TechCrunch: Microsoft launches Windows Bounty program, offering awards up to $250,000. “Microsoft has been running a bounty program for a few years now, launching it just ahead of the release of Windows 8.1 back in mid-2013. At the time, the company was awarding up to $50,000 for exploits, in an attempt to help address any potential security issues before they could become a larger public concern. It’s a tact taken by a number of tech’s biggest names, like Google, Facebook and, more recently, Apple. The software giant’s expanding things a bit today, with the simply named ‘Windows Bounty Program.'” I think they mean “tack” as in sailing, and not “tact”, but I’m not sure. Maybe “tactic”?
BetaNews: It’s the end of the line For Windows Paint as Microsoft finally kills off its simple art tool. “Among the list of features set to be removed or deprecated in Windows 10 Fall Creators Update is Microsoft Paint, a fixture of Windows since the operating system’s first release back in 1985. Microsoft doesn’t give any explanation as to why it’s being removed. Indeed, in the list of features being dropped it simply says ‘Microsoft Paint.’ Everything else in the list, including Outlook Express, has at least a one-line explanation. What a sad, inglorious ending.” Someone in the comments is pointing out that the program is being deprecated, not completely removed.
Krebs on Security: Adobe, Microsoft Push Critical Security Fixes. “It’s Patch Tuesday, again. That is, if you run Microsoft Windows or Adobe products. Microsoft issued a dozen patch bundles to fix at least 54 security flaws in Windows and associated software. Separately, Adobe’s got a new version of its Flash Player available that addresses at least three vulnerabilities.”
ZDNet: Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it. “The software giant announced the version of Windows earlier this year as the flagship student-focused operating system to ship with its newest Surface Laptop. Microsoft touted the operating system as being less susceptible to ransomware because of its locked-down configuration — to the point where you can’t run any apps outside the protective walled garden of its app store. In order to get an app approved, it has to go through rigorous testing to ensure its integrity. That’s one of several mitigations that helps to protect the operating system to known file-encrypting malware. We wanted to see if such a bold claim could hold up.”
The Verge: Microsoft releases new Windows XP security patches, warns of state-sponsored cyberattacks. “Microsoft issued a ‘highly unusual’ patch for Windows XP last month to help prevent the spread of the massive WannaCry malware. At least 75,000 computers in 99 countries were affected by the malware which encrypts a computer and demands a $300 ransom before unlocking it. Microsoft stopped supporting Windows XP in April 2014, but the software giant is now taking the unprecedented move of including it in the company’s Patch Tuesday round of security updates today.”
eWeek: Fireball Hijack Infects 250 Million Browsers, Check Point Discovers. “Security analysts at Check Point have discovered a browser hijacking operation called ‘Fireball’ that has already claimed 250 million victims globally. Fireball starts off as a browser hijack with the ability to manipulate page views and redirect users, but can also be used as a malware downloader, according to Check Point.”
ThreatPost: Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw. “Microsoft quietly patched a critical vulnerability Wednesday in its Malware Protection Engine. The vulnerability was found May 12 by Google’s Project Zero team, which said an attacker could have crafted an executable that when processed by the Malware Protection Engine’s emulator could enable remote code execution.”