software security

In a bold move to enhance software security and transparency, the Cybersecurity and Infrastructure Security Agency (CISA) recently rolled out guidance on establishing a Common Software Bill of Materials (SBOM). Released on October 15, 2024, this guide, created by CISA’s Software Bill of...

Understanding CVE-2024-38226: A Closer Look Introduction As software users increasingly grapple with the challenges of security, new vulnerabilities emerge that shake our confidence in widely-used applications. The latest to come to light is CVE-2024-38226, described as a security feature bypass...

Analysis of CVE-2024-38517: TenCent RapidJSON Elevation of Privilege Vulnerability Introduction CVE-2024-38517 is a recently disclosed vulnerability within the TenCent RapidJSON library. The identification of such vulnerabilities is critical for developers, system administrators, and users who...

In a digital age where operating systems rarely stay constant, news of a so-called "Windows 11 Government Edition" has sparked interest and concern among tech enthusiasts and average users alike. Stemming from a recent viral post on social media, this purported version of Windows 11 boasts a...

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...

Severity Rating: Critical Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows...

Severity Rating: Critical Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...

Severity Rating: Critical Revision Note: V1.0 (September 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file...

Severity Rating: Critical Revision Note: V1.0 (July 12, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An...

A security issue has been identified in a Microsoft software product that could affect your system. Link Removed

Severity Rating: Critical Revision Note: V1.0 (January 12, 2016): Bulletin published. Summary: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An...

Severity Rating: Critical Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft...

Severity Rating: Important Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to...

Severity Rating: Critical Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An...

Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month’s security updates and Link Removed...

A security issue has been identified in a Microsoft software product that could affect your system. Link Removed

It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year - and I’ve dealt with some interesting issues during my tenure - but...

I'm going to post this in efforts to help prevent individuals from getting a possible Virus. I've known this for a while now, and the fact is, Digital Signatures may not all be legit. Therefore, not all are to be trusted. It is possible to modify a file and append junk data to EOF of a file...

Resolves a vulnerability that could allow for the elevation of privilege on a computer that is running Windows XP, Windows Server 2003, Windows 7 or Windows Server 2008 R2. More...

Severity Rating: Important Revision Note: V2.0 (March 13, 2012): Revised bulletin to announce a detection change that removes MS10-029 as the replaced bulletin for all supported editions of Windows Vista and Windows Server 2008. For more information, see the related entry in the...