Google's Project Zero initiative tasks its security researchers with finding flaws in various software products developed by the company itself as well as other firms. Back in 2016, it revealed a serious vulnerability present in Windows 10, and reported a "crazy bad vulnerability" in Windows in 2017.
Now, the firm has disclosed another security flaw in Microsoft Edge, after the Redmond giant failed to fix it in the allotted time. Back in February 2017, Microsoft stated that it would be using Arbitrary Code Guard (ACG) in Microsoft Edge with the Windows 10 Creators Update to mitigate arbitrary native code execution.Read more
Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free.
The attacks do not generate the same type of default warning from Microsoft associated with macro-based attacks, according to research published Wednesday by Trustwave’s SpiderLabs. When opening attachments, there are no warnings or pop-ups alerting victims, researchers said. The attack uses malicious Word attachments.Read more
A post-intrusion technique developed by researchers at CyberArk Labs called BoundHooking allows attackers to exploit a feature in all Intel chips introduced since Skylake. The attack technique allows for the execution of code from any process without detection by antivirus software or other security measures, researchers said.
According to CyberArk, a BoundHooking attack exploits the Intel feature called Memory Protection Extension (MPX) to hook function calls that pass between software components. That allows for an adversary to manipulate and spy on a wide range of Windows applications.Read more
Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.
The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it in separate interviews. Microsoft declined to discuss the incident. The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system.Read more
A researcher is warning that a programming error in the Microsoft Windows kernel might inhibit security software vendors and kernel developers from properly identifying modules loaded during runtime, including potentially malicious files. However, Microsoft does not view the issue as a security threat.
According to Omri Misgav, security researcher at enSilo, the bug affects all Windows operating systems from Windows 2000 to Windows 10. Specifically, the flaw pertains to a security mechanism called PsSetLoadImageNotifyRoutine, which provides notifications when PE image files are loaded in runtime to virtual memory space.Read more
Hackers are calling MPs and trying to trick them into revealing their personal parliamentary details. Politicians and aides have been warned that hackers are posing as parliamentary officials asking for their passwords.
The warning comes after Parliament suffered its biggest ever cyber attack as hackers launched a "sustained and determined" attempt to break into emails. Parliament was forced to lock MPs out of their accounts. Parliamentary officials have said that hackers are still attempting to gain access. The message sent to MPs and staff warned: "This afternoon we've heard reports of parliamentary users being telephoned and asked for their parliamentary username and password.Read more
A vulnerability in Azure AD Connect could be exploited by attackers to reset passwords and gain unauthorized access to on-premises AD privileged user accounts, Microsoft warned on Tuesday.
What are Azure AD and Azure AD Connect? Microsoft Azure AD (Active Directory) is often used by enterprises to provide employees and business partners single sign-on access to cloud SaaS Applications (e.g. Office365, DropBox, etc.). It can also be integrated with an organization’s existing Windows Server Active Directory, so that they can use existing on-premises identity solutions to manage access to cloud based SaaS applications.Read more
The major premise justifying Windows 10 S, the new variant of Windows 10 that can only install and run applications from the Windows Store, is that by enforcing such a restriction, Windows 10 S can offer greater robustness and consistency than regular Windows.
For example, apps from the Windows Store can't include unwanted malicious software within their installers, eliminating the bundled spyware that has been a regular part of the Windows software ecosystem. If Windows 10 S can indeed provide much stronger protection against bad actors then its restrictions represent a reasonable trade-off.Read more
A portion of Microsoft’s Windows 10 source code has leaked online. Files related to Microsoft’s USB, storage, and Wi-Fi drivers in Windows 10 were posted to Beta Archive.
Beta Archive is a site that tracks Windows releases, and asks members to donate money or contribute something Windows-related if they access a free private FTP full of archived Windows builds. The leaked code was published to Beta Archive’s FTP, and is part of Microsoft's Shared Source Kit. “Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners,” reveals a Microsoft spokesperson.Read more
Microsoft-owned Skype is suffering widespread borkage that has left many unable to access the service. Problems first began on Monday, with Skype admitting that its users had been plagued by connectivity problems. "We are aware of an incident where users will either lose connectivity to the application and may be unable to send or receive messages," it said.
"Some users will be unable to see a black bar that indicates them that a group call is ongoing, and longer delays in adding users to their buddy list." Despite claiming at around 1.45am UK time that the connectivity issues had been resolved, problems are continuing into Tuesday.Read more