Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Attack Surface Reduction
Internet Explorer (IE)
safe for initialization
safe for scripting
Windows Media components
Browse by Tags
Security Research & Defense
EMET 5.1 is available
Today, we’re releasing the Enhanced Mitigation Experience Toolkit (EMET) 5.1 which will continue to improve your security posture by providing increased application compatibility and hardened mitigations. You can download EMET 5.1 from microsoft.com/emet or directly from here . Following is the...
10 Nov 2014
Protection strategies for the Security Advisory 2963983 IE 0day
SRD Blog Author
We’ve received a number of customer inquiries about the workaround steps documented in Security Advisory 2963983 published on Saturday evening. We hope this blog post answers those questions. Steps you can take to stay safe The security advisory lists several options customers can take to...
30 Apr 2014
Continuing with Our Community Driven, Customer Focused Approach for EMET
The Enhanced Mitigation Experience Toolkit, best known as EMET, helps raise the bar against attackers gaining access to computer systems. Since the first release of EMET in 2009, our customers and the security community have adopted EMET and provided us with valuable feedback. Feedback both in forums...
30 Apr 2014
Security Advisory 2953095: recommendation to stay protected and for detections
Today, Microsoft released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. This blog will discuss mitigations and temporary defensive strategies that will help customers to protect...
24 Mar 2014
When ASLR makes the difference
We wrote several times in this blog about the importance of enabling Address Space Layout Randomization mitigation (ASLR) in modern software because it’s a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation...
12 Mar 2014
Announcing EMET 5.0 Technical Preview
Today, we are thrilled to announce a preview release of the next version of the Enhanced Mitigation Experience Toolkit, better known as EMET. You can download EMET 5.0 Technical Preview here . This Technical Preview introduces new features and enhancements that we expect to be key components of the final...
25 Feb 2014
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322
SRD Blog Author
Today, we released Security Advisory 2934088 to provide guidance to customers concerned about a new vulnerability found in Internet Explorer versions 9 and 10. This vulnerability has been exploited in limited, targeted attacks against Internet Explorer 10 users browsing to www.vfw.org and www.gifas.asso...
19 Feb 2014
EMET 3.5 Tech Preview leverages security mitigations from the BlueHat Prize
Last year at Black Hat Las Vegas, we announced the BlueHat Prize contest – a large cash prize awarded for defensive security research. One month ago , we announced the names of three finalists. On Thursday night shortly after 10 PM, at the Microsoft Researcher Appreciation Party, we will unveil...
25 Jul 2012
MS12-060: Addressing a vulnerability in MSCOMCTL.OCX's TabStrip control
Today we released MS12-060 , addressing a potential remote code execution vulnerability in MSCOMCTL.OCX, the binary included with a number of Microsoft products to provide a set of common ActiveX controls. Limited, targeted attacks exploiting CVE-2012-1856 MS12-060 is on the list of high priority...
14 Aug 2012
CVE-2013-3906: a graphics vulnerability exploited through Word documents
Recently we become aware of a vulnerability of a Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Today we are releasing Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack while we are...
5 Nov 2013
New vulnerability affecting Internet Explorer 8 users
Today, the MSRC released Security Advisory 2794220 alerting customers to limited, targeted attacks affecting customers using Internet Explorer 6, 7, and 8. Internet Explorer 9 and Internet Explorer 10 users are safe. More information about the vulnerability and exploit In this particular vulnerability...
29 Dec 2012
MSXML: Fix it before fixing it
Yesterday, Microsoft has released Security Advisory 2719615 , associated to a vulnerability in Microsoft XML Core Services. We want to share more details about the issue and explain the additional workarounds available to help you protect your computers. Information about the vulnerability A vulnerability...
14 Jun 2012
Mitigating Software Vulnerabilities
How can you protect yourself, your business, and your customers when faced with an unknown or unpatched software vulnerability? This question can be difficult to answer but it is nevertheless worthy of thoughtful consideration. One particularly noteworthy answer to this question is provided in the form...
12 Jul 2011
New version of EMET is now available
Today we are pleased to announce a new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here to download the tool free of charge. The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful...
18 May 2011
On the effectiveness of DEP and ASLR
DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there...
8 Dec 2010
Technical details of the targeted attack using IE vulnerability CVE-2013-3918
Over the weekend we became aware of an active attack relying on an unknown remote code execution vulnerability of a legacy ActiveX component used by Internet Explorer. We are releasing this blog to confirm one more time that the code execution vulnerability will be fixed in today’s UpdateTuesday...
12 Nov 2013
EMET 4.0 now available for download
We are pleased to announce that the final release of version 4.0 of the Enhanced Mitigation Experience Toolkit , best known as EMET, is now finally available for download. You can download it from http://www.microsoft.com/en-us/download/details.aspx?id=39273 . We already mentioned some of the new...
17 Jun 2013
Microsoft "Fix it" available to mitigate Internet Explorer 8 vulnerability
Today, we are making available a “Microsoft Fix it” solution to block attacks leveraging the Internet Explorer 8 (IE8) vulnerability described in Security Advisory 2847140 . This code-signed, easily downloadable and install-able Fix it package uses the Windows application compatibility toolkit...
9 May 2013
More information on Security Advisory 2757760's Fix It
Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more...
19 Sep 2012
DEP, EMET protect against attacks on the latest Internet Explorer vulnerability
Today we released Security Advisory 2458511 notifying customers of limited attacks leveraging an Internet Explorer vulnerability. The beta version of Internet Explorer 9 is not affected while Internet Explorer 6, 7, and 8 are affected. So far the attacks we have seen only target Internet Explorer versions...
3 Nov 2010
Blocking Exploit Attempts of the Recent Flash 0-Day
We’ve recently become aware of a new exploit in the wild targeting a 0-day vulnerability in Adobe Flash Player . This exploit differs from the typical Flash Player attacks we’ve seen where a victim is lured into browsing to a website hosting malicious Flash content. Instead, these attacks...
17 Mar 2011
Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit
Background on the exploit As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP). Normally Address Space Layout Randomization...
10 Sep 2010
A few more days before EMET 4
On May 8 th , we announced that EMET 4 would have been released today, May 28 th . Since that day, we had additional feedback and we are working on a few things that are requiring a little bit more time than expected. This considered, we are not releasing EMET 4 today, and we will take a few more...
29 May 2013
EMET 3.0 support is now available for enterprise customers
We are pleased to announce that as of today customers with access to Microsoft Services Premier and Professional Support can receive EMET related technical assistance. This is an important step for us to better support professional and enterprise customers and answer questions related to EMET deployment...
12 Feb 2013
New Internet Explorer vulnerability affecting all versions of IE
Today we released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process. Proof...
23 Dec 2010
© 2014 Microsoft Corporation.
Privacy & Cookies