Microsoft has issued a temporary fix for a high-profile Internet Explorer 8 vulnerability. This is the bug linked to recent targeted attacks against web pages accessed by nuclear weapons research teams at the US Department of Labor website. The Fix It, released late on Wednesday, is designed to offer a temporary block against …

Microsoft has beefed up one of its anti-exploit tools with technology from a $200K contest finalist. Technology from a BlueHat Prize finalist Ivan Fratric, designed to mitigate attacks that leverage Return Oriented Programming (ROP), has already been incorporated into Redmond's Enhanced Mitigation Experience Toolkit (EMET) 3.5 …

Microsoft released 13 security bulletins addressing 19 vulnerabilities overnight, as part of a bumper final Patch Tuesday of the year. Highlight of the baker's dozen is a patch for the the zero-day vulnerability exploited by Duqu (sibling of Stuxnet) worm back in October. Fixing the underlying flaw exploited by Duqu involves …

Microsoft has disabled the search results on its Security Centre after malware-spreaders abused the function to promote shady pornographic websites serving Trojans as well as cheap thrills. Only the Security Section of Microsoft's website was affected by the search-engine poisoning attack. Such attacks are often used to place …

The zombie machines which formerly powered the infamous Rustock botnet are down to half their original number, according to Microsoft. Redmond ran a successful takedown operation back in March that effectively knocked out Rustock's command and control nodes. That meant that infected PCs were no longer being sent spam templates …

Microsoft plans to release two updates – one critical – as part of the next edition of its Patch Tuesday security bulletin cycle on 11 January. The critical vulnerability affects all supported versions of Windows (including Windows 7 and 2008R2) while the less serious fix is particular to a flaw that's restricted to Windows …

Microsoft has withdrawn a recently issued patch for Outlook 2007 following the emergence of conflicts with third-part email accounts. Users who installed the Outlook update (KB2412171), which was published on 14 December, also complained of problems and general sluggishness in moving between email folders or following Calendar …

Microsoft is investigating reports of a new bug in Internet Explorer. Redmond's Security Response Team (MSRT) said on Friday that it was aware of a "publicly disclosed issue involving Internet Explorer", and promised an investigation, without going into details. Circumstantial evidence suggests Microsoft is referring to a …

Updated Security researchers irked by how Microsoft responded to Google engineer Tavis Ormany's public disclosure of a zero-day Windows XP Help Center security bug have banded together to form a group called the Microsoft Spurned Researcher Collective*. The group is forming a "union" in the belief that together they will be better …

Microsoft is preparing its biggest ever Patch Tuesday update for next week. The bumper batch of 13 bulletins collectively address 34 security flaws across a wide spectrum of Microsoft products. Eight of the baker's dozen bulletins earn the dread classification of critical, Microsoft's highest severity rating. Two of these …

Windows Vista may be Microsoft's most secure operating system to date, but researchers are still finding some glaring loopholes for hackers to exploit. Here is the latest: all you need is a Vista Install DVD to get admin level access to a hard drive. The loophole arises because the Command Prompt tool in Vista's System …

Security researchers have found a way to subvert the load-up procedure for Windows Vista and bypass its code-signing security checks. Indian researchers Nitin and Vipin Kumar of NV labs have developed a tool called VBoot kit, a custom boot sector loader, which launches from a CD. Once loaded, the tool allows hackers to make …