Two implementations of the Kerberos authentication protocol received patches this week against a vulnerability that allowed a threat actor to bypass authentication procedures.
Microsoft added a password recovery option to the Windows 10 locksreen for users that use a Microsoft account to log into their computer.
Microsoft has worked on adding security protections against two forms of code injection techniques known as process hollowing and atom bombing.
Microsoft's July 2017 Patch Tuesday includes a fix for an issue with the NT LAN Manager (NTLM) Authentication Protocol that can be exploited to allow attackers to create admin accounts on a local network's domain controller (DC).
Microsoft has released updates today for the Windows 10 operating system, as well as for other of the company's products, updates that fix 55 security issues ranging from remote code execution to simple spoofing attacks.
Today at the company's Inspire business conference, Microsoft announced a new service called "Microsoft 365" that bundles together three of its previous standalone services: Office 365, Windows 10, and Enterprise Mobility + Security.
WikiLeaks dumped today the documentation of two CIA hacking tools codenamed BothanSpy and Gyrfalcon, both designed to steal SSH credentials from Windows and Linux systems, respectively.
A new feature added in test snapshots for OpenBSD releases will create a unique kernel every time an OpenBSD user reboots or upgrades his computer.
This fall, Microsoft plans to release a new Windows Defender feature called Controlled Folder Access, which blocks and blacklists unauthorized apps from making changes to files located inside specially-designated folders.
After previously stating it was dropping support for EMET in July 2018, Microsoft announced yesterday plans to embed its vaunted EMET security toolkit in the Windows 10 kernel during the operating system's major update, scheduled for October-November 2017.
On Friday, Microsoft rolled out an out-of-band security update that patched a major security flaw in the Microsoft Malware Protection Engine (MsMpEng), a core security service part of the Microsoft ecosystem.
An unknown person has uploaded online over 32TB of Windows 10 internal builds, along with some of the operating system's source code. The data was uploaded on BetaArchive, an Internet forum dedicated to archiving software beta builds so users and developers can track how a project evolved over time.
Security experts have discovered a method of bypassing Windows PatchGuard protections and hooking malicious code into the Windows kernel, which allows an attacker to plant rootkits on systems previously thought to be impregnable.
Windows computers are being targeted with a new cryptocurrency miner that uses an NSA hacking tool to infect users' PCs. Detected under the generic name of Trojan.BtcMine.1259, this trojan was first spotted last week by Russian antivirus vendor Dr.Web.
Microsoft published today the June 2017 Patch Tuesday, which patches over 90 security flaws, including two vulnerabilities used in live attacks.
Starting this fall, with the public launch of the next major Windows 10 update — codenamed Redstone 3 — Microsoft plans to disable SMBv1 in most versions of the Windows operating systems.
A bug in Microsoft's NTFS file system technology allows pranksters to hang or crash computers running Windows Vista, Windows 7, and Windows 8.1 just by tricking the user to access a malformed path for a non-existent file.
An attacker or a rogue employee can create and register custom control panel items and use these files to bypass the Windows AppLocker security feature.
Just by accessing a folder containing a malicious SCF file, a user will unwittingly share his computer's login credentials with an attacker via Google Chrome and the SMB protocol.
Following the massive Wana Decrypt0r ransomware outbreak from yesterday afternoon, Microsoft has released an out-of-bound patch for older operating systems to protect them against Wana Decrypt0r's self-spreading mechanism.