Microsoft Releases April 2018 Security Updates

Original release date: April 10, 2018

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft's April 2018 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Practical passwordless authentication comes a step closer with WebAuthn

Enlarge (credit: Pablo Viojo / Flickr)

The World Wide Web Consortium (W3C) and FIDO Alliance today announced that a new spec, WebAuthn (“Web Authentication”) had been promoted to the Candidate Recommendation stage, the penultimate stage in the Web standards process.

WebAuthn is a specification to allow browsers to expose hardware authentication devices—USB, Bluetooth, or NFC—to sites on the Web. These hardware devices enable users to prove their identity to sites without requiring usernames and passwords. The spec has been developed as a joint effort between FIDO, an industry body that’s developing secure authentication systems, and W3C, the industry group that oversees development of Web standards.

With WebAuthn-enabled browsers and sites, users can sign in using both integrated biometric hardware (such as the fingerprint and facial-recognition systems that are widely deployed) and external authentication systems such as the popular YubiKey USB hardware. With WebAuthn, no user credentials ever leave the browser and no passwords are used, providing strong protection against phishing, man-in-the-middle attacks, and replay attacks.

Read 3 remaining paragraphs | Comments

Practical passwordless authentication comes a step closer with WebAuthn

Enlarge (credit: Pablo Viojo / Flickr)

The World Wide Web Consortium (W3C) and FIDO Alliance today announced that a new spec, WebAuthn (“Web Authentication”) had been promoted to the Candidate Recommendation stage, the penultimate stage in the Web standards process.

WebAuthn is a specification to allow browsers to expose hardware authentication devices—USB, Bluetooth, or NFC—to sites on the Web. These hardware devices enable users to prove their identity to sites without requiring usernames and passwords. The spec has been developed as a joint effort between FIDO, an industry body that’s developing secure authentication systems, and W3C, the industry group that oversees development of Web standards.

With WebAuthn-enabled browsers and sites, users can sign in using both integrated biometric hardware (such as the fingerprint and facial-recognition systems that are widely deployed) and external authentication systems such as the popular YubiKey USB hardware. With WebAuthn, no user credentials ever leave the browser and no passwords are used, providing strong protection against phishing, man-in-the-middle attacks, and replay attacks.

Read 3 remaining paragraphs | Comments

Practical passwordless authentication comes a step closer with WebAuthn

Enlarge (credit: Pablo Viojo / Flickr)

The World Wide Web Consortium (W3C) and FIDO Alliance today announced that a new spec, WebAuthn ("Web Authentication") had been promoted to the Candidate Recommendation stage, the penultimate stage in the Web standards process.

WebAuthn is a specification to allow browsers to expose hardware authentication devices—USB, Bluetooth, or NFC—to sites on the Web. These hardware devices enable users to prove their identity to sites without requiring usernames and passwords. The spec has been developed as a joint effort between FIDO, an industry body that's developing secure authentication systems, and W3C, the industry group that oversees development of Web standards.

With WebAuthn-enabled browsers and sites, users can sign in using both integrated biometric hardware (such as the fingerprint and facial-recognition systems that are widely deployed) and external authentication systems such as the popular YubiKey USB hardware. With WebAuthn, no user credentials ever leave the browser and no passwords are used, providing strong protection against phishing, man-in-the-middle attacks, and replay attacks.

Read 3 remaining paragraphs | Comments