A bug in Microsoft's NTFS file system technology allows pranksters to hang or crash computers running Windows Vista, Windows 7, and Windows 8.1 just by tricking the user to access a malformed path for a non-existent file.
An attacker or a rogue employee can create and register custom control panel items and use these files to bypass the Windows AppLocker security feature.
Just by accessing a folder containing a malicious SCF file, a user will unwittingly share his computer's login credentials with an attacker via Google Chrome and the SMB protocol.
Following the massive Wana Decrypt0r ransomware outbreak from yesterday afternoon, Microsoft has released an out-of-bound patch for older operating systems to protect them against Wana Decrypt0r's self-spreading mechanism.
In an emergency out-of-band update released late last night, Microsoft fixed a vulnerability in the Microsoft Malware Protection Engine discovered by two Google security experts over the weekend, and which the two described as "crazy bad" and "the worst Windows remote code exec in recent memory."
Two Google security experts have found a severe remote code execution (RCE) bug in the Windows OS, which they've described as "crazy bad."
License keys for Windows 7, 8, and 8.1 can be used to activate a fresh copy of the Windows 10 Creators Update, even if Microsoft has "officially" stopped offering free upgrades to Windows 10 back in the summer of 2016.
Earlier today, Microsoft concluded an investigation which it started yesterday after a mysterious group of hackers known as The Shadow Brokers dumped a trove of Windows exploits online, as part of a plan started last year and aimed at ousting the Equation Group cyber-espionage group as the NSA.
Starting this month, Microsoft has stopped delivering updates for Windows 7 and 8.1 operating systems running on modern processor models, such as Intel 7th Generation (Kaby Lake) and AMD 7th Generation (Bristol Ridge).
Yesterday, Microsoft migrated to a new Patch Tuesday format, which now lists update information via a portal named the Microsoft Security Update Guide, which for the time being, has managed to confuse most sysadmins.
As part of the April 2017 Patch Tuesday, Microsoft released today 61 security updates for products such as its operating systems, browsers, the Office suite, and others.
A few hours ago, Microsoft officially launched the Windows 10 Creators Update, which has slowly started rolling out to a few selected Windows 10 users and will continue to reach new devices in the upcoming weeks.
A mysterious issue is affecting the default Windows NTP server (time.windows.com), according to multiple complaints coming from Reddit and Twitter users.
Android has become the most popular operating system on the Internet, taking the first place from Microsoft's Windows for the first time, according to analytics firm StatCounter.
Without making too much fuss about it, Microsoft patched a zero-day vulnerability used in live attacks by a cyber-espionage group named Zirconium. The zero-day, tracked as CVE-2017-0005, affects the Windows Win32k component in the Windows GDI (Graphics Device Interface), included in all Windows OS versions.
Microsoft has patched a zero-day vulnerability that was used in the massive AdGholas malvertising campaign and later integrated into the Neutrino exploit kit.
We're almost two weeks away from Windows Vista's official End of Life (EoL) date, April 11, 2017, more than ten years after Microsoft officially launched Windows, back in January 2007.
A security researcher has detailed a way to log into any account on the same computer, even without knowing its password. The trick works on all Windows versions, doesn't require special privileges, and the researcher can't figure out if it's a Windows feature or security flaw.
A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning.
Today is the March 2017 Microsoft Patch Tuesday and we have 17 security updates being released by Microsoft. Of these seventeen updates, seven of them are rated as Critical as they allow remote code execution on the affected computer.