In an interview, Microsoft Germany head has revealed that Microsoft is thinking of creating German controlled data centers to better serve its customers in Germany. In the recent years, information security is becoming a key concern for enterprises and governments. After the recent revelations about governments snooping on data, cloud data storage location has become the key point of discussion. In fact, Microsoft is now considering the possibility of working with partners to develop a cloud data centre based in Germany, with the aim of alleviating national concerns over cyber security. According to Illek, Microsoft is “testing” the idea of a ‘German cloud system’, where data could be hosted by a partner company but not be subject to US law. However, he said: “Whether and when it will happen, I cannot say.” Illek said Microsoft’s current data centres in the Netherlands and Ireland are becoming “increasingly popular” with major clients, ...

Read More →

Microsoft has released the September update for Internet Explorer and customers who have automatic updating enabled and will not need to take any action because these update will be downloaded and installed automatically. Customers who have automatic updating disabled need to check for updates and install this update manually. Microsoft Security Bulletin MS14-052 – This critical security update resolves one publicly disclosed vulnerability and twenty-five privately reported vulnerabilities in Internet Explorer. For more information see the full bulletin. Security Update for Flash Player (2987114) – This security update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the vulnerabilities are documented in Adobe security bulletin APSB14-21. This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer ...

Read More →

After releasing Chrome 64-bit in developer and canary channels, Google has released Chrome 64-bit as a stable release. This new 64-bit Chrome offers many benefits for speed, stability and security over 32-bit version. Based on their measurements, a native 64-bit version of Chrome has improved speed on many of their graphics and media benchmarks. For example, the VP9 codec that’s used in High Definition YouTube videos shows a 15% improvement in decoding performance. Stability measurements from people opted into our Canary, Dev and Beta 64-bit channels confirm that 64-bit rendering engines are almost twice as stable as 32-bit engines when handling typical web content. Finally, on 64-bit, our defense in depth security mitigations such as Partition Alloc are able to far more effectively defend against vulnerabilities that rely on controlling the memory layout of objects. At this point 64-bit will remain opt-in, so to take advantage of the improvements click on ...

Read More →

Over the last weekend, Microsoft released the June 2014 Supplementary Update for Windows Embedded POSReady 2009, Windows Embedded for Point of Service Supplement Update. This update is now available for download from MyOEM, a portal for OEM partners with a valid license agreement with Microsoft or with a Microsoft Authorized Embedded Distributor and for internal OEM employees. The following are the updates available in this release, 2957689 Cumulative Security Update for Internet Explorer 2957509 Vulnerability in TCP Protocol Could Allow Denial of Service 2957503 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution 2939576 Vulnerabilities in Microsoft XML Core Services Could Allow Information Disclosure Source: Microsoft ...

Read More →

As Microsoft announced last year, Microsoft started expanding encryption across their services in an effort to reinforce legal protections for their customers’ data last month. All Outlook.com emails are now encrypted like how Office 365 e-mail works already. Even they made encryption improvements for Microsoft Azure guest OS. Today, they are announcing further improvements for encryption on Azure. The encryption improvements, which apply to Microsoft Azure cipher solution for hosted guest virtual machines, provide customers with enhanced protection when connecting and transmitting data. For example, the enhancements to the default Transport Layer Security (TLS)/Secure Socket Layer (SSL) cipher suites helps ensure that connections are better encrypted during transmission.  In addition, enabling Perfect Forward Secrecy (PFS) helps ensure a different encryption key is used for every connection, making it more difficult for attackers to decrypt connections. As technology advances and attackers continue to adjust their tactics, it’s essential that cloud providers evolve their ...

Read More →

.NET is an integral part of many applications running on Windows and provides common functionality for those applications to run. This download is for people who need .NET to run an application on their computer. For developers, the .NET Framework provides a comprehensive and consistent programming model for building applications that have visually stunning user experiences and seamless and secure communication. Microsoft today recommended their customers to update to .NET 4.5.2 for greater stability, reliability, security and performance and revealed that they will stop supporting all older .Net frameworks. We will continue to fully support .NET 4, .NET 4.5, .NET 4.5.1, and .NET 4.5.2 until January 12, 2016, this includes security updates as well as non-security technical support and hotfixes. Beginning January 12, 2016 only .NET Framework 4.5.2 will continue receiving technical support and security updates. There is no change to the support timelines for any other .NET Framework version, ...

Read More →

Microsoft today announced that Internet Explorer will date ActiveX controls starting August 12th. Sincet automatically updated, malicious or compromised Web pages target security flaws in outdated controls to collect information, install dangerous software, or by even let someone else control your computer remotely. As per Microsoft Security Intelligence Report, Java exploits represented 84.6% to 98.5% of exploit kit-related detections each month in 2013. To help improve the security situation for users, Microsoft is delivering an update to Internet Explorer on August 12, 2014 will introduce a new security feature, called out-of-date ActiveX control blocking. Out-of-date ActiveX control blocking lets you: Know when Internet Explorer prevents a Web page from loading common, but outdated, ActiveX controls. Interact with other parts of the Web page that aren’t affected by the outdated control. Update the outdated control, so that it’s up-to-date and safer to use. Inventory the ActiveX controls your organization is using. The out-of-date ActiveX control blocking ...

