Some users who have installed the MS14-066 patch that fixes a vulnerability in the Schannel technology in Windows are having issues with the fix causing TLS negotiations to fail in some circumstances. The problem arises when users have TLS 1.2 enabled in certain configurations and it will sometimes cause processes to hang or become unresponsive from […]
Tag Archives: Microsoft
Threatpost News Wrap, November 14, 2014
Mike Mimoso and Dennis Fisher talk about the Windows Schannel vulnerability and whether it’s ripe for mass exploitation, as well as the WireLurker attack and why Apple hasn’t addressed it.
Microsoft Considering Public-Key Pinning for Internet Explorer
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site […]
Microsoft discovers vulnerability in all versions of Windows – patch available
Microsoft has uncovered a flaw in all supported versions of Microsoft Windows that could allow hundreds of millions of computers to be taken over by a remote attacker, International Business Times reports.
The post Microsoft discovers vulnerability in all versions of Windows – patch available appeared first on We Live Security.
Microsoft Schannel Bug Latest in Long Line of Serious Crypto Flaws
The critical vulnerability in the Schannel technology in Windows that Microsoft patched Tuesday is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months. Secure Channel, also known as Schannel, is a technology that’s used in Windows to implement SSL and TLS, the main secure […]
Microsoft Plans to Disable SSLv3 in IE, All Online Services
Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company’s online services soon. The security and utility of SSLv3 has been an issue for a long time, but it came into sharper focus earlier […]
Microsoft Warns of Crowti Ransomware
Researchers with Microsoft have spotted a spike in Crowti, a ransomware similar to Cryptolocker that encrypts files on victims’ machines and then asks for payment to unlock them.
Dyreza Banker Trojan Attackers Exploiting CVE-2014-4114 Windows Flaw
The Dyreza Trojan is nothing if not ambitious. The malware has been spotted doing a variety of interesting things in the last year, including bypassing SSL and targeting users of specific business apps. Now the Trojan is exploiting the recently disclosed CVE-2014-4114 vulnerability in Windows that was first used by the Sandworm attackers. Researchers at […]
Researcher Finds Tor Exit Node Adding Malware to Binaries
A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services. Josh Pitts of Leviathan […]
Attackers Exploiting Windows OLE Zero Day Vulnerability
Attackers are using a zero day vulnerability in nearly all supported versions of Windows in a series of targeted attacks. The flaw is in the OLE technology in Windows and can be used for remote code execution is a targeted user opens a rigged Office file. Microsoft is warning customers that there is no patch available […]