Security Watch

Microsoft Plays Catch-Up to Hackers

Microsoft issued an "important" out-of-band patch in of September but only made it available for manual download from its security site. The patch resolves a publicly disclosed vulnerability in ASP.NET that could allow for information disclosure, but in a rare occurrence Microsoft released the patch without undergoing its standard testing program for new patches.

Microsoft eventually released the automatic update last Thursday and revealed that it held back its automatic rollout because it had evidence the flaw was being actively exploited by hackers.

This move signals more than anything else Microsoft's concession that it won't be able to move at the speed of hacking but that it believes some patch is better than no patch.

Symantec Transfixed on Stuxnet
Symantec has released a comprehensive study on the W32.Stuxnet worm that has plagued some Windows systems recently. The "W32.Stuxnet Dossier" white paper was presented at the Virus Bulletin 2010 Conference and its findings in PDF format can be downloaded here.

The company's investigation into Stuxnet started June 17 when the Symantec team began a journey of what it calls "surprises, wrong turns, frustrating moments, and moments of validation.

The Stuxnet worm is more than a year old but first appeared in earnest in early April, playing mischief on an enterprise system in The Netherlands. It was mainly transmitted through a USB flash drive.

Symantec staffers and other security experts and gadflies who attended Virus Bulletin 2010 hope this white paper will circulate and serve as a cautionary tale.

Microsoft Investigates Twitter Bug
Redmond said it has "completed its investigation" into the Cross-Site Scripting related security issue publicly disclosed earlier this month.

An information disclosure threat in Microsoft's Internet Explorer has its roots in a "Twitter-rolling" attack, which is the result of the way the browser parses cascading style sheets. Microsoft so far has not specified which browsers might be affected by the bug.

Nevertheless, Microsoft said in a statement that it will take "appropriate action to resolve the vulnerability and will communicate to customers as necessary."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Azure Cost Management Now Commercially Available for Some Tenancies

    Microsoft on Monday announced that its Azure Cost Management feature had reached the "general availability" release stage for both Azure "pay-as-you-go" customers and Azure Government tenancies.

  • Microsoft Bringing Files Restore Capability to SharePoint Online and Teams

    Microsoft on Monday announced that it's delivering its Files Restore feature for SharePoint Online and Microsoft Teams to Office 365 tenancies as early as this month.

  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.