security

A new security flaw in Microsoft's very popular Windows 7 operating system (OS) could open users up to a remote code execution and denial-of-service attack, Microsoft said in a security advisory on Tuesday evening. The vulnerability affects only ... 64-bit versions of Windows Server 2008 R2 and Windows 7. The flaw affects the Canonical Display Driver, or CDD.DLL, used in the Windows Graphics Device Interface (GDI) and DirectX drawing. The vulnerability is tied to the graphics system's desktop composition process. (Source: zdnet.com ) Microsoft: Remote Code Attack "Unlikely" Luckily, it ... (view more)

A group of security researchers say they've found a workaround for just about every antivirus product on the market today, effectively making Windows-based security programs totally useless. Security research site Matousec.com recently issued an ... advisory for a process that allows malware to evade security detection. Note that this doesn't just apply to Microsoft's free Security Essentials software or other freeware antivirus products, but also targets full software packages from industry leaders like Norton, BitDefender and McAfee. Matousec's Morphing Malware According to reports, Matousec. ... (view more)

Just five weeks after it was forced to release an emergency patch for a zero-day flaw in Internet Explorer (IE), Microsoft may again have to consider yet another out-of-schedule fix for an unaddressed problem with its software. In the meantime, the ... upcoming May Patch Tuesday (due next week) addresses just two "critical" issues. Microsoft typically releases a batch of fixes for various software issues and security threats affecting its products on the second Tuesday of every month. In past months, the number of fixes offered have ranged from high to low: in March, the number of vulnerabilities ... (view more)

For most of us, opening a PDF (portable document file) means we're forced to use Adobe Reader, the most prominent application associated with viewing PDF files. Unfortunately, programs like Adobe Reader are often targeted by hackers, and one ... security expert believes Microsoft should offer an alternative for its users. According to Sean Sullivan, security advisor for Finland's antivirus firm F-Secure, Microsoft's competition has already beaten them to the idea. "Apple does this with its Preview [application], and Microsoft should, too," Sullivan said. (Source: computerworld.com ) Security ... (view more)

McAfee is facing a major backlash in sales this morning after a buggy security update left many customers' computers effectively unusable. Worst still, some analysts are predicting that an automated solution may not be possible. As we reported ... yesterday , the problem is the result of a recent McAfee antivirus update gone awry, which then caused the antivirus program to identify legitimate Windows files as being virus infected. The end result was that the legitimate Windows files were sent to a quarantine, resulting in thousands (if not hundreds of thousands) of crashes PCs. The problem ... (view more)

Microsoft has announced that it will no longer provide support for the first retail version of Windows Vista, which was released to manufacturers (RTM). The move is intended to force early adopters of Windows Vista to upgrade their systems using at ... least Vista Service Pack 1 or 2. Microsoft made the announcement on Vista RTM Tuesday. According to a spokesperson for the Redmond-based firm, "Today, Windows Vista RTM has reached end of support... End of support means that customers can no longer receive support benefits from Microsoft and will need to upgrade to a supported service pack (Windows ... (view more)

This month's security updates from Microsoft will cover every currently supported edition of Windows. That means home users should check carefully if they don't have automatic updates switched on, while businesses will need to plan how they will ... apply the patches. As happens on the second Tuesday of every month, Microsoft will release its Patch Tuesday security fix for issues affecting the Windows operating system (OS). This month, though, there was an exception: an emergency patch released on March 30th for a serious security flaw in Internet Explorer versions 6 and 7. At the time, several ... (view more)

Cybercrime is often likened to a never-ending cycle: just when a security company believes they have found a way to combat one malware-installation method, hackers come along and find a new ways to attack a computer. Thus, it should come as little ... surprise that there is a new hack that attacks network card firmware: software specifically designed to control the network card. This innovative hacking technique (dubbed the "Jedi Packet Trick") works by sending infectious network packets to the network's firewall , which needs to be running a vulnerable network card. Once an infected packet is ... (view more)

Microsoft has officially released a patch addressing a widely-reported critical zero-day flaw in its Internet Explorer browser. The patch addresses not just one or two critical issues, but ten in total, leading security experts to emphasize the ... importance in having all Internet Explorer users upgrade to Internet Explorer 8. Yesterday's emergency patch release is special for Microsoft, which typically reserves the second Tuesday of every month for its monthly updates. However, since a critical zero-day flaw in Internet Explorer versions 6 and 7 eluded the last Patch Tuesday release, Microsoft ... (view more)

Two hackers took just two minutes to break into a PC running Windows 7 64-bit with Internet Explorer 8 at a security conference earlier this week. The ethical hacking took place at the CanSecWest security event in Vancouver, which hosts an annual ... contest named "Pwn2Own." The name is taken from an online corruption of "own" in two senses: whomever is first to take control of a system wins the relevant hardware, plus between $5,000 and $10,000 in cash. (Source: darkreading.com ) Windows 7 DEP and ASLR Hacked, Disabled In the contest, the hackers were not able to physically access the ... (view more)