Krebs on Security: Adobe, Microsoft Patch Critical Cracks

Krebs on Security: Adobe, Microsoft Patch Critical Cracks. “It’s Nov. 14 — the second Tuesday of the month (a.k.a. “Patch Tuesday) — and Adobe and Microsoft have issued gobs of security updates for their software. Microsoft’s 11 patch bundles fix more than four-dozen security holes in various Windows versions and Office products — including at least four serious flaws that were publicly disclosed prior to today. Meanwhile, Adobe’s got security updates available for a slew of titles, including Flash Player, Photoshop, Reader and Shockwave.”

The Hacker News: Russian ‘Fancy Bear’ Hackers Using (Unpatched) Microsoft Office DDE Exploit

The Hacker News: Russian ‘Fancy Bear’ Hackers Using (Unpatched) Microsoft Office DDE Exploit. “Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of Microsoft Office feature, called Dynamic Data Exchange (DDE), to perform code execution on the targeted device without requiring Macros enabled or memory corruption.”

ComputerWorld: MS fixes ‘external database’ bug with patches that have even more bugs

ComputerWorld: MS fixes ‘external database’ bug with patches that have even more bugs . “Yesterday, in an odd Patch Thursday, Microsoft released five patches for the ‘Unexpected error from external database driver’ bug. But the cure’s worse than the disease. If you installed one, yank it now — and expect Microsoft to pull the patches soon.”

eWeek: Microsoft Uses AI to Tighten Word’s Translation Tool in Office Update

eWeek: Microsoft Uses AI to Tighten Word’s Translation Tool in Office Update. “Thanks to Microsoft’s accelerated software release cadence, Word now features an improved built-in translation tool that can help users make sense out of documents from their overseas colleagues.”

Morung Express: Microsoft joins IIT Kharagpur to create ‘deeper’ search engine

Morung Express: Microsoft joins IIT Kharagpur to create ‘deeper’ search engine. “In a bid to take on Google Search, Microsoft said on Monday it is working with professors from the Indian Institute of Technology (IIT)-Kharagpur towards developing a system that can form the basis for a deeper, more meaningful search engine. The new search engine could assist users looking for subjective information and trusted opinions, the company said in a statement.”

ZDNet: Microsoft’s new open source tool can scan your website for security and performance headaches

ZDNet: Microsoft’s new open source tool can scan your website for security and performance headaches. “Microsoft’s Edge browser team has released an open source ‘linting’ tool and a site scanner to help web developers secure their sites and keep up with evolving web standards. According to Microsoft, Sonar improves on available static site scanners by executing website code, while integrating with other scanning services such as Qualys’ SSL certificate configuration testing service SSL Server Test, aXe for testing a site’s accessibility support, the Google-founded AMP Project, and snyk.io, which is Sonar’s scanner for vulnerable JavaScript libraries.”

PC Magazine: Microsoft Chastises Google Over Chrome Security

PC Magazine: Microsoft Chastises Google Over Chrome Security. “Microsoft this week threw a subtle jab at Google by revealing a security hole in Chrome. In a Wednesday blog post, Redmond examined Google’s browser security, and took the opportunity to throw some shade at Chrome’s security philosophy, while also touting the benefits of its own Edge browser.”