Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Attack Surface Reduction
Internet Explorer (IE)
Protected Mode IE
safe for initialization
safe for scripting
Windows Media components
Browse by Tags
Security Research & Defense
MS12-027: Enhanced protections regarding ActiveX controls in Microsoft Office documents
Security Update MS12-027 addresses a code execution vulnerability in MSCOMCTL.OCX, the Windows Common Controls ActiveX control. By default, this component is included with all 32-bit versions of Microsoft Office. We’d like to cover the following topics in this blog post: Limited, targeted...
10 Apr 2012
MS09-037: Why we are using CVE's already used in MS09-035
MS09-035 was released July 28 to address vulnerabilities in the Visual Studio Active Template Library (ATL). A related security update, MS09-034 , included a defense-in-depth Internet Explorer mitigation to help protect against attacks in vulnerable components. This morning, we released security bulletin...
11 Aug 2009
More information about the Office Web Components ActiveX vulnerability
We are aware of public attacks on the Internet exploiting a vulnerability in the Office Web Components Spreadsheet ActiveX control (OWC 10 and OWC11). Microsoft has released an advisory with further information available here . What’s the attacking vector? This vulnerability could be used for...
13 Jul 2009
New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll
We are aware of active attacks exploiting a remote code execution vulnerability in Microsoft’s MPEG2TuneRequest ActiveX Control Object. We have released advisory 972890 providing guidance to help our customers stay protected. In this blog post, we’d like to go into more detail to help you understand...
6 Jul 2009
The MSHTML Host Security FAQ: Part I of II
MSHTML, a.k.a. Trident, is the Internet Explorer browser rendering engine. MSHTML is a great solution for rendering HTML content, either in the context of a web browser, or simply to display rich UI in an application. You are likely not even aware of some of the many ways MSHTML is hosted within Windows...
3 Apr 2009
Behavior of ActiveX controls embedded in Office documents
The Microsoft Office applications (Word, Excel, PowerPoint, etc) have built-in ActiveX control support. ActiveX support allows a richer experience when interacting with an Office document. For example, a document author could use the Safe-For-Initialization Office Web Components (OWC) ActiveX control...
3 Mar 2009
MS08-050 : Locking an ActiveX control to specific applications.
MS08-050 concerns an ActiveX control that can be maliciously scripted to leak out personal information such as email addresses. There appeared to be no need for the control to have this behaviour so giving it a Kill-Bit seemed the correct approach to take. During the extensive testing that each security...
12 Aug 2008
MS08-041 : The Microsoft Access Snapshot Viewer ActiveX control
MS08-041 fixes a vulnerability in the Microsoft Access Snapshot Viewer ActiveX control. It’s an interesting vulnerability so we wanted to go into more detail about platforms at reduced risk and also more about the servicing strategy for this vulnerability. Windows Vista at reduced risk? We first...
12 Aug 2008
Why there won't be a security update for WkImgSrv.dll
Recently, there was a public post in milw0rm ( http://www.milw0rm.com/exploits/5530 ), talking about an issue in the ActiveX control of Microsoft Works 7 WkImgSrv.dll. The PoC claims that it would achieve remote code execution. McAfee Avert Labs Blog also had a post about this ( http://www.avertlabs...
5 Jun 2008
MS08-023: Same bug, four different security bulletin ratings
Security bulletin MS08-023 addressed two ActiveX control vulnerabilities, one in a Visual Studio ActiveX control and another in a Yahoo!’s Music Jukebox ActiveX control. The security update sets the killbit for both controls. For more about how the killbit works, see the excellent three-part series ...
9 Apr 2008
The Kill-Bit FAQ: Part 3 of 3
It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the final part of our three-part Kill-Bit FAQ. The Kill-Bit FAQ – Part 3 of 3 Are there issues that could complicate the implementation of a Kill-Bit based fix...
8 Feb 2008
The Kill-Bit FAQ: Part 2 of 3
It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the second part of our three-part Kill-Bit FAQ. The Kill-Bit FAQ – Part 2 of 3 How do ActiveX Controls, OLE Controls, and COM Objects relate...
7 Feb 2008
The Kill-Bit FAQ: Part 1 of 3
It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the first part of a three-part FAQ we have developed to answer some questions around the Kill-Bit and related functionality. The Kill-Bit FAQ – Part 1 of 3 What...
6 Feb 2008
Not safe = not dangerous? How to tell if ActiveX vulnerabilities are exploitable in Internet Explorer
In early January you may have read posts on security distribution lists regarding two ActiveX Controls released by Microsoft. We have investigated those controls and fortunately, they are not exploitable since IE does not treat them as being safe. We wanted to give you some background on how to evaluate...
4 Feb 2008
© 2014 Microsoft Corporation.
Privacy & Cookies