Microsoft on Friday warned users that a critical bug in ASP.Net could be exploited by attackers to hijack encrypted Web sessions and pilfer usernames and passwords from Web sites.
The vulnerability went public that same day when a pair of researchers outlined the bug and attack techniques at the Ekoparty Security Conference in Buenos Aires.
Within just a couple of weeks of the third technology preview provided by Microsoft, the company has made the first beta of its new Internet Explorer 9 (IE9) web browser available to the general public today.
FOR INSECURITY PATCH FANS your time has come with the release of Microsoft's IE9 beta with its updated user interface that will be seen in the full blown IE9.
All the hackers out there can download IE9, start hacking away at it from tonight and do their best to ruin its alleged greater performance, improved reliability and enhanced security. IE9 takes advantage of hardware acceleration to boost web performance, including making use of multi-core processors and using a PC's GPU to accelerate graphics rendering.
Microsoft today delivered nine security updates to patch 11 bugs in Office, the IIS Web server and Windows, including one that was overlooked but exploited by a July worm.
"Our old friend Stuxnet is back," said Jason Miller, data and security team manager for patch-management vendor Shavlik Technologies, referring to a worm that popped up two months as it attacked Windows computers used to manage industrial control systems in major manufacturing and utility companies.
Microsoft is pushing its new Enhanced Mitigation Experience Toolkit (EMET) as a temporary mitigation for the ongoing attacks against a zero-day vulnerability in Adobe’s PDF Reader/Acrobat products.
The EMET utility, which effectively backports anti-exploit mitigations like ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) to older versions of Windows, would force the relocation of non ASLR-aware DLLs in Adobe’s products.
Microsoft is working on a new physical-to-virtual (P2V) tool for helping customers move legacy applications to Windows 7 using virtualization technology.
The latest migration tool in Microsoft’s arsenal — “P2V Migration for Software Assurance” — is a combination of the Microsoft Deployment Toolkit (MDT) and the company’s Sysinternals Disk2 VHD product. Microsoft is currently beta testing the migration toolkit offering.
It was late one afternoon in January when a squad of plainclothes police officers arrived at the headquarters of a prominent environmental group here. They brushed past the staff with barely a word and instead set upon the computers before carting them away. Taken were files that chronicled a generation’s worth of efforts to protect the Siberian wilderness.
Recent Microsoft and Intel primers on Internet Explorer 9's accelerated graphics point to snappier Web browsing.
Microsoft has given its standard breakdown of the security updates coming next week. As usual there are no specific details of what they fix, but the numbers suggest at least some fixes for the dynamic link library issues in individual applications.
The company has listed nine bulletins (four “critical”, five “important”) for 13 vulnerabilities, which automatically stands out being that most months the figure is much higher or lower.
Microsoft plans to release nine patches for security holes in a handful of its products when it ships its September security fixes on Tuesday, the company said.
