Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

About Security Research & Defense

About

About Security Research & Defense

The Security Research & Defense blog is intended to provide in-depth information to help keep customers more informed about security efforts at Microsoft. The blog provides information from the Microsoft Security Response Center (MSRC) Engineering team about vulnerabilities in Microsoft products, mitigations and workarounds for vulnerabilities and information on active attacks. Additionally the blog provides information about new security defenses and tools that the Microsoft Security Engineering Center (MSEC) Security Science team is working on.

MSRC Engineering discovers information during technical investigations into software security issues. Examples of the type of blog posts they make include:

  • Workarounds that are not 100% effective in every situation, do not apply to every attack vector or are specific to a particular attack
  • Complicated workarounds that work but cannot be recommended to all customers for various technical reasons
  • Group policy deployment guidance
  • “Best Practices” type guidance that applies to a particular vulnerability
  • Interesting facts about a vulnerability that Microsoft is addressing that will help customers learn more about Windows, the security infrastructure, or the way we conduct security investigations
  • Debugging techniques and information on how to triage security vulnerabilities

As always, Microsoft security bulletins or security advisories are the ultimate authority for security issues, but we’ll include juicy spill-over technical stuff in the SRD blog.

MSEC Security Science develops more effective and scalable ways to find vulnerabilities, researches and applies innovative exploit mitigation techniques to Microsoft products, and focuses on tracking and providing early warning of new exploits. Examples of posts they publish here include:

  • General guidance from the team on more secure settings and specific mitigations
  • Information about new security defenses that are being built into products
  • Applied research that the Science team is working on for future use

We carefully review technical information prior to posting so that the content does not provide an advantage to someone with malicious intent.  Helping to keep our customers more secure and well informed is our number one priority.

Comments are turned off since frankly, we’re concerned that if comments are allowed, we may see some inappropriate ones.  Please do (emphatically) email your questions, feedback, and comments about the blog to us at switech@microsoft.com.  While we can’t promise to address every comment, we will address comments in the blog as appropriate.

For more information please see the following links:

http://blogs.technet.com/msrc/archive/2005/07/15/407755.aspx

http://www.microsoft.com/technet/archive/security/bestprac/secwinin.mspx?mfr=true

About the Security Research & Defense Bloggers:

Group Photo:

 

 

   

 Chengyun Chu Bio: Chengyun Chu, security software engineer in MSRC Engineering. His first encounter with malware happened during a course project when his FORTRAN program (edited so painfully using EDLIN in DOS) was wiped out without his approval.  Ever since, he swore to defend his machine, and finally located his dream job at Microsoft, on the MSRC Engineering team.  He loves hiking, badminton, and PC games like warcraft/starcraft. His latest favorite toy is the Wii.  Sorry Xbox 360.

 

 

 Bruce Dang Bio: During the day, Bruce works in the Microsoft Security Response Center Engineering group and dedicates his time to protecting customers from various types of malicious software on the Internet.  Sometimes this involves helping customers write generic signatures to detect exploits at various layers in the stack.  At night, he reads non-technical books and sleeps.  Once in a while, he analyzes random file format exploits.   In his free time, he enjoys reading and learning about computer security, linguistics, philosophy, and history.  

 

  Suha Can Bio: Suha joined Microsoft in 2007 and is a security engineer in the MSRC Engineering React team. Previously, he worked in various security related roles in Internet and technology companies, and hacked wireless routers, web frameworks and cloud infrastructure. He spends his free time reading, figuring out how sophisticated systems work and overall applying his knowledge to make the world better.

 

 

  Vishal Chauhan Bio: Vishal works as a security software engineer in MSRC Engineering team. He got hooked into computers security while in his teens raising havoc on this friend’s machine by exploiting there systems.  It grew further during college days where the target were university’s servers for harmless activities like increasing internet usage quota. Since joining Microsoft the priorities are reversed to help customers secure their systems from mayhems like him. His favorite security activity is to help people understand the basics of secure coding to avoid obvious potholes and writing fuzzers. In his free time he is a total couch potato who loves to sleep and an avid video gamer.

 

Matt Miller Bio: Matt Miller has been an active member of the security research and development community where he focuses primarily on areas relating to exploitation technology and reverse engineering.  Matt joined the Metasploit project in 2004 and contributed to the advancement of the Metasploit framework.  Some of these advancements included the Meterpreter, VNC injection, and his work as a core developer on Metasploit 3.0.  Matt is also an editor and contributor to the Uninformed Journal which is a free, community-driven outlet for new research.  Matt's contributions to the journal have included papers on bypassing PatchGuard and DEP, as well as other techniques that can be used to improve or inhibit exploit reliability.  In addition to his work with Metasploit and Uninformed, Matt also developed a functional implementation of Address Space Layout Randomization (ASLR) for Windows 2000, Windows XP, and Windows Server 2003 prior to the integration of ASLR into Windows Vista.  Matt recently joined the Microsoft Security Engineering Science team where he is currently focused on program security analysis and exploit mitigations.

