Microsoft has released the criteria used to determine whether a reported and confirmed vulnerability is resolved through a security update or in the next version of Windows. These criteria were released in order to provide insight into the decision making progress and to receive feed back from security researchers.
Yesterday's Patch Tuesday release included fixes for the latest Spectre vulnerability, known as Spectre variant 4, or SpectreNG.
Microsoft has released the June 2018 Patch Tuesday security updates, and this month's release comes with fixes for 50 vulnerabilities.
A vulnerability exists in the Windows operating system's JScript component that can allow an attacker to execute malicious code on a user's computer.
Microsoft released today three additional Windows update packages —Microsoft Releases KB4100347, KB4134660, and KB4134661.
An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they've uploaded a weaponized PDF file to a public malware scanning engine.
Rotem Kerner, a security researcher with enSilo, has discovered a new process injection technique that can be abused by malicious actors to hide malware inside Windows-based CLI applications.
Almost all major OS vendors released security patches yesterday after a researcher discovered that some OS makers have misinterpreted an Intel CPU debug feature and left their systems open to attacks.
Microsoft released a 948 page PDF titled the "Windows Command Reference" that contains documentation on over 250 Windows console commands. For each command, Microsoft has included a detailed description of the command, their command line arguments,.and for some commands, what operating system the documentation applies.
A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state.
PDF files can be weaponized by malicious actors to steal Windows credentials (NTLM hashes) without any user interaction, and only by opening a file, according to Assaf Baharav, a security researcher with cyber-security Check Point.
Earlier today, Microsoft released its monthly roll-up of security patches known as Patch Tuesday, and this month, the Redmond-based OS maker has fixed 66 security issues.
Yesterday, April 3, Microsoft released an emergency security update via Windows Update that fixes CVE-2018-0986, a vulnerability in the Microsoft Malware Protection Engine (MMPE).
Microsoft issued today an out-of-band security update for 64-bit versions of Windows 7 and Windows Server 2008 R2.
The Windows Remote Assistance tool that ships with all Windows distributions can be can be abused for clever hacks in targeted attacks.
Microsoft said on Friday that the upcoming Windows 10 major feature upgrade —dubbed the Spring Creators Update— will take around 30 minutes to install, unlike previous variants that took between one and two hours to complete.
Microsoft has backtracked on a decision it took back in January when it conditioned that computers without a special registry key would not receive any more security updates.
Microsoft has released its monthly security updates, and this month the company patched 74 vulnerabilities affecting products such as Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Exchange Server, ASP.NET Core, .NET Core, PowerShell Core, ChakraCore, Microsoft Office, and Microsoft Office Services and Web Apps.
The March 2018 Patch Tuesday contains a fix for a severe vulnerability affecting the CredSSP protocol; a vulnerability that affects all Windows versions ever released.
A Google security engineer says Microsoft has failed to properly patch a security flaw affecting Windows 10 and Windows Server 2016 distributions.