Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Attack Surface Reduction
Internet Explorer (IE)
safe for initialization
safe for scripting
Windows Media components
Browse by Tags
Security Research & Defense
Reports of DEP being bypassed
Yesterday we heard reports of a commercially available exploit that bypasses DEP. This exploit was made available to a limited number of major security vendors (Antivirus, IDS, and IPS vendors) and government CERT agencies. We wanted to use this opportunity to give an overview of current customer risk...
20 Jan 2010
Preventing the exploitation of user mode heap corruption vulnerabilities
Over the past few months we have discussed a few different defense in depth mitigations (like GS [ pt 1 , pt2 ], SEHOP , and DEP [ pt 1 , pt 2 ]) which are designed to make it harder for attackers to successfully exploit memory safety vulnerabilities in software. In addition to the mitigations that we...
4 Aug 2009
New Internet Explorer vulnerability affecting all versions of IE
Today we released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process. Proof...
23 Dec 2010
Understanding DEP as a mitigation technology part 1
We have mentioned DEP in several recent blog posts ( 1 , 2 , 3 , and 4 ). This blog post will answer: What is DEP? How can you enable DEP? What are the risks in enabling different modes of DEP? This is the first of a two-part blog series on DEP as a mitigation technology. What is DEP...
12 Jun 2009
Assessing risk of IE 0day vulnerability
Yesterday, the MSRC released Microsoft Security Advisory 979352 alerting customers to limited, sophisticated attacks targeting Internet Explorer 6 customers. Today, samples of that exploit were made publicly available. Before we get into the details I want to make one thing perfectly clear. The attacks...
16 Jan 2010
DEP, EMET protect against attacks on the latest Internet Explorer vulnerability
Today we released Security Advisory 2458511 notifying customers of limited attacks leveraging an Internet Explorer vulnerability. The beta version of Internet Explorer 9 is not affected while Internet Explorer 6, 7, and 8 are affected. So far the attacks we have seen only target Internet Explorer versions...
3 Nov 2010
Understanding DEP as a mitigation technology part 2
In our previous blog post , we explained how DEP works and how to determine if / how a process opted-in to DEP. Now we will demonstrate how DEP can be used to mitigate the risk of a real-world attack. We published a security advisory in February describing an Excel vulnerability in fully-patched Excel...
12 Jun 2009
Assessing the risk of the September Critical security bulletins
This morning we released five security bulletins , all of them having a bulletin maximum severity rating of Critical and two having a bulletin maximum exploitability index rating of "1" (Consistent exploit code likely). We wanted to just say a few words about each bulletin to help you prioritize your...
8 Sep 2009
On the effectiveness of DEP and ASLR
DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there...
8 Dec 2010
Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063
Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). As we’ve described in the past , these mitigations...
12 Aug 2013
MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability
IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the Internet Zone. The final, released build of...
9 Jun 2009
© 2015 Microsoft Corporation.
Privacy & Cookies