Researchers have crafted a stealthy new way of bypassing Windows User Account Controls (UAC) that opens the door to attacks on targeted systems. According researchers, the bypass technique can fly under the radar of security solutions that monitor for this type of circumvention.
The final build of the Windows 10 Anniversary Update is build 14393. The update, which provides a range of new features and improvements, represents Microsoft's last big push to get Windows 7 and 8.1 users to upgrade to Windows 10.
Microsoft has patched a security vulnerability found in every supported version of Windows, which if exploited could allow an attacker to take over a system.
The software giant said in a bulletin posted Tuesday as part of its monthly release of security fixes that the the "critical" flaw could let an attacker remotely install malware, which can be used to modify or delete data, or create new accounts with full user rights.
The same bug that earned one researcher $50,000 from Microsoft also earned another researcher $100,000.
Tencent researcher Yang Yu, the finder of the so-called BadTunnel bug that Microsoft patched last month wasn’t the only one rewarded for reporting the issue. Moritz Jodeit, a researcher with German security firm, Blue Frost Security, picked up $100,000.
It's 2016, and Microsoft Office macros are still a viable infection vector: security outfit Avanan says it's spotted a week-long, large-scale malware attack against Office 365 users.
The campaign began on June 22, and Microsoft started blocking the malicious attachment on June 23.
Avanan says the attackers tried to send messages to 57 per cent of the organisations on its security platform using Office 365. Users were sent an Office document that invoked the malware via macros.