Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Microsoft Security Blog

  • What will cybersecurity look like in 2025?, Part 2: Microsoft envisions an optimistic future

    The future of cybersecurity will be influenced by more than just technical factors like the spread of malware, or even targeted cyber-attacks.  Global responses to social issues such as population growth, educational investments, or even trade liberalization will also play a significant role. 

    Continuing our series examining what cybersecurity will look like in the year 2025, let’s look at how the technology and social policy decisions addressing important issues, will influence three scenarios we believe could emerge in the next 10 years —Peak, Plateau, and Canyon.  Each of which are demonstrated in our report, Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain.

    According to the report, growth will likely have the biggest impact on cybersecurity.  Growth means more people, more devices, more connectivity, and more data.  India, for example, will experience growth of more than 3,000 percent in its total number of broadband subscriptions, from about 20 million in 2012 to more than 700 million. In contrast, during the same period, the entire European Union (28 countries/regions) will add only 105 million new broadband subscriptions, from nearly 143 million in 2012 to 248 million in 2025. Read more

  • IE increases protections, implements “out-of-date ActiveX control blocking”

    Last week, Internet Explorer announced important changes it will be making to better protect customers from cybercriminal attacks.  Beginning on September 9, Internet Explorer will block out-of-date ActiveX controls, such as older versions of the Oracle Java Runtime Environment (JRE) as part of the August 2014 release of MS14-051 Cumulative Security Update for Internet Explorer (2976627).  ActiveX controls are small programs, sometimes called add-ons that are used by web sites to serve up content, like videos and games, and let you interact with content like toolbars.  While ActiveX controls have become increasingly popular over time, many of these applications are neglected or left unpatched for long periods of time potentially leaving people exposed and vulnerable to attack from cybercriminals.  This is because many ActiveX controls that exist today are not automatically updated.  Read more

  • Part 1: What will cyber security look like in 2025?

    Cybersecurity challenges are emerging not just from the commonly recognized sources – criminals, malware, or even targeted cyber-attacks – they can grow from public policies as well. 

    A research report we released last month, Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain, seeks to look over the horizon and beyond technical trends to anticipate future catalysts for change as well as equip policy makers for tomorrow’s digital landscape. Read more

  • Now Available: Enhanced Mitigation Experience Toolkit (EMET) 5.0

    Today we are pleased to announce  the general availability of our Enhanced Mitigation Experience Toolkit (EMET) 5.0.  It has been almost five years since we released the first version of the tool and so much has changed since then.  Thanks to the overwhelming support, feedback and demand from our community, the tool has evolved quite a bit and now includes a number of new mitigations, expanded compatibility, user friendly UI, additional reporting capabilities, customer support through Microsoft Premier Support Services and more.  Read more

  • #TBT : Be Safer–Run as Standard User

    For #ThrowBackThursday, I thought it would be good to pull out an old but goodie. The original post is from back before the blog evolved into the Microsoft Security Blog and was still called “Jeff Jones Security Blog”. I’m including the full original text below, but this guidance applies today to whatever PC you are running. I hope you enjoy and welcome any comments you might have here or on @MSFTSecurity . Best regards, Jeff Be Safer - Run as Standard User I do my work...
  • New Strategies and Features to Help Organizations Better Protect Against Pass-the-Hash Attacks

    Posted by Matt Thomlinson, Vice President, Microsoft Security

    Today, we released new guidance to help our customers address credential theft, called Mitigating Pass-the-Hash and Other Credential Theft, version 2. The paper encourages IT professionals to “assume breach” to highlight the need for the use of holistic planning strategies and features in Microsoft Windows to become more resilient against credential theft attacks. This paper builds on our previously released guidance and mitigations for Pass-the-Hash (PtH) attacks. 

    Given that organizations must continue to operate after a breach, it is critical for them to have a plan to minimize the impact of successful attacks on their ongoing operations. Adopting an approach that assumes a breach will occur, ensures that organizations have a holistic plan in place before an attack occurs. A planned approach enables defenders to close the seams that attackers are aiming to exploit.