 

Jonathan Ness Bio: Jonathan_Ness_2007_01 Jonathan Ness leads the MSRC Engineering team of software security engineers at Microsoft.  He joined Microsoft in March 2003 as a member of the MSRC Engineering (then Secure Windows Initiative (SWI) Attack Team).   He and his defense team generate mitigations and workarounds for use in the montly Microsoft security bulletins, detailed vulnerability documentation for MSRC cases, and act as engineering technical lead for the Microsoft company-wide Software Security Incident Response Process (http://www.microsoft.com/security/msrc/incident_response.mspx#ESB).   
Things Jonathan loves about Microsoft:

 

  • Helping make hundreds of millions of computers more secure every month
  • Working every day with some of the smartest security engineers in the world who all care passionately about protecting customers
  • Finding ways to convey enough details about a vulnerability to help protect customers but not enough for that information to spawn exploits
  • Helping customers find ways to reduce attack surface and protect themselves from attacks

Outside Microsoft work, Jonathan thinks about security pretty much all the time.  One weekend each month and several weeks each year, he participates as a member of a reserve military unit helping to protect DoD networks.  Jonathan has written two books - Gray Hat Hacking (published in 2004) and Gray Hat Hacking, Second Edition (2008).  In his spare time, he enjoys his video editing hobby and mentoring youth at his church.  He lives a bit north of Redmond with his wife Jessica and their cat Chewey.

  Son Pho Nguyen Bio: Nguyễn Phố Sơn, computer security researcher, currently working as Security SDE at Microsoft, TwC Security MSEC Pentest Team. He primarily focuses on areas relating to software/malwares reverse engineering, developing kernel mode drivers, bypassing software protection mechanisms. Prior to joining Microsoft, he worked on designing/implementing the scan engine of a commercial Anti-malware product from scratch, and also writing a well-known Windows NT kernel-mode Anti-rootkit in 2007. In his spare time, he enjoys watching movies, reading books, traveling with his wife and learning new things.

 

  Neil Sikka Bio: Neil Sikka has had an intense interest in computers since he was a child fixing (and breaking) his parents computers. He has kept up his interest since then, throughout his college career as a Computer Engineer, playing with computers at nights and on weekends before/after class/work. In his free time, in addition to doing research on security/Operating Systems/networks, he enjoys writing his personal technical computer security blog (http://neilscomputerblog.blogspot.com) and learning about new exploitation and mitigation techniques. His favorite toy is the x86 architecture.

 

 

Axel Souchet Bio: Fresh CS graduate who recently joined Microsoft and the MSRC team as a security software engineer. He basically loves computers, challenges, and low level subjects: bug hunting, code-obfuscation, weird machines, etc. He is also not really good at writing Bio as you can see. 

 Gavin Thomas Bio: Gavin Thomas (Senior Security Software Engineer) manages the UK MSRC Engineering team. His team is responsible for triaging externally discovered security issues and helping to ensure they are addressed appropriately.  Other responsibilities of his team include hunting for variations of security issues and providing technical guidance to customers. Gavin joined the MSRC engineering team in 2006 where he specializes in protecting Microsoft Office and building state of the art fuzzing capabilities. Localized brownouts occurring when Gavin cranks up his latest fuzzer are purely coincidental. Prior to joining Microsoft, Gavin worked as a Cyber Security Specialist for the UK Government. Gavin and his family currently live in the UK.

  Matt Thomlinson Bio: Matt Thomlinson is the Senior Director of security engineering in the Trustworthy Computing Group at Microsoft. His teams are responsible for proactively implementing tools and processes to help secure Microsoft products and services, like the Security Development Lifecycle (SDL), as well as reacting to the technical aspects of security response. Matt also leads a security research group that is charged with furthering security science in order to better secure products and develop new vulnerability mitigations for products.

 

  Adam Zabrocki: computer security researcher, pentester and bughunter, currently working as a Security SDE at Microsoft. He was working in European Organization for Nuclear Research (CERN), where he was responsible for creating, design and development of rootkit detector for kernel 2.6 (32 and 64 bits). In parallel he was part of the GRID team and testing of DPM, LFC and RFIO software used in Large Hadron Collider (LHC) project. He was also working in HISPASEC Sistemas company (known from the virustotal.com project), Wroclaw Centre for Networking and Supercomputing (part of PL-GRID project – Polish Infrastructure for Supporting Computational Science in the European Research Space), Security Consultant at Cigital (working at a large financial institution as part of the Application Security Architecture team).As a hobby he was developer in The ERESI Reverse Engineering Software Interface project, bughunter (discovered vulnerabilities in OpenSSH, Apache, Adobe Acrobat Reader, Xpdf, Torque GRID server, FreeBSD and more) and studied exploitation and mitigation techniques, publishing results of his research in Phrack Magazine.