Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: MS14-025: An Update for Group Policy Preferences

    Today, we released an update to address a vulnerability in Group Policy Preferences ( MS14-025 ). Group Policy Preferences was an addition made to Group Policy to extend its capabilities. Among other things, Group Policy Preferences allows an administrator to configure: Local administrator accounts...
  • Blog Post: MS09-010: Reducing the text converter attack surface

    MS09-010 addresses vulnerabilities in Word converters used by WordPad and by Office to load files saved in old file formats. Some of you probably saw this bulletin and thought “I never open documents from versions of Word prior to Word XP,” and you may be interested in reducing your attack surface. In...
  • Blog Post: MS11-056: Vulnerabilities in the Client/Server Runtime Subsystem and Console Host

    Today we released security update MS11-056 to address vulnerabilities in the Windows Client/Server Runtime Subsystem (CSRSS) and Console Host (conhost.exe). We also closed an internally found elevation of privilege attack vector on Windows 7 and Windows Server 2008 R2, significantly reducing the opportunity...
  • Blog Post: MS09-017: An out-of-the-ordinary PowerPoint security update

    Security update MS09-017 addresses the PowerPoint (PPT) zero-day vulnerability that has recently been used in targeted attacks. We issued security advisory 969136 with workarounds on April 2nd after we first saw the exploits in-the-wild abusing this vulnerability. We also published an SRD blog entry...
  • Blog Post: New vulnerability in quartz.dll Quicktime parsing

    Recently, we found a remote code execution vulnerability in Microsoft’s DirectShow platform (quartz.dll) when processing the QuickTime format. We have released advisory 971778 providing guidance to help protect customers. We’d like to go into more detail in this blog to help you understand: Which...
  • Blog Post: MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability

    IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the Internet Zone. The final, released build of...
  • Blog Post: MS11-053: Vulnerability in the Bluetooth stack could allow remote code execution

    The single Critical vulnerability in today’s batch of security updates addresses an issue in the Bluetooth stack. Your workstations’ risk to this vulnerability varies, depending on a number of factors. I’d like to use this blog post to outline those risk factors. How can I protect...
  • Blog Post: More information on MS11-087

    Today, we released MS11-087 addressing an issue in the font parsing subsystem of win32k.sys, CVE-2011-3402. The bulletin received a Critical rating due to a potential browser-based attack vector. We have not seen the browser-based attack vector exploited in the wild. The bulletin includes a workaround...
  • Blog Post: MS12-034: Duqu, ten CVE's, and removing keyboard layout file attack surface

    There are several interesting “stories” to tell about security update MS12-034 : Addressing the Duqu vulnerability again? Why so many affected products? Keyboard layout behavior introduced with Windows Vista conditionally applied down-level Addressing the Duqu vulnerability...
  • Blog Post: MS11-050: IE9 is better

    Today, we released MS11-050, a cumulative security update for Internet Explorer to address several vulnerabilities in IE9. The following table lists the CVEs included in MS11-050, and whether each affects IE8 or IE9. CVE Rating IE8 IE9 CVE-2011-1246 Moderate Yes...
  • Blog Post: More information about the MHTML Script Injection vulnerability

    Today we released Security Advisory 2501696 to alert customers to a publicly disclosed vulnerability in the MHTML protocol handler. This vulnerability could allow attackers to construct malicious links pointing to HTML documents that, when clicked, would render the targeted document and reflected script...
  • Blog Post: More information on the December 2011 ActiveX Kill Bits bulletin (MS11-090)

    This month we released MS11-090 to address a vulnerability in the Microsoft Time component (CVE-2011-3397), which features the deprecated time behavior that is still supported in IE6. We would like to provide further information about this issue and help explain why a “binary behavior kill bit”...