    The guidance also underscores another important point - that technical features alone may not prevent lateral movement and privilege escalation. In order to substantially reduce credential theft attacks, organizations should consider the attacker mindset and use strategies such as identifying key assets, implementing detection mechanisms, and having a breach recovery plan. These strategies can be implemented in combination with Windows features to provide a more effective defensive approach, and are aligned to the well-known National Institute of Standards and Technology (NIST) Cybersecurity Framework.  Read more

  • The Secret of the SDL

    “We all knew what the problems were, but the real issue was, things were getting worse and worse. How were we going to get ahead of this?  That’s what we really had to go fix.” – Steve Lipner, Partner Director of Program Management at Microsoft.

    When researchers at a small firm called eEye Digital Security noticed a nasty self-replicating code known today as “Code Red,” little did they know that this worm named after a flavor of Mountain Dew, would also kick off the tech industry’s best security model.  Its stories like this one, captured in the new in depth magazine “Life in the Digital Crosshairs; the dawn of the Microsoft Security Development Lifecycle,” that chronicles how the Microsoft Security Development Lifecycle (SDL) has been helping public and private organizations for the past 10 years, change their engineering cultures and develop more secure software.

    “Our Secure Product Lifecycle is analogous to Microsoft’s Security Development Lifecycle,” says Brad Arkin, chief security officer at Adobe.  “We value this process and the information it helps protect.” read more

  • Microsoft Takes Legal Action to fight Malware: Bladabindi and Jenxcus

    Today, Microsoft filed a civil suit against a Dynamic DNS provider in the U.S. (Vitalwerks Internet Solutions, LLC (doing business as and identified two individuals who are believed to have used this DNS provider to spread and control dangerous malware (Bladabindi and Jenxcus) to unsuspecting victims. Bladabindi or Jenxcus was encountered more than 7.4 million times over the past twelve months worldwide.

    The two people identified allegedly used social media to flaunt their creation and the dissemination of two well-known types of malware, known by the Microsoft Malware Protection Center (MMPC) as Jenxcus and BladabindiRead more

  • How Vulnerabilities are Exploited: the Root Causes of Exploited Remote Code Execution CVEs

    It is impossible to completely prevent vulnerabilities from being introduced during the development of large-scale software projects. As long as human beings write software code, mistakes that lead to imperfections in software will be made – no software is perfect. Some imperfections simply prevent the software from functioning exactly as intended, but other bugs may present vulnerabilities.

    Manual code reviews performed by developers and testers, in concert with automated tools such as fuzzers and static analysis tools, are very helpful techniques for identifying vulnerabilities in code. But these techniques cannot find every vulnerability in large scale software projects. As developers build more functionality into their software, their code becomes more and more complex. The challenge of finding vulnerabilities in very complex code is compounded by the fact that there are an infinite number of ways that developers can make coding errors that can create vulnerabilities, some of which are very, very subtle.

    Have you ever wondered what a vulnerability looks like? To illustrate how subtle a security vulnerability can be, the following small code sample contains a vulnerability that is difficult to find using code reviews or tools or both. Read more

  • Microsoft Interflow: a new Security and Threat Information Exchange Platform

    Today, the Microsoft Security Response Center (MSRC) announced the private preview of Microsoft Interflow. This is a security and threat information exchange platform for cybersecurity analysts and researchers.

    Interflow provides an automated machine-readable feed of threat and security information that can be shared across industries and community groups in near real-time. This platform provides this information using open specifications STIX™ (Structured Threat Information eXpression), TAXII™ (Trusted Automated eXchange of Indicator Information), and CybOX™ (Cyber Observable eXpression standards). This enables Interflow to integrate with existing operational and analytical tools that many organizations use through a plug-in architecture. It has the potential to help reduce the cost of defense by automating processes that are currently performed manually. 

    You can get more information on Microsoft Interflow on the MSRC blog, and as well as in this FAQ and at