Today’s topics include Microsoft deflecting cyber-attacks with its Azure Web Application Firewall, Microsoft offering early access to the Windows 10 Creators Update, VMware’s latest security vulnerability patches and the return of cyber-threats from the 1990s such as macro malware.
Microsoft has launched its Azure Web Application Firewall, making it more difficult for cyber-attackers to attack applications hosted on the company’s Azure cloud computing platform.
With the Web Application Firewall, which is available in all public Azure data center regions, customers can now fortify their applications, making them less susceptible to cross-site scripting attacks, SQL injection and other methods of exploiting or disrupting web applications. The firewall provides protection for up to 20 websites per gateway.
Microsoft will begin a phased rollout of its Windows 10 Creators Update on April 11. However, experienced users can get access to the software before then, as a manual update will be available starting April 5, according to John Cable, director of Program Management at Microsoft Windows Servicing and Delivery.
“This option is intended for advanced users on devices running a licensed version of Windows 10,” Cable said. Updates include a unified security settings hub, a Paint 3D app and support for a new breed of affordable mixed reality headsets.
VMware has released an update fixing four security vulnerabilities that could enable an attacker to escape the isolation of a virtual machine and attack a host operating system.
These weaknesses were first demonstrated on March 17 at the Pwn2Own hacking competition. The event awards security researchers for demonstrating zero-day vulnerabilities in software.
VMware is not the only vendor that has already publicly patched flaws that were first demonstrated at the Pwn2Own event. Linux kernel developers have also patched a flaw, as has Mozilla with a patch for an exploit to its Firefox web browser.
Macro malware, which uses the scripting language in Microsoft Office to infect and attack applications, may be so 1990s, but unfortunately it’s still hanging around.
Even though macro malware and worms may be a couple decades old, they remain significant security threats and even top some security threat lists.
Today, attackers are increasingly turning to new techniques, such as ransomware and denial-of-service attacks; however, older types of malware have persisted and are even making a comeback, according to two reports released by network-security firms.
One reason for the comeback? Defenders are often lax about looking for older threats, Corey Nachreiner, chief technology officer at WatchGuard, told eWEEK.