Microsoft shared details of workarounds that Windows users can implement to protect themselves against exploits targeting a new zero-day vulnerability which allows attackers to steal information from users.

The company confirmed reports of the newly discovered Windows security hole, as well as the fact that both published information and proof-of-concept code made their way into the wild.

According to the software giant, the flaw resides in the MHTML (MIME Encapsulation of Aggregate HTML). Applications such as Internet Explorer leverage MHTML to interpret MIME-formatted requests for content blocks within certain documents that need to be rendered. More »

Microsoft has made available for download a new security tool designed to assess the attack surface of Windows operating systems.

As Windows platforms are being used, a variety of changes are introduced, more often than not, increasing the risk of attacks.

One scenario illustrative of this involves the installation of new software. Applications deployed on top of Windows manage not only to add extra functionality and capabilities that customers need, but also to introduce changes, some of which could represent security liabilities, or even be exploitable vulnerabilities.

This is why the Redmond company decided to share with the world an internal tool designed to catalog changes introduced to the Windows platform by new software being installed. More »