Announcing the Windows Bounty Program

Posted on

Microsoft has announced the Windows Bounty Program for computer security professionals (or those that enjoy looking for security vulnerabilities). The target areas are the Windows Insider slow builds of Windows 10, Hyper-V, Microsoft Edge, Windows Defender Application Guard and the mitigation bypass and bounty for defense. The payouts for finding an exploitable vulnerability range from $500 – $250,000.

The overall program highlights:

  • Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
  • The bounty program is sustained and will continue indefinitely at Microsoft’s discretion
  • Bounty payouts will range from $500 USD to $250,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
  • All security bugs are important to us and we request you report all security bugs to via Coordinated Vulnerability Disclosure (CVD) policy
  • For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog
Read More

Critical Flaws in Windows NTLM Protocol

Posted on

This Patch Tuesday from Microsoft includes patches for Windows that affects all Windows OS’s released since 2007. Swati Khandelwal has a post about the new vulnerabilities and how they could be exploited. Make sure you run Windows Update to grab the latest updates and protect yourself from these vulnerabilities.

Researchers at behavioral firewall specialist Preempt discovered two zero-day vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create a new domain administrator account and get control of the entire domain.

NT LAN Manager (NTLM) is an old authentication protocol used on networks that include systems running the Windows operating system and stand-alone systems.

Although NTLM was replaced by Kerberos in Windows 2000 that adds greater security to systems on a network, NTLM is still supported by Microsoft and continues to be used widely.

Read More

Microsoft Security Essentials 2.0 Released

After several betas, Microsoft’s updated free antivirus suite has been released. It has several new additions, which help to increase the security of your Windows machine. Note that there are a couple caveats if using Windows XP, most notably the Network Inspection System which requires Vista or 7.

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times

Read More

Tracking Protection Added To IE9

More privacy is being added to Internet Explorer 9. There are many advertisers out there that like to check your computer for more personal advertising. That in itself is a little sketchy, but there are other sites that use this data for other purposes. Kudos to Microsoft for helping keep our privacy and an eye on security.

Microsoft has announced the addition of Tracking protection to their new Internet Explorer 9 web browser.  The feature consists of two options that allow users to have more control over which (if any) websites are allowed to request data from the user’s browser and computer.

Read More

Internet Explorer “Protected Mode” Can Be Bypassed

The Protected Mode in the later versions of Internet Explorer has been proven to be not so “Protected” as previously thought. While it is a security hole, it can also be avoided as much as possible by limiting the trusted Intranet Zone.

Researchers from Verizon Business have now described a way of bypassing Protected Mode in IE 7 and 8 in order to gain access to user accounts. The technique requires a vulnerability that allows the execution of malicious code in the browser or in a browser extension. Although the malware will initially only run in the browser’s Low Integrity Mode, it can start a web server on the computer that will respond to requests on any port of the loopback interface. By calling the IELaunchURL() function, an attacker can instruct IE to load a URL from this web server, for instance “http://localhost/exploit.html”. Localhost is generally part of IE’s Local Intranet Zone and, by default, Protected Mode is disabled for content from this zone.

Read More

New Unpatched Kernel Bug

A new bug that opens UAC to attackers and has been unveiled to the public. While in itself it isn’t a threat, but by using a second form of malware it can cause a lot of damage. UAC was designed to block silent malware from installing, this bug leaves a big hole where the malware can execute without a UAC prompt.

“Microsoft is aware of the public posting of details of an elevation of privilege vulnerability that may reside in the Windows kernel,” said Jerry Bryant, a group manager with the Microsoft Security Response Center, in an e-mail. “We will continue to investigate the issue and, when done, we will take appropriate action.”

The bug is in the “win32k.sys” file, a part of the kernel, and exists in all versions of Windows, including XP, Vista, Server 2003, Windows 7 and Server 2008, said Sophos researcher Chet Wisniewski in a Thursday blog post.

Read More

First x64 Rootkit in Wild

The TDL3 rootkit was labeled “the most advanced rootkit ever seen in the wild” several months ago. That in itself was bad news. Now, the rootkit has been found in the wild with an x64 variant. Make sure to keep your anti-virus updated, and don’t go to sites that normally drop these kind of attacks.

The dropper is being dropped by usual crack and porn websites, but we soon expect to see it dropped by exploit kits too, as happened to current TDL3 infections.

Read More

Microsoft Addresses Zeus Malware in Latest Update

Microsoft has updated their Malicious Software Removal Tool to include the new Zeus malware. This comes two weeks after law enforcement officials busted up the gang responsible for the malware infection.

On Tuesday, Microsoft started detecting Zeus with its Malicious Software Removal Tool (MSRT) — a widely used virus removal program that’s free for Windows users. That should make it harder for the many criminals who use Zeus to keep running their software on computers that don’t have antivirus software installed — often an easy target up until now.

Read More

Hide Computer in Network Browser

Sometimes, you are on a local area network, and want to hide your computer from prying eyes to others on the LAN. Here is a quick command line tip to do just that.

1. Open a command prompt (Start, type CMD and press enter).

2. To hide your computer from the Network Neighborhood or Network browser, type net config server /hidden:yes.

3. To un-hide your computer, just type net config server /hidden:no

Read More

Why Do I keep Getting a 0x80240029 Error with Windows Defender

A Windows Defender 0x80240029 error says that “Windows Defender cannot download updates”. Here is a solution that may work for you:

1. Open Windows Updates by going to Start | All Programs | Windows Updates

2. In the left hand pane click on “Change Settings”.

3. Turn off Automatic Updates and uncheck “Check for Updates”.

4. Now, click “Check for Updates”. It should find some updates, as well as the Windows Defender update.

Read More