issues in six of its main product categories.
Software experts from Trail of Bits — a well-known security R&D company — have sandboxed Windows Defender, the default antivirus solution that ships with recent Windows editions.
This week, with the release of Windows 10 Insider Preview Build 16251 for PC, Microsoft added support for linking Android devices to one's computer, allowing users to share files from their smartphone to their PC with the tap of a few buttons.
For years, Microsoft has run a bug bounty program where security researchers could report bugs in Microsoft products and earn money for their findings.
Microsoft plans to remove the classic Windows Paint app from Windows 10 this fall, as part of a large chunk of features the company announced it would deprecate or remove with the release of the Windows 10 Fall Creators Update, set to be launched somewhere in October or November.
Microsoft added a password recovery option to the Windows 10 locksreen for users that use a Microsoft account to log into their computer.
Microsoft has worked on adding security protections against two forms of code injection techniques known as process hollowing and atom bombing.
Microsoft's July 2017 Patch Tuesday includes a fix for an issue with the NT LAN Manager (NTLM) Authentication Protocol that can be exploited to allow attackers to create admin accounts on a local network's domain controller (DC).
Microsoft has released updates today for the Windows 10 operating system, as well as for other of the company's products, updates that fix 55 security issues ranging from remote code execution to simple spoofing attacks.