In a recent twist that has raised eyebrows amongst the tech community, Microsoft announced that users can now install Windows 11 on older hardware that technically doesn’t meet the required specifications. However, don’t start celebrating just yet—this option, while available, comes with a hefty...
If you’ve been connecting your critical infrastructure and automation systems to the internet, then you need to sit up and take notice. Recent advisories from the Cybersecurity and Infrastructure Security Agency (CISA) have highlighted some alarmingly severe vulnerabilities within the...
In a significant advisory release on October 3, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) warned about severe vulnerabilities in the TEM Opera Plus FM Family Transmitter. The discovery has raised red flags for organizations using this equipment, especially in...
Original release date: October 17, 2019
Summary
On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems.[1] After this date, these products will no longer receive free technical support, or software and security updates...
businesses
cloud services
compliance
cybersecurity
data confidentiality
data integrity
end of support
legacy systems
malware threats
mitigation plans
operating systems
riskassessment
security updates
software bugs
system resources
technical support
upgrade
windows 7
windows server
Revision Note: V3.0 (April 14, 2015): Revised advisory to announce with the release of security update 3038314 on April 14, 2015 SSL 3.0 is disabled by default in Internet Explorer 11, and to add instructions for how to undo the workarounds.
Summary: Microsoft is aware of detailed information...
Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of...
For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence.
It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...
Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already...
Original release date: March 16, 2017
Systems Affected
All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected.
Overview
Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS...
Severity Rating: Important
Revision Note: V1.0 (November 8, 2016): Bulletin published.
Summary: The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker can manipulate files in locations not intended to be available to the user by exploiting this...
access control
bulletin
driver issues
exploit
file handling
important
manipulation
microsoft
ms16-138
patch
revision note
riskassessment
security
severity rating
technical info
update
virtual hard disk
vulnerability
windows
Severity Rating: Critical
Revision Note: V1.0 (September 8, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file...
Severity Rating: Critical
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An...
arbitrary code
august 2015
critical
cybersecurity
exploit
malware
microsoft
microsoft bulletin
ms15-081
office
patch
remote code execution
riskassessment
security
system security
update
user impact
user rights
vulnerability
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions. An...
administrative rights
attack vector
authenticated attack
critical
elevation of privilege
graphics component
july 2015
malware
microsoft
ms15-072
patch
privilege escalation
riskassessment
security
software update
system security
update
vulnerability
windows
Original release date: October 17, 2014
Systems Affected
All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this...
Revision Note: V1.0 (October 14, 2014): Advisory published
Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not...
HP is warning customers: Check your laptop charging cord to see if it's at risk of overheating.
Hewlett-Packard (HPQ, Tech30) and federal regulators on Tuesday recalled 6 million power cords sold between September 2010 and June 2012 with some HP and Compaq notebook computers, as well as certain...