software security

After years of tinkering with various operating systems—from Linux distributions to the occasional MacBook—returning to Windows 11 can be both nostalgic and eye-opening. A recent How-To Geek article, I Went Back to Windows 11, These 5 Things Surprised Me, offers a candid look at the realities...

Let’s cut to the chase. Every time a new piece of software graces our hardware, there's an unspoken gamble. Will the shiny new application be tight on security, or will it blow the front door open to malicious hackers like leaving a Welcome mat out for a cyberattack? Well, to help clear up the...

If you’ve ever wondered how secure the software running critical infrastructure is—or more importantly, how well it’s understood by experts—CISA (Cybersecurity and Infrastructure Security Agency) has just sounded a loud and clear alarm on the issue. In collaboration with DARPA (the brains behind...

In a bold move to enhance software security and transparency, the Cybersecurity and Infrastructure Security Agency (CISA) recently rolled out guidance on establishing a Common Software Bill of Materials (SBOM). Released on October 15, 2024, this guide, created by CISA’s Software Bill of...

Understanding CVE-2024-38226: A Closer Look Introduction As software users increasingly grapple with the challenges of security, new vulnerabilities emerge that shake our confidence in widely-used applications. The latest to come to light is CVE-2024-38226, described as a security feature bypass...

Analysis of CVE-2024-38517: TenCent RapidJSON Elevation of Privilege Vulnerability Introduction CVE-2024-38517 is a recently disclosed vulnerability within the TenCent RapidJSON library. The identification of such vulnerabilities is critical for developers, system administrators, and users who...

In a digital age where operating systems rarely stay constant, news of a so-called "Windows 11 Government Edition" has sparked interest and concern among tech enthusiasts and average users alike. Stemming from a recent viral post on social media, this purported version of Windows 11 boasts a...

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...

Severity Rating: Critical Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows...

Severity Rating: Critical Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...

Severity Rating: Critical Revision Note: V1.0 (September 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file...

Severity Rating: Critical Revision Note: V1.0 (July 12, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An...

A security issue has been identified in a Microsoft software product that could affect your system. Link Removed

Severity Rating: Critical Revision Note: V1.0 (January 12, 2016): Bulletin published. Summary: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An...

Severity Rating: Critical Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft...

Severity Rating: Important Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to...

Severity Rating: Critical Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An...

Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month’s security updates and Link Removed...

A security issue has been identified in a Microsoft software product that could affect your system. Link Removed

It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year - and I’ve dealt with some interesting issues during my tenure - but...