Earlier today, Microsoft published the January 2018 Patch Tuesday security updates, containing fixes for 56 vulnerabilities and three special security advisories with fixes for Adobe Flash, the Meltdown & Spectre flaws, and a defense-in-depth update for Office applications.
Microsoft has added a new and very important detail on the help page describing incompatibilities between antivirus (AV) products and the recent Windows Meltdown and Spectre patches.
The security research team at Rhino Labs, a US-based cyber-security company, has discovered that malicious actors can use a lesser-known Microsoft Word feature called subDoc to trick Windows computers into handing over their NTLM hashes, the standard format in which user account credentials are stored.
A simple, dumbed-down, step-by-step article on how to get these updates and navigate Microsoft's overly complicated announcement.
Late last night, Microsoft issued out-of-band updates that address Meltdown and Spectre, two security flaws said to be affecting almost all CPUs released since 1995.
An aggressive and sophisticated malware campaign is currently underway, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency.
Microsoft has released security updates as part of its monthly Patch Tuesday release train, and this month, the company has patched 34 issues affecting eight products.
On Wednesday, Microsoft started rolling out an update to all Windows products that rely on the Malware Protection Engine for security scans.
Today, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelgänging."
In an email sent to all Windows Insiders Program (WIP) participants, Terry Myerson, Executive Vice President of the Windows and Devices Group, gave a preview of two new features Microsoft will be testing in the next iteration of the Insiders Program (Windows 10 Redstone 4).
The way Microsoft patched a recent security bug has made several security and software experts believe the company might have lost the source code to one of its Office components.
Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to properly apply ASLR, rendering this crucial Windows security feature useless.
Microsoft has patched today a huge security hole in Microsoft Office that could be exploited to run malicious code without user interaction on all Windows versions released in the past 17 years.
Microsoft has released security updates for several products as part of the company's November 2017 Patch Tuesday, the company's monthly update train.
A security researcher has discovered a new code injection technique that works on all recent Windows versions and allows miscreants to inject malicious code into other applications undetected.
Microsoft has patched only recent versions Windows against a dangerous hack that could allow attackers to steal Windows NTLM password hashes without any user interaction.
With the release of the Windows 10 Fall Creators Update earlier this week, Microsoft quietly rolled out a gaming anti-cheat engine, similar to Valve's VAC system.
Microsoft has just fixed a nasty bug affecting the DNS client included with Windows 8, Windows 10, Windows Server 2012 and Windows Server 2016.
Earlier today, Microsoft published the October 2017 Patch Tuesday, the company's monthly update train, addressing important security issues, but also some mundane bugfixes.
Project Zero, Google's top security team, says that Microsoft is putting customers at risk by not patching Windows OS versions in the same way and with the same consistency.