Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Attack Surface Reduction
Enhanced Mitigation Experience Toolkit
Internet Explorer (IE)
safe for initialization
safe for scripting
Windows Media components
Browse by Tags
Security Research & Defense
attack surface reduction
MS14-025: An Update for Group Policy Preferences
SRD Blog Author
Today, we released an update to address a vulnerability in Group Policy Preferences ( MS14-025 ). Group Policy Preferences was an addition made to Group Policy to extend its capabilities. Among other things, Group Policy Preferences allows an administrator to configure: Local administrator accounts...
13 May 2014
MS09-010: Reducing the text converter attack surface
MS09-010 addresses vulnerabilities in Word converters used by WordPad and by Office to load files saved in old file formats. Some of you probably saw this bulletin and thought “I never open documents from versions of Word prior to Word XP,” and you may be interested in reducing your attack surface. In...
14 Apr 2009
MS11-056: Vulnerabilities in the Client/Server Runtime Subsystem and Console Host
Today we released security update MS11-056 to address vulnerabilities in the Windows Client/Server Runtime Subsystem (CSRSS) and Console Host (conhost.exe). We also closed an internally found elevation of privilege attack vector on Windows 7 and Windows Server 2008 R2, significantly reducing the opportunity...
12 Jul 2011
MS09-017: An out-of-the-ordinary PowerPoint security update
Security update MS09-017 addresses the PowerPoint (PPT) zero-day vulnerability that has recently been used in targeted attacks. We issued security advisory 969136 with workarounds on April 2nd after we first saw the exploits in-the-wild abusing this vulnerability. We also published an SRD blog entry...
12 May 2009
New vulnerability in quartz.dll Quicktime parsing
Recently, we found a remote code execution vulnerability in Microsoft’s DirectShow platform (quartz.dll) when processing the QuickTime format. We have released advisory 971778 providing guidance to help protect customers. We’d like to go into more detail in this blog to help you understand: Which...
28 May 2009
MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability
IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the Internet Zone. The final, released build of...
9 Jun 2009
MS11-053: Vulnerability in the Bluetooth stack could allow remote code execution
The single Critical vulnerability in today’s batch of security updates addresses an issue in the Bluetooth stack. Your workstations’ risk to this vulnerability varies, depending on a number of factors. I’d like to use this blog post to outline those risk factors. How can I protect...
12 Jul 2011
More information on MS11-087
Today, we released MS11-087 addressing an issue in the font parsing subsystem of win32k.sys, CVE-2011-3402. The bulletin received a Critical rating due to a potential browser-based attack vector. We have not seen the browser-based attack vector exploited in the wild. The bulletin includes a workaround...
13 Dec 2011
MS12-034: Duqu, ten CVE's, and removing keyboard layout file attack surface
There are several interesting “stories” to tell about security update MS12-034 : Addressing the Duqu vulnerability again? Why so many affected products? Keyboard layout behavior introduced with Windows Vista conditionally applied down-level Addressing the Duqu vulnerability...
8 May 2012
MS11-050: IE9 is better
Today, we released MS11-050, a cumulative security update for Internet Explorer to address several vulnerabilities in IE9. The following table lists the CVEs included in MS11-050, and whether each affects IE8 or IE9. CVE Rating IE8 IE9 CVE-2011-1246 Moderate Yes...
14 Jun 2011
More information about the MHTML Script Injection vulnerability
Today we released Security Advisory 2501696 to alert customers to a publicly disclosed vulnerability in the MHTML protocol handler. This vulnerability could allow attackers to construct malicious links pointing to HTML documents that, when clicked, would render the targeted document and reflected script...
28 Jan 2011
More information on the December 2011 ActiveX Kill Bits bulletin (MS11-090)
This month we released MS11-090 to address a vulnerability in the Microsoft Time component (CVE-2011-3397), which features the deprecated time behavior that is still supported in IE6. We would like to provide further information about this issue and help explain why a “binary behavior kill bit”...
13 Dec 2011
© 2014 Microsoft Corporation.
Privacy & Cookies