Microsoft

(get it in RSS or Atom)

Microsoft pulls Patch Tuesday kernel update - MS14-045 can cause Blue Screen of Death

bsod-8-250

MS14-045, which fixes various security holes in the Windows kernel, can cause a BSoD and leave you stuck in a reboot loop.

Here's how to escape...

SSCC 160 - That's not just any old malware - that's a TRUE VIRUS! [PODCAST]

chet-chat-logo-featured-250

Ready for listening...

Here's this week's Sophos Security Chet Chat podcast.

Patch Tuesday wrap-up, August 2014: RCE + ASLR bypass + EoP == patch early, patch all!

pt-250

Patch Tuesday is here again.

Paul Ducklin explains how this month's vulnerabilities can work together for harm, and why *all* the updates matter, not just the ones that ended up with a "critical" or "severe" tag...

Patch Tuesday wrap-up, July 2014 - Adobe fixes "Rosetta", plus a new risky file type on Windows...

pt-250

Patch Tuesday for July 2014 is just behind us in the case of Microsoft and Adobe, and just ahead of us in the case of Oracle.

Paul Ducklin tells you what you need to know...

Patch Tuesday for July 2014 - 6 bulletins, 2 RCEs, 3 EoPs and get ready to reboot

pt-2014-07-250

Here's what to expect from Microsoft in the July 2014 edition of Patch Tuesday, scheduled to ship on Tuesday 08 July 2014...

Is Apple slack at security on iOS? 60 Sec Security [VIDEO]

60ss-video-250

What went wrong with PayPal's 2FA? Why did Microsoft do an email U-turn? Is Apple slack at security on iOS?

It'll only take a minute to find out...

Microsoft takes down No-IP DNS domains in cybercrime fight - right or wrong? [POLL]

noip-250

Vote in our poll!

Was Microsoft's takeover of 23 of another company's domain names a justifiable step in dealing with cybercrime, or a disruptive step too far?

Microsoft stops Patch Tuesday emails, blames Canada, then does U-turn

Email ban. Image courtesy of Shutterstock

The decree mentions "changing governmental policies concerning the issuance of automated electronic messaging" - a head-scratcher that Microsoft spokespeople subsequently clarified by pointing to a new Canadian anti-spam law that takes effect today.

Google and Microsoft want to kill your phone if it's stolen. Do you feel safer?

Kill switch

The law enforcement group Secure Our Smartphones is claiming victory after Google and Microsoft announced they will add a "kill switch" to their mobile operating systems.

59 vulns in IE, teenager versus Turing, and Twitter gets wormed - 60 Sec Security [VIDEO]

60ss-video-250

Is 59 vulns in IE some kind of record? Did a computer really pass the Turing Test? Can a network worm ever be a joke?

Find out in one minute!

Patch Tuesday wrap-up, June 2014 - both Adobe and Microsoft close "remotable" holes

istock_patchtuesday250

Microsoft fixed 59 vulnerabilities in Internet Explorer alone this month.

Is that worryingly bad, or pleasingly good?

Paul Ducklin investigates what actually came down the chute in the June 2014 Patch Tuesday...

Patch Tuesday for June 2014 - 7 bulletins, 3 RCEs, 2 critical, and 1 funky sort of hole

pt-june-2104-250

You'll be patching and rebooting everything this month.

Paul Ducklin gives you a brief overview to help you prepare.

He also explains some vulnerability terminology you might not have heard before...

As one security hole closes, another one opens! 60 Sec Security [VIDEO]

How many years was that security hole in Linux ? How many security patches for XP? How many lock screen holes in iOS? How much do Google specs cost?

Find out in this week's 60 Second Security video...

SSCC 147 - Why Snapchat will have to tell you the truth about security now [PODCAST]

sscc-147-250

As usual, Chester Wisniewski and Paul Ducklin turn their insightful and entertaining gaze on the security lessons we can learn from the past few days.

Give it a listen - it's our weekly quarter-hour security podcast...

Patch Tuesday wrap-up, May 2014 - Adobe and Microsoft both patch multiple remotable holes

istock_patchtuesday250

Patch Tuesday updates from both Microsoft and Adobe are out.

There aren't any huge surprises this month, but both companies have critical patches for remote code execution holes...

Monday review - the hot 21 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

SSCC 146 - Target, Microsoft, Dropbox and the mysterious "Webdriver Torso" [PODCAST]

sscc-146-thumb-250

Have a listen to the latest episode of our weekly security podcast.

Sophos security experts Chester Wisniewski and Paul Ducklin look at what we can learn from the latest news.

Monday review - the hot 17 stories of the week

dow-250

Catch up with everything we've written in the last seven days - it's weekly roundup time.

Microsoft and Adobe have 0-days, AOL breached, and we win an award! 60 Sec Security [VIDEO]

2014-03-05-thumb-0250

Are two zero-days better than one? What happened to AOL's user database? And is that another award that Naked Security just won?

Find out in 60 Sec Security for 03 May 2014...

That was quick! Microsoft patches the "1776" hole in Internet Explorer

1776-250

The Internet Explorer zero-day bug that made the headlines a few days ago went by the nerdy name of CVE-2014-1776.

The good news? No need to wait until next Patch Tuesday for a fix - Microsoft has issued one already.