#windows-security

[ follow ]
#cybersecurity

Microsoft to host security summit after CrowdStrike disaster

Microsoft is enhancing Windows security measures following a major outage caused by a third-party software update.
The company is convening a summit with cybersecurity experts to address these challenges.

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft's September 2024 Patch Tuesday update addresses 79 vulnerabilities, including three actively exploited flaws requiring immediate attention to security protocols.

Microsoft is building new Windows security features to prevent another CrowdStrike

Microsoft plans to help security vendors operate outside of the Windows kernel to improve system resilience and security.
The changes are a response to the CrowdStrike incident that affected 8.5 million systems.

Micropatchers share fix for NTLM hash leak flaw in Windows

An unpatched NTLM vulnerability in Windows can allow attackers to steal users' account credentials via a maliciously crafted file.

Microsoft aims for better Windows security

Microsoft reiterates that security remains a top priority through its initiatives, especially after past cybersecurity incidents.

Microsoft will host a security conference after the CrowdStrike shutdown

Microsoft's conference aims to address security vulnerabilities following the CrowdStrike outage, proposing new practices and technologies to enhance system stability.

Microsoft to host security summit after CrowdStrike disaster

Microsoft is enhancing Windows security measures following a major outage caused by a third-party software update.
The company is convening a summit with cybersecurity experts to address these challenges.

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft's September 2024 Patch Tuesday update addresses 79 vulnerabilities, including three actively exploited flaws requiring immediate attention to security protocols.

Microsoft is building new Windows security features to prevent another CrowdStrike

Microsoft plans to help security vendors operate outside of the Windows kernel to improve system resilience and security.
The changes are a response to the CrowdStrike incident that affected 8.5 million systems.

Micropatchers share fix for NTLM hash leak flaw in Windows

An unpatched NTLM vulnerability in Windows can allow attackers to steal users' account credentials via a maliciously crafted file.

Microsoft aims for better Windows security

Microsoft reiterates that security remains a top priority through its initiatives, especially after past cybersecurity incidents.

Microsoft will host a security conference after the CrowdStrike shutdown

Microsoft's conference aims to address security vulnerabilities following the CrowdStrike outage, proposing new practices and technologies to enhance system stability.
morecybersecurity

Microsoft to tighten Windows security dramatically in 2025 - here's how

The CrowdStrike incident exposed critical flaws in Windows, prompting significant updates to security protocols and recovery features.
Microsoft's new cooperative initiative with endpoint security vendors aims to prevent future system meltdowns through safer deployment practices.
#microsoft

Windows: Insecure by design

Microsoft's security flaws have persisted since the 1990s, with recent high-severity vulnerabilities like CVE-2024-30080 and CVE-2024-30078 raising concerns.

Windows Themes 0-day opens door to NTLM credential theft

Windows Themes spoofing bug allows NTLM credential theft; Acros Security's 0patch offers a free fix while Microsoft remains silent on a timeline for an official patch.

Understanding VBS Enclaves, Windows' new security technology

Microsoft enhances security through VBS Enclaves, using trusted execution environments to isolate critical processes and protect data from malware.

Microsoft beefs up Windows security with new recovery and patching features | TechCrunch

Microsoft is implementing new security features in Windows to prevent incidents like the CrowdStrike outage.
Updates like Quick Machine Recovery and Administrator Protection aim to improve system resilience.

Windows: Insecure by design

Microsoft's security flaws have persisted since the 1990s, with recent high-severity vulnerabilities like CVE-2024-30080 and CVE-2024-30078 raising concerns.

Windows Themes 0-day opens door to NTLM credential theft

Windows Themes spoofing bug allows NTLM credential theft; Acros Security's 0patch offers a free fix while Microsoft remains silent on a timeline for an official patch.

Understanding VBS Enclaves, Windows' new security technology

Microsoft enhances security through VBS Enclaves, using trusted execution environments to isolate critical processes and protect data from malware.

Microsoft beefs up Windows security with new recovery and patching features | TechCrunch

Microsoft is implementing new security features in Windows to prevent incidents like the CrowdStrike outage.
Updates like Quick Machine Recovery and Administrator Protection aim to improve system resilience.
moremicrosoft

For November, Patch Tuesday includes three Windows zero-day fixes

Consistent testing following Patch Tuesday is critical to ensure application compatibility and security across Windows platforms.

PoCcode released for zero-click Windows critical vuln

Windows users must install the latest patches swiftly to protect against CVE-2024-38063, a critical vulnerability that allows remote code execution.
#vulnerabilities

Windows patches can be forcibly reversed, reopening bugs

Black Hat Techniques demonstrated how security patches on Windows machines can be forcibly removed to exploit fixed vulnerabilities again.

Researcher finds a way to invisibly reverse Windows updates

A Windows downgrade attack leveraging the Windows update process exposes vulnerabilities in key Windows components, allowing manipulation with high impact and difficulty of detection.

Windows patches can be forcibly reversed, reopening bugs

Black Hat Techniques demonstrated how security patches on Windows machines can be forcibly removed to exploit fixed vulnerabilities again.

Researcher finds a way to invisibly reverse Windows updates

A Windows downgrade attack leveraging the Windows update process exposes vulnerabilities in key Windows components, allowing manipulation with high impact and difficulty of detection.
morevulnerabilities

Bad apps bypass Windows alerts for six years using LNK files

Attackers can bypass Windows SmartScreen and Smart App Control using the 'LNK Stomping' technique, nullifying MotW and enabling the execution of malicious apps.

Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

Google Chrome introduces app-bound encryption on Windows for added data protection.

Zero Day Initiative - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2

Escalating privileges through file deletion and symbolic link creation in ESET Smart Security's ekrn.exe service.
[ Load more ]