user protection

In an unsettling development for Windows users everywhere, Microsoft has found itself embroiled in yet another cybersecurity crisis. This recent episode centers around a sextortion scam that utilizes the company’s own infrastructure, with scammers deploying emails that appear to originate from...

In a significant move to enhance data security, Microsoft has announced that it will automatically enable BitLocker device encryption on all Windows 11 computers starting with the upcoming 24H2 update, set for release in late September 2024. This new policy reflects a growing emphasis on...

Microsoft strives to protect our customers and we’re constantly improving our security posture to meet their needs. We realize the desire of researchers and customers to security test our services to ensure they can trust us and our solutions. We also believe that if a researcher informs us of a...

We are happy to introduce support for Content Security Policy Level 2 (CSP2) in Microsoft Edge, another step in our ongoing commitment to make Microsoft Edge the safest and most secure browser for our customers. CSP2, when used correctly, is an effective defense-in-depth mechanism against cross...

This was seriously a treat for me. I had the privilege of spending time with the venerable Dave Probert who has been working on the Windows kernel for a long time. We discussed an interesting security issue which had up to this point never occurred to me - how do we protect ourselves from kernel...

Revision Note: V1.0 (July 14, 2015): Summary: Microsoft is announcing the availability of an update to harden scenarios in which Data Encryption Standard (DES) encryption keys are used with accounts. Microsoft disabled DES by default starting in Windows 7 and Windows Server 2008 R2. However...

Microsoft has released a Security Update to address a vulnerability in Internet Explorer 7, 8 and 9 on Windows XP, Vista and 7 Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution Microsoft Security Advisory (2757760): Vulnerability in Internet...

Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2. Customers concerned with this...

Severity Rating: Important Revision Note: V1.1 (March 14, 2012): Removed erroneous installation switch option descriptions from the Security Update Deployment tables for all supported releases. This is an informational change only. There were no changes to the detection logic or the...

Microsoft’s investigation into the scope and impact of the DigiNotar compromise has continued over the holiday weekend. We’ve now confirmed that spoofed certificates for *.microsoft.com and *.windowsupdate.com are among those issued by the Dutch firm. Users of Vista and later...

Severity Rating: Moderate - Revision Note: V1.0 (August 9, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a...

IDG News Service - Web mail users at Yahoo and Hotmail have been hit with the same kind of targeted attacks that were disclosed earlier this week by Google, according to security software vendor Trend Micro. Trend Micro described two similar attacks against Yahoo Mail and Windows Live Hotmail...

How Internet Explorer 9 caused a seismic shift in the way people use the web Link Removed - Invalid URL IE9 is surely a seismic shift in the way people use the web and is far better than its previous versions. Its safety and security features can be gauged from the fact that the...

Hello - Today we're releasing Link Removed due to 404 Error, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the...

In November 2010, Microsoft released the first Security Bulletin (Link Removed due to 404 Error) against an Office 2010 component, in this case Microsoft Word. Approximately 6 months had elapsed since Office 2010 launched in May and while it's good for such a widely used product to be available...

Sorry this is from back on March 19, 2010, but I stumbled across it and thought it was worth posting. Microsoft is working on a patch to fix a hole in a 64-bit Windows 7 graphics display component that could be exploited to crash the system or potentially take control of the computer by...