October 07, 2009 by
Jason
Confronted with increasingly bulletproofed Windows operating systems, the threat environment shifted toward targeting vulnerabilities in the code designed to run on top of the platform. With security enhancements such as User Account Control, Address Space Layout Randomization, Kernel Patch Protection and driver signing, but also with the new development methodology set in place via the Microsoft Security Development Lifecycle, vulnerabilities in Windows Vista and its successor Windows 7 have become harder to exploit, in the eventuality that attackers do come across critical security holes.
The biggest advantage in terms of security Vista and Windows 7 have over precursor Windows clients is the Security Development Lifecycle. And with the threat environment changing focus onto third-party Windows applications, Microsoft is ready to share the SDL secrets with third-party developers. An illustrative example in this regard is the Microsoft Security Development Lifecycle (SDL): Developer Starter Kit.
“The Microsoft SDL – Developer Starter Kit offers content, labs, and training to help you establish a standardized approach to rolling out the Microsoft Security Development Lifecycle (SDL) in your organization—or enrich your existing development practices,” Microsoft revealed.
Read More»
Posted in Windows 7 | No Comments »
Microsoft Corp. confirmed today that Windows, including Vista, contains a critical unpatched vulnerability that can be used by attackers to usurp PCs when users surf to malicious sites.
In a security advisory posted this morning, Microsoft’s Security Response (MSRC) team acknowledged a bug in Windows’ animated cursor, a component that lets developers show a short animation at the mouse pointer’s location. Animated cursor files typically use the .ani extension, but the MSRC warned that hackers might disguise malicious animated cursors with other extensions. The SANS Institute, in fact, said it had received reports of in-the-wild exploits using files renamed to .jpg. Read More»
Posted in Software, Windows Vista | No Comments »
February 27, 2007 by
Jason Microsoft is investigating two recently disclosed security vulnerabilities that affect Internet Explorer 7 and Windows Vista, the company said Monday. The vulnerabilities aren’t considered high-risk, yet they affect the latest releases of Microsoft’s Web browser and operating system software.
Microsoft has promoted the security of both IE 7 and Windows Vista. The flaws could let attackers get their hands on sensitive user information, security experts have warned. The French Security Incident Response Team said in an alert that the IE vulnerability, which also affects IE 6, could be exploited in phishing attacks, scams that try to trick people into giving up sensitive information such as credit card data and Social Security numbers. Read More»
Posted in Software, Windows Vista | 5 Comments »
Loading ...
