Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: MS11-018 addresses the IE8 pwn2own vulnerability

    Today Microsoft released MS11-018 addressing one of the three vulnerabilities that were used to win the Pwn2Own contest last month at CanSecWest 2011. It took three vulnerabilities to successfully compromise IE8 and meet all the requirements of the organizers. The vulnerability we are fixing today...
  • Blog Post: The History of the !exploitable Crash Analyzer

    At the CanSecWest conference earlier this month we made our first public release of the !exploitable Crash Analyzer . While an upcoming white paper and the CanSecWest slide deck go into detail on the technology involved, we thought it might be useful to explore the history of the tool. Roots in Fuzzing...
  • Blog Post: Released build of Internet Explorer 8 blocks Dowd/Sotirov ASLR+DEP .NET bypass

    Last summer at BlackHat Vegas, Alexander Sotirov and Mark Dowd outlined several clever ways to bypass the Windows Vista defense-in-depth protection combination of DEP and ASLR in attacks targeting Internet Explorer. One approach they presented allowed attackers to use .NET framework DLL’s to allocate...
  • Blog Post: MS13-037 addressing Pwn2own vulnerabilities

    MS13-037 addresses a number of vulnerabilities in Internet Explorer, several of which were reported to us by the TippingPoint Zero Day Initiative (ZDI) program. We’ve gotten questions from customers about the specific vulnerabilities purchased by ZDI from the CanSecWest pwn2own contest. We’d...
  • Blog Post: MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability

    IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the Internet Zone. The final, released build of...
  • Blog Post: Enhanced GS in Visual Studio 2010

    In a previous post we noted some stack-based vulnerabilities, such as MS08-067, that GS was not designed to mitigate due to the degree of control available to an attacker. However, other vulnerabilities such as the ANI parsing vulnerability in MS07-017 would have been mitigated if the GS cookie protection...
  • Blog Post: CanSecWest Preview & New Blog URL

    It’s getting busy around here with people preparing for the CanSecWest security conference ( http://cansecwest.com/ ). Many of the Microsoft Security Engineering Center (MSEC) and Microsoft Security Response Center (MSRC) members that regularly post to this blog will be attending CanSecWest and soaking...