Microsoft Malware Protection Center

Threat Research & Response Blog

September, 2012

  • What you need to know about CVE-2012-4969

    On Monday, we released a Security Advisory on CVE-2012-4969 , a vulnerability in Internet Explorer. A Fix it was released on Wednesday, and a cumulative update is also now available as of today, Friday morning. The vulnerability affects Internet Explorer versions 6 through 9. We have identified that this vulnerability is being used to infect computers by installing malware on them. The exploitation method has an intricate way of getting the payload on the affected machine. A diagram of the "infection...
  • Reversal of fortune: Attempts to disguise file names

    Social engineering tactics are vast and varied, and we see all sorts of methods being used on a daily basis by malware authors, in their attempts to compromise your machine. One such method that we see often is malware being distributed as an alluring or enticing link or file, and we know that some users (that are perhaps not as cautious as they should be) might click on such links, open such file, or accept file transfers from unknown sources… As has been noted previously , the use of Unicode...
  • Microsoft Security Response Center (MSRC) Progress Report 2012

    Our partners in Microsoft Security Response Center (MSRC) recently published their MSRC Progress Report 2012 . It was recently released at Blackhat USA in Las Vegas, Nevada. This year’s MSRC Progress Report provides our customers with the latest information from the Microsoft Security Response Center (MSRC) on the progress of various security initiatives that share information to foster deeper industry collaboration around software security, increase community-based defenses, and better protect...
  • MSRT September '12 - Medfos, hijacking your daily search

    In this month's Microsoft Malicious Software Removal Tool (MSRT) release, we add Win32/Medfos . This is a fairly new family, but it is continuously gaining big detection numbers around the world, especially in the United States. The initial Win32/Medfos infection is usually a downloader component that is distributed in different ways; for example, by visiting a compromised website that redirects to an exploit or by existing malware that downloads it to the already-infected machine. As with a lot...