A tale of mainframes and students being too clever by far

AWS adds database on-ramp to its Arm-powered instances

Amazon gets green-light to blow $10bn on 3,000+ internet satellites. All so Americans can shop more on Amazon

How to democratise IT: Tech big four hoover 63% of global cloudy infrastructure spending

Brit local authority appoints a systems integrator in leap to Oracle cloud, but support time-bomb is already ticking

Linus Torvalds pines for header file fix but releases Linux 5.8 anyway

Microsoft confirms pursuit of TikTok after Satya Nadella chats to Donald Trump

IT giant CSC coughs up $2m after helping New York City bill Medicaid for child therapy rather than insurance cos

Oh cool, more Cisco patches to apply. Happy Monday

Who was behind that stunning Twitter hack? State spies? Probably this Florida kid, say US prosecutors

First rule of Ransomware Club is do not pay the ransom, but it looks like Carlson Wagonlit Travel didn't get the memo

Burn baby burn, plastic inferno! Infosec researchers turn 3D printers into self-immolating suicide machines

Are your homegrown business apps as secure, fast and usable as they could be?

New Relic streamlines app monitoring tools, shifts to per-user, pay-as-you-go pricing, adds free tier to lure you in

Feeling unInspired? We can't help much with that, but there is a new .NET 5 preview and an Azure DevOps roadmap

Rancher rides off into the SUSE-set after acquisition by Linux outfit

In the halcyon days before Brexit, takeover attempts, and COVID-19, HP made 1.3% pre-tax profit on sales at UK limb

Struggling company pleads with landlords to slash rents as COVID-19 batters UK high street. The firm's name? Apple

Architect of tech contractor tax fraud scheme jailed for at least five years

Australia to force Google and Facebook to pay for news and reveal algorithm changes before they whack web traffic

Dynabook Portégé X30L-G: So light, you might even forget about its terrible keyboard

Co-inventor of the computer mouse, William English, dies

World takes tablets during COVID lockdowns, with shipments spiking 18%

All the way to Reno: Oppo's latest mid-ranger going global but lacks 5G compared to similarly specced models

Geek's Guide

Virgin Galactic pals up with Rolls-Royce to work on Mach 3 Concorde-style private jet that can carry up to 19 people

Voyager 1 cracks yet another barrier: Now 150 Astronomical Units from Sol

And it's off! NASA launches nuke-powered, laser-shooting, tank Perseverance to Mars to search for signs of life

Boeing confirms it will finish building 747s in 2022, when last freighter flies off the production line

Microsoft to Cortana: you’re not going out dressed in iOS or Android, young lady!

US drugstore chain installed anti-shoplifter facial-recognition cameras in 200 locations – for eight years

Lizards for lunch? Crazy tech? Aliens?! Dana Dash: First Girl on the Moon is perfect for the little boffin-to-be in your life

So many stars, so little time: Machine learning helps astroboffins spot the most oxygen-starved galaxy yet

Verity Stob

The Last of Us Part II: Never mind the Metacritic nonsense, Naughty Dog's ultra-violent odyssey is a must-play*

An irritating itch down the back of your neck? Searing midsummer heat? Of course, it can only be SysAdmin Day

Elite name on Brit scene sponsors retro video games preservation project at the Centre for Computing History

Dutch Gateway store was kept udder wraps for centuries until refit dug up computing history

Security

Chinese web giant finds Windows zero-day, stays schtum on specifics

Quihoo 360 plays the responsible disclosure game

Mon 23 Apr 2018 // 01:36 UTC 29

Got Tips?

Richard Chirgwin Bio Email Twitter

Chinese company Quihoo 360 says it's found a Windows zero-day in the wild, but because it's notified Microsoft, it's not telling anyone else how it works.

In this Weibo post (unless you speak Mandarin you'll need a translation tool), the company announced an “APT attack” on the unspecified zero-day “on a global scale”.

Windows 10 Spring Creators Update team explains the hold-up: You little BSOD!

It called the vulnerability a “double kill” bug, said it exploits “the latest version of Internet Explorer and applications that use the IE kernel”, and added that it's being spread in Microsoft Office documents that include a malicious Web page.

If a victim opens the document, the post claims, the malicious code will run in the background to execute the unspecified attack program.

Its only illustration of the attack is in the Chinese-language-annotated image below.

Quihoo360's enigmatc disclosure

Microsoft would far prefer that users stopped using Internet Explorer and adopted its Edge browser instead. Some users are proving stubborn, though: according to Net Market Share, IE still has a rusted-on 12 per cent of the browser market.

That's why last week's Patch Tuesday plugged a serious, if legacy, IE vulnerability: CVE-2014-0322, a remote code execution bug. ®

Tips and corrections

29 Comments

Keep Reading

Microsoft staff giggle beneath the weight of a 52,000-person Reply-All email storm

Team Redmond stokes the flames as an exercise in black humor

Is it Patch Blues-day for Outlook? Microsoft's email client breaks worldwide, leaves everyone stumped

Updated Admins sent scrambling after software mysteriously starts crashing

Outlook more like 'look out!' as Microsoft email decides everything is spam today

Updated Cortana, set a reminder for when their services work. Cortana? CORTANAAA!

