Over the last weekend, Microsoft released the June 2014 Supplementary Update for Windows Embedded POSReady 2009, Windows Embedded for Point of Service Supplement Update. This update is now available for download from MyOEM, a portal for OEM partners with a valid license agreement with Microsoft or with a Microsoft Authorized Embedded Distributor and for internal OEM employees. The following are the updates available in this release, 2957689 Cumulative Security Update for Internet Explorer 2957509 Vulnerability in TCP Protocol Could Allow Denial of Service 2957503 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution 2939576 Vulnerabilities in Microsoft XML Core Services Could Allow Information Disclosure Source: Microsoft ...

Read More →

As Microsoft announced last year, Microsoft started expanding encryption across their services in an effort to reinforce legal protections for their customers’ data last month. All Outlook.com emails are now encrypted like how Office 365 e-mail works already. Even they made encryption improvements for Microsoft Azure guest OS. Today, they are announcing further improvements for encryption on Azure. The encryption improvements, which apply to Microsoft Azure cipher solution for hosted guest virtual machines, provide customers with enhanced protection when connecting and transmitting data. For example, the enhancements to the default Transport Layer Security (TLS)/Secure Socket Layer (SSL) cipher suites helps ensure that connections are better encrypted during transmission.  In addition, enabling Perfect Forward Secrecy (PFS) helps ensure a different encryption key is used for every connection, making it more difficult for attackers to decrypt connections. As technology advances and attackers continue to adjust their tactics, it’s essential that cloud providers evolve their ...

Read More →

.NET is an integral part of many applications running on Windows and provides common functionality for those applications to run. This download is for people who need .NET to run an application on their computer. For developers, the .NET Framework provides a comprehensive and consistent programming model for building applications that have visually stunning user experiences and seamless and secure communication. Microsoft today recommended their customers to update to .NET 4.5.2 for greater stability, reliability, security and performance and revealed that they will stop supporting all older .Net frameworks. We will continue to fully support .NET 4, .NET 4.5, .NET 4.5.1, and .NET 4.5.2 until January 12, 2016, this includes security updates as well as non-security technical support and hotfixes. Beginning January 12, 2016 only .NET Framework 4.5.2 will continue receiving technical support and security updates. There is no change to the support timelines for any other .NET Framework version, ...

Read More →

Microsoft today announced that Internet Explorer will date ActiveX controls starting August 12th. Sincet automatically updated, malicious or compromised Web pages target security flaws in outdated controls to collect information, install dangerous software, or by even let someone else control your computer remotely. As per Microsoft Security Intelligence Report, Java exploits represented 84.6% to 98.5% of exploit kit-related detections each month in 2013. To help improve the security situation for users, Microsoft is delivering an update to Internet Explorer on August 12, 2014 will introduce a new security feature, called out-of-date ActiveX control blocking. Out-of-date ActiveX control blocking lets you: Know when Internet Explorer prevents a Web page from loading common, but outdated, ActiveX controls. Interact with other parts of the Web page that aren’t affected by the outdated control. Update the outdated control, so that it’s up-to-date and safer to use. Inventory the ActiveX controls your organization is using. The out-of-date ActiveX control blocking ...

Read More →

Microsoft is not having a good time in China in the recent months. Following the ban of Windows 8 and Office in some government offices, Microsoft offices in China were raided today by Chinese government officials for unknown reasons. China’s State Administration for Industry & Commerce made the visits to Microsoft offices in Beijing, Shanghai, Guangzhou and Chengdu. Microsoft provided the following statement to the media regarding these raids, “We aim to build products that deliver the features, security and reliability customers expect and we’re happy to answer the government’s questions,” Recently, Chinese government agencies warned US tech companies to stop helping US government in stealing Chinese government data. One good news for Microsoft China is that JD.com has started taking pre-orders for Xbox One today. Source: Reuters ...

Read More →

Bromium Labs today released their report on cyber-attack landscape in the first half of 2014. Microsoft Internet Explorer had the most number of reported vulnerabilities and also in the publicly reported exploits. As the most used browser in the market,Internet Explorer was the most patched and most exploited product in 2014. They also reported that Internet Explorer 11 was released late last year and security patches seem to have emerged rather quickly, compared to its predecessors. Almost all Internet Explorer memory corruption exploits now use de facto ROP (Return Oriented Programming) techniques for bypassing the default Operating System security mechanisms (ASLR, DEP). Also, both the IE zero days exploits leveraged ‘Action Script Spray’ technique to bypass ASLR. You can download the full report here. via: Betanews ...

Read More →

Today, Bloomberg reported that Microsoft is in talks to acquire Israel-based security startup Aorato Ltd. They also reported that deal was worth around $200 million and could close within the next two months. Its investors include Accel Partners, Glilot Capital Partners, Innovation Endeavors and few others. Aorato’s security products protects your organization and Active Directory by automatically learning, profiling and predicting entity behavior. Aorato’s Directory Services Application Firewall (DAF™) protects Active Directory and leverages its central role in the network to secure organization from advanced targeted attacks. Nowadays, attackers compromise all types of entities (non-privileged and privileged users, devices, servers, etc.) in order to gain a foothold into the network. It is not enough anymore to track only privileged accounts to protect the organization against advanced attacks. DAF introduces a new approach. DAF detects suspicious activities through learning, profiling and predicting entities’ behaviors. Source: WSJ   ...

