News

• Hotmail users angry over pulled photo feature

  Windows Live Hotmail users have been venting their frustration at Microsoft Corp. for the past month since the software maker suddenly removed a popular feature because it created a security hole.

• Microsoft knew of critical Office ActiveX bug in '07

  Three of the critical vulnerabilities Microsoft patched Tuesday in ActiveX controls for Office were first reported to the company two years ago, according to the security firm that alerted Microsoft of the flaws.

• Extra '&' in Microsoft development code gave hackers IE exploit

  Microsoft yesterday confirmed that a single superfluous character in its own development code is responsible for the bug that has let hackers exploit Internet Explorer (IE) since early July.

• Microsoft rushes patches to fix 'big deal' programming flaw

  As promised, Microsoft today patched six vulnerabilities in Internet Explorer (IE) and Visual Studio with the first "out-of-cycle" update since it plugged a hole last October that the Conficker worm later used to run rampant.

• Microsoft rushes to fix IE kill-bit bypass attack

  Microsoft has been forced to issue emergency patches for its Windows operating system after researchers discovered a way to bypass a critical security mechanism in the Internet Explorer browser.

• Mozilla quashes first critical bug in Firefox 3.5, beats Microsoft to patch punch

  Mozilla last week issued the first patch for Firefox 3.5, fixing a flaw that went public Monday. One noted contributor had called the flaw a "self-inflicted" vulnerability.

• Microsoft patches 9 bugs, leaves one open for hackers

  Microsoft today delivered six security updates that patch nine vulnerabilities, fixing two bugs already being used by hackers but leaving one still open to exploit.

• Microsoft admits new ActiveX zero-day bug

  For the second time in a week, Microsoft is warning users that hackers are exploiting an unpatched, critical bug in a company-made ActiveX control, putting people running Internet Explorer (IE) at risk.

• Microsoft confirms another zero-day vulnerability

  Microsoft confirmed another zero-day vulnerability on Monday in a set of software components that ship in a wide variety of the company's products.

• Hackers exploit second DirectShow zero-day using thousands of hijacked sites

  Thousands of legitimate Web sites hacked over the weekend are launching drive-by attacks using an exploit of a second critical unpatched vulnerability in Windows' DirectShow component, a Danish security company said today.

• Google tests ActiveX alternative

  Google has released new software designed to let Web developers write more powerful programs that can work directly with an operating system, rather than having to be run through a browser.

• Microsoft issues mega-patch to crush 20 bugs

  Microsoft on Tuesday patched 20 vulnerabilities, more than half of them rated critical, in 11 separate security updates for Windows, Office, Internet Explorer (IE), Active Directory and the Host Integration Server.

• Novell's iPrint open to attack, say researchers

  Attackers can exploit bugs in Novell's iPrint application to obtain corporate information or hijack computers, security experts said today.