Admins beware! Microsoft gives heads-up for 'disruptive' changes to authentication in Office 365 email service

Basic authentication will be OFF for Exchange Online email and other services from October 2020

Something something DANE cook: Microsoft pledges to wrap its email systems in secure anti-snooping protocol

Office 365 will finally get DNSSEC-based protection later this year

Email seems lost in the post? You might be a Tsohost customer

Print it out, pop a stamp on it, stick it in a pillar box. Might have been quicker

Microsoft blocked TSO Host's email IPs from Hotmail, Outlook inboxes and no one seems to care

Apart from the poor sods paying for the service, that is

Namesco email 'scripting error' has last bastion of Demon Internet holdouts scratching their heads

Let's play 'That's Not My Subdomain'

ABOUT US

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR NEWSLETTERS

Join our daily or weekly newsletters, subscribe to a specific section or set News alerts

Subscribe

Do not sell my personal information Cookies Privacy Ts&Cs

A tale of mainframes and students being too clever by far

AWS adds database on-ramp to its Arm-powered instances

Amazon gets green-light to blow $10bn on 3,000+ internet satellites. All so Americans can shop more on Amazon

How to democratise IT: Tech big four hoover 63% of global cloudy infrastructure spending

Brit local authority appoints a systems integrator in leap to Oracle cloud, but support time-bomb is already ticking

Linus Torvalds pines for header file fix but releases Linux 5.8 anyway

Microsoft confirms pursuit of TikTok after Satya Nadella chats to Donald Trump

IT giant CSC coughs up $2m after helping New York City bill Medicaid for child therapy rather than insurance cos

Oh cool, more Cisco patches to apply. Happy Monday

Who was behind that stunning Twitter hack? State spies? Probably this Florida kid, say US prosecutors

First rule of Ransomware Club is do not pay the ransom, but it looks like Carlson Wagonlit Travel didn't get the memo

Burn baby burn, plastic inferno! Infosec researchers turn 3D printers into self-immolating suicide machines

Are your homegrown business apps as secure, fast and usable as they could be?

New Relic streamlines app monitoring tools, shifts to per-user, pay-as-you-go pricing, adds free tier to lure you in

Feeling unInspired? We can't help much with that, but there is a new .NET 5 preview and an Azure DevOps roadmap

Rancher rides off into the SUSE-set after acquisition by Linux outfit

In the halcyon days before Brexit, takeover attempts, and COVID-19, HP made 1.3% pre-tax profit on sales at UK limb

Struggling company pleads with landlords to slash rents as COVID-19 batters UK high street. The firm's name? Apple

Architect of tech contractor tax fraud scheme jailed for at least five years

Australia to force Google and Facebook to pay for news and reveal algorithm changes before they whack web traffic

Dynabook Portégé X30L-G: So light, you might even forget about its terrible keyboard

Co-inventor of the computer mouse, William English, dies

World takes tablets during COVID lockdowns, with shipments spiking 18%

All the way to Reno: Oppo's latest mid-ranger going global but lacks 5G compared to similarly specced models

Virgin Galactic pals up with Rolls-Royce to work on Mach 3 Concorde-style private jet that can carry up to 19 people

Voyager 1 cracks yet another barrier: Now 150 Astronomical Units from Sol

And it's off! NASA launches nuke-powered, laser-shooting, tank Perseverance to Mars to search for signs of life

Boeing confirms it will finish building 747s in 2022, when last freighter flies off the production line

Microsoft to Cortana: you’re not going out dressed in iOS or Android, young lady!

US drugstore chain installed anti-shoplifter facial-recognition cameras in 200 locations – for eight years

Lizards for lunch? Crazy tech? Aliens?! Dana Dash: First Girl on the Moon is perfect for the little boffin-to-be in your life

So many stars, so little time: Machine learning helps astroboffins spot the most oxygen-starved galaxy yet

The Last of Us Part II: Never mind the Metacritic nonsense, Naughty Dog's ultra-violent odyssey is a must-play*

An irritating itch down the back of your neck? Searing midsummer heat? Of course, it can only be SysAdmin Day

Elite name on Brit scene sponsors retro video games preservation project at the Centre for Computing History

Dutch Gateway store was kept udder wraps for centuries until refit dug up computing history

Security

Chinese web giant finds Windows zero-day, stays schtum on specifics

Quihoo 360 plays the responsible disclosure game

Windows 10 Spring Creators Update team explains the hold-up: You little BSOD!

Most Read

Linus Torvalds pines for header file fix but releases Linux 5.8 anyway

US drugstore chain installed anti-shoplifter facial-recognition cameras in 200 locations – for eight years

So many stars, so little time: Machine learning helps astroboffins spot the most oxygen-starved galaxy yet

Microsoft confirms pursuit of TikTok after Satya Nadella chats to Donald Trump

A tale of mainframes and students being too clever by far

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Keep Reading

Microsoft staff giggle beneath the weight of a 52,000-person Reply-All email storm

Is it Patch Blues-day for Outlook? Microsoft's email client breaks worldwide, leaves everyone stumped

Outlook more like 'look out!' as Microsoft email decides everything is spam today

Admins beware! Microsoft gives heads-up for 'disruptive' changes to authentication in Office 365 email service

Something something DANE cook: Microsoft pledges to wrap its email systems in secure anti-snooping protocol

Email seems lost in the post? You might be a Tsohost customer

Microsoft blocked TSO Host's email IPs from Hotmail, Outlook inboxes and no one seems to care

Namesco email 'scripting error' has last bastion of Demon Internet holdouts scratching their heads

Tech Resources

A Step-by-Step Guide to Shifting Left and Embracing a True DevSecOps Mentality

Simplifying Hybrid Cloud Flash Storage

Navigating the New Era of Cloud Computing

Speed NAS & Cloud Data Migrations: Elastic Data Migration

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

SIGN UP TO OUR NEWSLETTERS