Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: Assessing risk for the April 2014 security updates

    Today we released four security bulletins addressing 11 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...
  • Blog Post: Assessing risk for the March 2014 security updates

    Today we released five security bulletins addressing 23 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...
  • Blog Post: Assessing risk for the February 2014 security updates

    Today we released seven security bulletins addressing 31 unique CVE’s. Four bulletins have a maximum severity rating of Critical while the other three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...
  • Blog Post: An update on the DLL-preloading remote attack vector

    Last week, we released Security Advisory 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting applications that load dynamic-link libraries (DLL’s) in an insecure manner. At that time, we also released a tool to help protect systems by...
  • Blog Post: Assessing risk for the January 2012 security updates

    Today we released seven security bulletins. One has a maximum severity rating of Critical with the other six having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most...
  • Blog Post: MS12-054: Not all remote, pre-auth vulnerabilities are equally appetizing for worms..

    We released security update MS12-054 to address four privately reported issues in Windows networking components failing to properly handle malformed Remote Administration Protocol (RAP) responses. The most severe of these issues, CVE-2012-1851, is a format string vulnerability in the printer spooler...
  • Blog Post: MS10-020: SMB Client Update

    Today Microsoft released MS10-020 , which addresses several vulnerabilities in the Windows SMB client. This blog post provides additional details to help prioritize installation of the update, and understand the attack vectors and mitigations that apply. Client-side vulnerabilities The first thing...
  • Blog Post: Assessing the risk of the December security bulletins

    This morning we released six security bulletins, three Critical and three Important, addressing 12 CVE’s. Please apply the Internet Explorer update right away as it poses the most risk of all the bulletins due to severity and exploitability. The Internet Explorer update addresses the vulnerability described...
  • Blog Post: MS08-001 - The case of the missing Windows Server 2003 attack vector

    Part 3 of our MS08-001 blog post series mentioned that Windows Server 2003 does not expose an attack vector to the vulnerable IGMP code execution vulnerability by default. Windows XP and Vista enable UPnP (Universal Plug-and-Play) which exposes an attack vector to the vulnerable code but Windows Server...
  • Blog Post: MS10-061: Printer Spooler Vulnerability

    This morning we released security bulletin MS10-061 to address an issue in the Windows print spooler. In this blog post, we’d like to provide additional detail about the specific configurations of Windows that are vulnerable to this issue and more background on its connection to the Stuxnet malware...
  • Blog Post: Assessing the risk of the April Security Bulletins

    Today we released eleven security bulletins with security updates addressing 25 CVE’s. Five of the bulletins have at least one CVE rated Critical. We hope that the table below helps you prioritize this month’s deployment. Bulletin Most likely attack vector Max Bulletin Severity Max...
  • Blog Post: Assessing the risk of the September Critical security bulletins

    This morning we released five security bulletins , all of them having a bulletin maximum severity rating of Critical and two having a bulletin maximum exploitability index rating of "1" (Consistent exploit code likely). We wanted to just say a few words about each bulletin to help you prioritize your...
  • Blog Post: Assessing risk for the December 2012 security updates

    Today we released seven security bulletins addressing 12 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment...
  • Blog Post: MS09-061: More information about the .NET security bulletin

    MS09-061 fixes vulnerabilities in the .NET Framework which could allow malicious .NET applications execute arbitrary native code, resulting in remote code execution. This post is intended to help clarify the attack vectors for these vulnerabilities, and to cover recommended workarounds. Important...
  • Blog Post: Assessing risk for the February 2012 security updates

    Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most...
  • Blog Post: MS11-053: Vulnerability in the Bluetooth stack could allow remote code execution

    The single Critical vulnerability in today’s batch of security updates addresses an issue in the Bluetooth stack. Your workstations’ risk to this vulnerability varies, depending on a number of factors. I’d like to use this blog post to outline those risk factors. How can I protect...
  • Blog Post: Service isolation explanation

    The past few days, we have had service isolation on our minds here in Redmond after the POC code posting last week from Cesar Cerrudo. Nazim Lala from the IIS team posted a great blog entry about the fix and why it is taking so long to release it. I expect it to be close to the amount of code churn as...
  • Blog Post: MS13-027: Addressing an issue in the USB driver requiring physical access

    Today we are addressing a vulnerability in the way that the Windows USB drivers handle USB descriptors when enumerating devices. ( KB 2807986 ). This update represents an expansion of our risk assessment methodology to recognize vulnerabilities that may require physical access, but do not require a valid...
  • Blog Post: Assessing risk for the June 2013 security updates

    Today we released five security bulletins addressing 23 CVE’s. One bulletin has a maximum severity rating of Critical, and four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. ...
  • Blog Post: MS09-054: Extra info on the attack surface for the IE security bulletin

    MS09-054 addresses an IE vulnerability (CVE-2009-2529), which was discovered and presented by Mark Dowd, Ryan Smith, and David Dewey at the BlackHat conference in July. First we’d like to make it clear that any customers that have applied the update associated with MS09-054 are protected, regardless...
  • Blog Post: Assessing the risk of the February security updates

    Today we released twelve security bulletins. Three have a maximum severity rating of Critical and nine have a maximum severity rating of Important. This release addresses three publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately...
  • Blog Post: MS12-014: Indeo, a blast from the past

    Today, we shipped security update MS12-014 to address an issue in the Indeo codec. With this blog post, we hope to preemptively answer some common questions that are likely to surface as researchers analyze this security update. Indeo: Blast from the Past Indeo is a video codec that was first developed...
  • Blog Post: Assessing risk for the January 2013 security updates

    Today we released seven security bulletins addressing 12 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment...
  • Blog Post: Protecting yourself from attacks that leverage fraudulent DigiNotar digital certificates

    Last week, we released Security Advisory 2607712 , notifying customers that fraudulent digital certificates had been issued by certificate authority DigiNotar. We’d like to follow up on that notification in this blog post by explaining more about the potential risks and actions you can take to...
  • Blog Post: Assessing the risk of the October security bulletins

    This morning we released 13 security bulletins, our largest release of 2009. Altogether, these bulletins address 34 separate CVEs. We’d like to use this blog post to help you prioritize your deployment of the updates. Prioritization Criteria We’ve provided a prioritized list of bulletins in the...