security

Microsoft has warned users that yet another critical vulnerability has been found in its popular Office spreadsheet program Excel. The flaw could allow remote hackers to open and run malicious code on an unsuspecting user's computer through an ... infected spreadsheet file. The attack effects users of Microsoft Office Excel 2007 but also those using any of the older binary .XLS files. A user opening a file, probably through an email, will be asked to open a malicious spreadsheet. They'll then begin downloading at least two files onto their system, one valid, the other the malicious binary. Once ... (view more)

Research teams at Microsoft are currently working on a new and improved browser that has the potential to be far more secure than the existing options. In the wake of financial problems, layoffs, and legal nightmares, Gazelle -- Microsoft's new ... browser-operating system hybrid -- could help the software company recover from its landslide in market shares . The Gazelle prototype, first unveiled in 2008 under the title "MashupOS" at the Microsoft TechFest Research Fair, incorporates the best of both browser and operating system characteristics in order to provide enhanced security features. ... (view more)

A reward of $250,000 has reportedly been offered by Microsoft to find who is behind the Downadup/Conficker virus. Since its inception last October, the Conficker worm has infected millions of computers worldwide. Microsoft is offering a cash reward ... because they view the Conficker as a criminal attack and believe the people responsible for writing it have to be held accountable. As noted by Sophos, Microsoft's reputation is badly shaken whenever a computer virus causes widespread problems for its users, so it's not surprising that they would offer a reward. (Source: sophos.co.uk ) George ... (view more)

A hole allowing hackers to take control of Microsoft Exchange was just one "critical" issue the Redmond-based company promises it has fixed with a patch correcting a total of eight vulnerabilities in its programs, including the Internet Explorer ... browser, Office, and its SQL Server . Three of the eight vulnerabilities patched yesterday were marked "critical". The most concerning is an issue with Exchange that would allow attackers to take over an Exchange server by simply forwarding a carefully crafted message to a corporate mail server. Microsoft has admitted that the vulnerability can be ... (view more)

Microsoft has agreed to tweak the User Account Control (UAC) system in Windows 7 to avoid an inherent security risk . During the production of Windows 7 , Microsoft decided to change the default UAC so that it no longer asks for confirmation when a ... user adjusts his or her Windows settings. Security experts suggest that these settings include UAC itself, meaning rogue software could turn this protection off completely without the user knowing. Microsoft argued that this was not a true vulnerability because one can only take advantage by getting the victim to run the rogue software; for example ... (view more)

A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges -- an issue Microsoft has been hotly debating recently. BeyondTrust Corp. (BTC), a ... software development company specializing in enterprise rights management, has indicated that the act of giving users administrative rights may leave systems more open to risk. The report issued by BTC was prepared by assessing security vulnerability bulletins released by Microsoft in 2008, and identifying specific "mitigating factors" (those that could ... (view more)

Malware was on the rise last year, and 2009 doesn't look much better. Reports from two different security companies, AVG and F-secure, are painting an increasingly dangerous picture of our online world. F-secure, makers of real-time virus protection ... software, reports that detections of malware have tripled since 2007. Topping their list were botnets -- a network of infected computers, sometimes called zombies -- which can be remotely controlled by hackers without the knowledge of the computer's owner. There is no hard data on how many zombified computers are out there, but by F-secure's ... (view more)

A malicious Internet worm known as Conficker, Downadup, or Kido that spreads through low security networks, memory sticks and PCs without the latest security updates, is infecting machines by the millions. (Source: bbc.co.uk ) The worm was first ... discovered in October 2008 and a security patch by Microsoft was issued at that time. However, a recent, new strain of the worm was developed and has managed to infect an estimated 9 million machines with 1 million new infections per day. (Source: sfgate.com ) Microsoft says the worm works by searching for a windows executable file named "services.exe ... (view more)

Despite the efforts of the computer security industry, malicious software is reportedly spreading faster than ever and security researchers have acknowledged that they cannot seem to get ahead of the onslaught. Internet security is broken and it ... appears that nobody knows quite how to fix it. This so-called malware surreptitiously takes over a PC then uses it to spread more malware to other machines exponentially. (Source: informationweek.com ) A conservative estimate by the Organization for Security and Cooperation in Europe says that as more businesses and people move onto the Web, criminals ... (view more)

Microsoft has reached a deal with a leading security firm that could give corporate users the ability to tighten up their defenses. The benefits could even extend to Windows home users. The deal has been made with EMC Corporation, a firm which ... produces the data storage system used by many large organisations. Microsoft has signed a deal with EMC's security division to licence the forthcoming DLP suite, a package designed to prevent data loss. The package will be used in Microsoft's server products. It allows users to find and monitor data across one or more networks and control who is able to ... (view more)