Matthew Green

January 14, 2020

Patch Tuesday, January 2020 Edition

This post was originally published on this siteMicrosoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates. As first reported Monday by KrebsOnSecurity, Microsoft addressed a severe bug (CVE-2020-0601) in Windows 10 and Windows Server 2016/19 reported […]
October 31, 2021

‘Trojan Source’ Bug Threatens the Security of All Code

This post was originally published on this siteVirtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. Researchers with the University of Cambridge discovered a bug that affects most computer code compilers and many software development environments. At issue is a component of the digital text encoding standard Unicode, which […]