Microsoft has announced the Windows Bounty Program for computer security professionals (or those that enjoy looking for security vulnerabilities). The target areas are the Windows Insider slow builds of Windows 10, Hyper-V, Microsoft Edge, Windows Defender Application Guard and the mitigation bypass and bounty for defense. The payouts for finding an exploitable vulnerability range from $500 – $250,000.
The overall program highlights:
Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
The bounty program is sustained and will continue indefinitely at Microsoft’s discretion
Bounty payouts will range from $500 USD to $250,000 USD
If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
This Patch Tuesday from Microsoft includes patches for Windows that affects all Windows OS’s released since 2007. Swati Khandelwal has a post about the new vulnerabilities and how they could be exploited. Make sure you run Windows Update to grab the latest updates and protect yourself from these vulnerabilities.
Researchers at behavioral firewall specialist Preempt discovered two zero-day vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create a new domain administrator account and get control of the entire domain.
NT LAN Manager (NTLM) is an old authentication protocol used on networks that include systems running the Windows operating system and stand-alone systems.
Although NTLM was replaced by Kerberos in Windows 2000 that adds greater security to systems on a network, NTLM is still supported by Microsoft and continues to be used widely.
After several betas, Microsoft’s updated free antivirus suite has been released. It has several new additions, which help to increase the security of your Windows machine. Note that there are a couple caveats if using Windows XP, most notably the Network Inspection System which requires Vista or 7.
Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.
Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times
More privacy is being added to Internet Explorer 9. There are many advertisers out there that like to check your computer for more personal advertising. That in itself is a little sketchy, but there are other sites that use this data for other purposes. Kudos to Microsoft for helping keep our privacy and an eye on security.
Microsoft has announced the addition of Tracking protection to their new Internet Explorer 9 web browser. The feature consists of two options that allow users to have more control over which (if any) websites are allowed to request data from the user’s browser and computer.
Researchers from Verizon Business have now described a way of bypassing Protected Mode in IE 7 and 8 in order to gain access to user accounts. The technique requires a vulnerability that allows the execution of malicious code in the browser or in a browser extension. Although the malware will initially only run in the browser’s Low Integrity Mode, it can start a web server on the computer that will respond to requests on any port of the loopback interface. By calling the IELaunchURL() function, an attacker can instruct IE to load a URL from this web server, for instance “http://localhost/exploit.html”. Localhost is generally part of IE’s Local Intranet Zone and, by default, Protected Mode is disabled for content from this zone.
A new bug that opens UAC to attackers and has been unveiled to the public. While in itself it isn’t a threat, but by using a second form of malware it can cause a lot of damage. UAC was designed to block silent malware from installing, this bug leaves a big hole where the malware can execute without a UAC prompt.
“Microsoft is aware of the public posting of details of an elevation of privilege vulnerability that may reside in the Windows kernel,” said Jerry Bryant, a group manager with the Microsoft Security Response Center, in an e-mail. “We will continue to investigate the issue and, when done, we will take appropriate action.”
The bug is in the “win32k.sys” file, a part of the kernel, and exists in all versions of Windows, including XP, Vista, Server 2003, Windows 7 and Server 2008, said Sophos researcher Chet Wisniewski in a Thursday blog post.
The TDL3 rootkit was labeled “the most advanced rootkit ever seen in the wild” several months ago. That in itself was bad news. Now, the rootkit has been found in the wild with an x64 variant. Make sure to keep your anti-virus updated, and don’t go to sites that normally drop these kind of attacks.
The dropper is being dropped by usual crack and porn websites, but we soon expect to see it dropped by exploit kits too, as happened to current TDL3 infections.
On Tuesday, Microsoft started detecting Zeus with its Malicious Software Removal Tool (MSRT) — a widely used virus removal program that’s free for Windows users. That should make it harder for the many criminals who use Zeus to keep running their software on computers that don’t have antivirus software installed — often an easy target up until now.