Read More →

As part of patch Tuesday updates, Microsoft yesterday fixed over 29 different vulnerabilities in Windows. Microsoft released the following summary that lists security bulletins released for July 2014. With the release of the security bulletins for July 2014, this bulletin summary replaces the bulletin advance notification originally issued July 3, 2014. Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software MS14-037 Cumulative Security Update for Internet Explorer (2975687) This security update resolves one publicly disclosed vulnerability and twenty-three privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those ...

Read More →

As Microsoft announced last year, Microsoft is today expanding encryption across their services in an effort to reinforce legal protections for their customers’ data. All Outlook.com emails are now encrypted like how Office 365 e-mail works already. This will provide even greater protection for user’s data across all the great Microsoft services that you depend on every day. First, Outlook.com is now further protected by Transport Layer Security, or TLS, encryption for both outbound and inbound email. This means that when you send an email to someone, your email is encrypted and thus better protected as it travels between Microsoft and other email providers. Of course, this requires their email service provider to also have TLS support. Over the past six months, we have been working across the industry to further protect and help ensure your mail remains protected. This includes working closely with several international providers throughout our implementation, ...

Read More →

Microsoft has recently named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, or their involvement in in creating, controlling, and assisting in infecting millions of computers with malicious software running old Windows versions. We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we’ve predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic. Read full post on The Official Microsoft Blog. ...

Read More →

Microsoft usually alerts users to provide them with an overview of the new security bulletin(s) being released on each month via email. Security bulletins are released monthly to resolve critical problem vulnerabilities. Microsoft has recently sent an email to Security Bulletin subscribers that they are going to suspend the use of email notifications and recommends RSS feeds to users. Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications Security bulletin summaries New security advisories and bulletins Major and minor revisions to security advisories and bulletins In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website. For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications ...

Read More →

Microsoft has recently released an update to the Microsoft update/Windows update client with security enhancements. It also include further hardening of infrastructure used by WU/MU client and a more secure communication channel between WU/MU Client and Service. You can read more about the changes in WU/MU at KB 2887535. The update is applicable to Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows 8, Windows RT, Windows Server 2012 and the rollout will begin today. Similar to past updates, this update will be automatically installed if Automatic Updates is turned ON, either set to automatically install updates or notify to download/install updates. As with past updates, this update will not change your current Windows Update or Automatic Updates settings. Anytime Windows Update (or Automatic Updates) is turned ON, either set to automatically install updates or notify to download/install updates, Windows Update will take care of updating itself. ...

Read More →

Microsoft today announced the launch of Interflow, a security and threat information exchange platform for professionals working in cybersecurity. The service is now in private beta. Microsoft wants to eliminate manual processes, rapidly detect and analyze using automated machine-to-machine shared security and threat information, while helping reduce cost of defense. It is built based on the STIX (Structured Threat Information eXpression), TAXII (Trusted Automated eXchange of Indicator Information), and CyBox (Cyber Observable eXpression standards) specifications. Interflow enables automated machine-to-machine exchange of security and threat information, using community-driven format and structure specifications. It allows users to create their own sharing communities, and define what to share and with whom. Interflow’s filtering capabilities enable users to create watch lists and prioritize rapid action, instead of manual compilation of data. Through Interflow’s watch lists, customers no longer have to look for needles in a haystack. Organizations and enterprises with dedicated security incident response ...

Read More →

Microsoft yesterday released a security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.The vulnerability which was reported by Tavis Ormandy of Google Project Zero could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted. The Microsoft Malware Protection Engine ships with several Microsoft antimalware products. Microsoft has now released an update to its Antimalware Engine 1.1.10701.0 and it was released to all Microsoft Security Essentials, Forefront Client Security, Forefront Endpoint Protection, Windows Intune Endpoint Protection, and System Center Endpoint Protection customers on 17 Jun 2014. Signature package 1.177.0.0 is the first that contains this engine. Typically, no action is ...

Read More →

Microsoft has constantly improved Internet Explorer in a rapid pace in the past few years. IE11 is the most standard complaint, faster and more secure IE ever. But the real problem is that two-thirds of all desktop computers are still using older, less secure browsers. To improve this situation, Microsoft is enabling automatic updating ensures that users will always be up-to-date. Also, Microsoft today detailed the security improvements made over the years in IE in the infographic above. Every version of Internet Explorer includes new and improved security protection, building on improvements from the previous version. Below are just a few of the security features added by each major version of Internet Explorer since 2001. These security features and improvements are augmented with updates such as the ones being released this month, to make socially-engineered attacks and browser exploits more difficult on modern versions of Internet Explorer. According to NSS Labs, for ...

Read More →

Microsoft ended support for Windows XP, a decade old OS back in April. Since lots of Chinese Government computers still use Windows XP, they are exposed to security attacks. Last month, Chinese government made a strange move by announcing the ban of Microsoft’s Windows 8 OS in government computers. As per reports, the ban is due to the notice on the use of energy-saving products. The official Xinhua news claimed that it was due to security concerns. There were also reports that Microsoft supporting NSA for spying Chinese computers running Windows XP, etc,. Microsoft has posted the following information on its official Weibo account to clarify on this matter, Microsoft has never assisted any government in an attack of another government or clients. Microsoft has never provided any government the authority to directly visit our products or services. Microsoft has never provided any so-called “Backdoor” into its products or services. ...

Read More →