Read More →

Microsoft is not having a good time in China in the recent months. Following the ban of Windows 8 and Office in some government offices, Microsoft offices in China were raided today by Chinese government officials for unknown reasons. China’s State Administration for Industry & Commerce made the visits to Microsoft offices in Beijing, Shanghai, Guangzhou and Chengdu. Microsoft provided the following statement to the media regarding these raids, “We aim to build products that deliver the features, security and reliability customers expect and we’re happy to answer the government’s questions,” Recently, Chinese government agencies warned US tech companies to stop helping US government in stealing Chinese government data. One good news for Microsoft China is that JD.com has started taking pre-orders for Xbox One today. Source: Reuters ...

Read More →

Bromium Labs today released their report on cyber-attack landscape in the first half of 2014. Microsoft Internet Explorer had the most number of reported vulnerabilities and also in the publicly reported exploits. As the most used browser in the market,Internet Explorer was the most patched and most exploited product in 2014. They also reported that Internet Explorer 11 was released late last year and security patches seem to have emerged rather quickly, compared to its predecessors. Almost all Internet Explorer memory corruption exploits now use de facto ROP (Return Oriented Programming) techniques for bypassing the default Operating System security mechanisms (ASLR, DEP). Also, both the IE zero days exploits leveraged ‘Action Script Spray’ technique to bypass ASLR. You can download the full report here. via: Betanews ...

Read More →

Today, Bloomberg reported that Microsoft is in talks to acquire Israel-based security startup Aorato Ltd. They also reported that deal was worth around $200 million and could close within the next two months. Its investors include Accel Partners, Glilot Capital Partners, Innovation Endeavors and few others. Aorato’s security products protects your organization and Active Directory by automatically learning, profiling and predicting entity behavior. Aorato’s Directory Services Application Firewall (DAF™) protects Active Directory and leverages its central role in the network to secure organization from advanced targeted attacks. Nowadays, attackers compromise all types of entities (non-privileged and privileged users, devices, servers, etc.) in order to gain a foothold into the network. It is not enough anymore to track only privileged accounts to protect the organization against advanced attacks. DAF introduces a new approach. DAF detects suspicious activities through learning, profiling and predicting entities’ behaviors. Source: WSJ   ...

Read More →

As part of patch Tuesday updates, Microsoft yesterday fixed over 29 different vulnerabilities in Windows. Microsoft released the following summary that lists security bulletins released for July 2014. With the release of the security bulletins for July 2014, this bulletin summary replaces the bulletin advance notification originally issued July 3, 2014. Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software MS14-037 Cumulative Security Update for Internet Explorer (2975687) This security update resolves one publicly disclosed vulnerability and twenty-three privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those ...

Read More →

As Microsoft announced last year, Microsoft is today expanding encryption across their services in an effort to reinforce legal protections for their customers’ data. All Outlook.com emails are now encrypted like how Office 365 e-mail works already. This will provide even greater protection for user’s data across all the great Microsoft services that you depend on every day. First, Outlook.com is now further protected by Transport Layer Security, or TLS, encryption for both outbound and inbound email. This means that when you send an email to someone, your email is encrypted and thus better protected as it travels between Microsoft and other email providers. Of course, this requires their email service provider to also have TLS support. Over the past six months, we have been working across the industry to further protect and help ensure your mail remains protected. This includes working closely with several international providers throughout our implementation, ...

Read More →

Microsoft has recently named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, or their involvement in in creating, controlling, and assisting in infecting millions of computers with malicious software running old Windows versions. We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we’ve predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic. Read full post on The Official Microsoft Blog. ...

Read More →

Microsoft usually alerts users to provide them with an overview of the new security bulletin(s) being released on each month via email. Security bulletins are released monthly to resolve critical problem vulnerabilities. Microsoft has recently sent an email to Security Bulletin subscribers that they are going to suspend the use of email notifications and recommends RSS feeds to users. Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications Security bulletin summaries New security advisories and bulletins Major and minor revisions to security advisories and bulletins In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website. For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications ...

Read More →

Microsoft has recently released an update to the Microsoft update/Windows update client with security enhancements. It also include further hardening of infrastructure used by WU/MU client and a more secure communication channel between WU/MU Client and Service. You can read more about the changes in WU/MU at KB 2887535. The update is applicable to Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows 8, Windows RT, Windows Server 2012 and the rollout will begin today. Similar to past updates, this update will be automatically installed if Automatic Updates is turned ON, either set to automatically install updates or notify to download/install updates. As with past updates, this update will not change your current Windows Update or Automatic Updates settings. Anytime Windows Update (or Automatic Updates) is turned ON, either set to automatically install updates or notify to download/install updates, Windows Update will take care of updating itself. ...

Read More →

Microsoft today announced the launch of Interflow, a security and threat information exchange platform for professionals working in cybersecurity. The service is now in private beta. Microsoft wants to eliminate manual processes, rapidly detect and analyze using automated machine-to-machine shared security and threat information, while helping reduce cost of defense. It is built based on the STIX (Structured Threat Information eXpression), TAXII (Trusted Automated eXchange of Indicator Information), and CyBox (Cyber Observable eXpression standards) specifications. Interflow enables automated machine-to-machine exchange of security and threat information, using community-driven format and structure specifications. It allows users to create their own sharing communities, and define what to share and with whom. Interflow’s filtering capabilities enable users to create watch lists and prioritize rapid action, instead of manual compilation of data. Through Interflow’s watch lists, customers no longer have to look for needles in a haystack. Organizations and enterprises with dedicated security incident response ...

Read More →