Microsoft

The BlackHole kit, a popular exploit set among hackers, has been updated to take advantage of a recently discovered Java hole that security researchers say many haven't updated yet.

News site WinUnleaked.tk revealed that it had received a copy of a pre-release candidate version of Windows 8 over the weekend and offered up some tidbits of information about the build.

They also stated that the Release Candidate version was being targeted by Microsoft for a public release sometime in late May or early June and posted a few screenshots showing some interesting if somewhat minor features.

Even the billionaire co-founder of Microsoft isn't immune to identity theft, it seems.

A simple scheme to defraud Paul Allen, one of the richest men in the world, has landed an AWOL soldier in federal custody, authorities said this week. The case raises basic questions about how safe anyone's information can really be.

Marketing folks at Microsoft are in a bit of a pickle, after Microsoft's scheme to prove that Windows Phone software is faster than the competition has backfired.

Redmond cleared a marketing programme which claimed to award a $1000 laptop to anyone who could prove their iPhone or Android phone was quicker. The Smoked by Windows Phone campaign turned out to be a bit foggy when an Android user was shown to beat a Windows Phone and started to want recognition.

Microsoft has dealt a huge blow to cybercrime groups that have been using the Zeus malware program to carry out online fraud and identity theft.

Working with financial officials and security partners, Microsoft received court backing from a New York judge to carry out seizures of command and control servers running some of the worst known Zeus botnets.  

Researchers at Microsoft and Indiana University have uncovered some serious security flaws in Web-based single sign-on (SSO) services that could allow access to users accounts. Citing poor integration by website developers, the report states that a lack of end to end security checks is the main reason for the issue. 

Microsoft has begun probing its own security partner network to find out who, if anyone, leaked exploit code used in the Remote Desktop Protocol (RDP) vulnerability patched this week.

stratsec security researcher Sergei Shevchenko, has put together an indepth blog posting on the MS12-020 RDP vulnerability, showing that a mere 443 byte payload is all it would take to crash remote installations with a Blue Screen of Death. 

Shevchenko compared the updated system files including Rdpcore.dll and RdpWD.sys to determine the exact code changes made and found modifications of the function HandleAttachUserReq(). Using this information, he went on to construct a 443 byte payload using the original packet crash provided by Luigi Auriemma.  

The race is on to develop a working exploit for MS-12-020 - A serious vulnerability in Microsoft's Remote Desktop Protocol which was patched earlier this week.

The vulnerability affects all current versions of Windows (though the service is usually disabled by default and there are other methods of mitigating the risk). While Microsoft originally predicted that it would take approximately 30 days for an exploit to surface, it appears that the timeframe may be cut shorter. Much shorter. 

The US Department of Justice and US Federal Trade Commission should “think long and hard” before bringing antitrust cases against tech companies such as Google or Apple says Ronald Cass, former Vice Chairman of the US international Trade Commission.

His comments follow recent news reports that the DOJ is investigating Apple and five e-book publishers over pricing issues and the FTC is investigating Google over complaints that the search giant is using its dominance in the search space to unfairly drive consumers to use its other products.