Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: Protection strategies for the Security Advisory 2963983 IE 0day

    We’ve received a number of customer inquiries about the workaround steps documented in Security Advisory 2963983 published on Saturday evening. We hope this blog post answers those questions. Steps you can take to stay safe The security advisory lists several options customers can take to...
  • Blog Post: Continuing with Our Community Driven, Customer Focused Approach for EMET

    The Enhanced Mitigation Experience Toolkit, best known as EMET, helps raise the bar against attackers gaining access to computer systems. Since the first release of EMET in 2009, our customers and the security community have adopted EMET and provided us with valuable feedback. Feedback both in forums...
  • Blog Post: Security Advisory 2953095: recommendation to stay protected and for detections

    Today, Microsoft released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. This blog will discuss mitigations and temporary defensive strategies that will help customers to protect...
  • Blog Post: When ASLR makes the difference

    We wrote several times in this blog about the importance of enabling Address Space Layout Randomization mitigation (ASLR) in modern software because it’s a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation...
  • Blog Post: Announcing EMET 5.0 Technical Preview

    Today, we are thrilled to announce a preview release of the next version of the Enhanced Mitigation Experience Toolkit, better known as EMET. You can download EMET 5.0 Technical Preview here . This Technical Preview introduces new features and enhancements that we expect to be key components of the final...
  • Blog Post: Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322

    Today, we released Security Advisory 2934088 to provide guidance to customers concerned about a new vulnerability found in Internet Explorer versions 9 and 10. This vulnerability has been exploited in limited, targeted attacks against Internet Explorer 10 users browsing to www.vfw.org and www.gifas.asso...
  • Blog Post: EMET 3.5 Tech Preview leverages security mitigations from the BlueHat Prize

    Last year at Black Hat Las Vegas, we announced the BlueHat Prize contest – a large cash prize awarded for defensive security research. One month ago , we announced the names of three finalists. On Thursday night shortly after 10 PM, at the Microsoft Researcher Appreciation Party, we will unveil...
  • Blog Post: MS12-060: Addressing a vulnerability in MSCOMCTL.OCX's TabStrip control

    Today we released MS12-060 , addressing a potential remote code execution vulnerability in MSCOMCTL.OCX, the binary included with a number of Microsoft products to provide a set of common ActiveX controls. Limited, targeted attacks exploiting CVE-2012-1856 MS12-060 is on the list of high priority...
  • Blog Post: CVE-2013-3906: a graphics vulnerability exploited through Word documents

    Recently we become aware of a vulnerability of a Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Today we are releasing Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack while we are...
  • Blog Post: New version of EMET is now available

    Today we are pleased to announce a new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here to download the tool free of charge. The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful...
  • Blog Post: On the effectiveness of DEP and ASLR

    DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there...
  • Blog Post: Technical details of the targeted attack using IE vulnerability CVE-2013-3918

    Over the weekend we became aware of an active attack relying on an unknown remote code execution vulnerability of a legacy ActiveX component used by Internet Explorer. We are releasing this blog to confirm one more time that the code execution vulnerability will be fixed in today’s UpdateTuesday...
  • Blog Post: MSXML: Fix it before fixing it

    Yesterday, Microsoft has released Security Advisory 2719615 , associated to a vulnerability in Microsoft XML Core Services. We want to share more details about the issue and explain the additional workarounds available to help you protect your computers. Information about the vulnerability A vulnerability...
  • Blog Post: Mitigating Software Vulnerabilities

    How can you protect yourself, your business, and your customers when faced with an unknown or unpatched software vulnerability? This question can be difficult to answer but it is nevertheless worthy of thoughtful consideration. One particularly noteworthy answer to this question is provided in the form...
  • Blog Post: New vulnerability affecting Internet Explorer 8 users

    Today, the MSRC released Security Advisory 2794220 alerting customers to limited, targeted attacks affecting customers using Internet Explorer 6, 7, and 8. Internet Explorer 9 and Internet Explorer 10 users are safe. More information about the vulnerability and exploit In this particular vulnerability...
  • Blog Post: EMET 4.0 now available for download

    We are pleased to announce that the final release of version 4.0 of the Enhanced Mitigation Experience Toolkit , best known as EMET, is now finally available for download. You can download it from http://www.microsoft.com/en-us/download/details.aspx?id=39273 . We already mentioned some of the new...
  • Blog Post: Microsoft "Fix it" available to mitigate Internet Explorer 8 vulnerability

    Today, we are making available a “Microsoft Fix it” solution to block attacks leveraging the Internet Explorer 8 (IE8) vulnerability described in Security Advisory 2847140 . This code-signed, easily downloadable and install-able Fix it package uses the Windows application compatibility toolkit...
  • Blog Post: More information on Security Advisory 2757760's Fix It

    Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more...
  • Blog Post: DEP, EMET protect against attacks on the latest Internet Explorer vulnerability

    Today we released Security Advisory 2458511 notifying customers of limited attacks leveraging an Internet Explorer vulnerability. The beta version of Internet Explorer 9 is not affected while Internet Explorer 6, 7, and 8 are affected. So far the attacks we have seen only target Internet Explorer versions...
  • Blog Post: Blocking Exploit Attempts of the Recent Flash 0-Day

    We’ve recently become aware of a new exploit in the wild targeting a 0-day vulnerability in Adobe Flash Player . This exploit differs from the typical Flash Player attacks we’ve seen where a victim is lured into browsing to a website hosting malicious Flash content. Instead, these attacks...
  • Blog Post: Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit

    Background on the exploit As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP). Normally Address Space Layout Randomization...
  • Blog Post: A few more days before EMET 4

    On May 8 th , we announced that EMET 4 would have been released today, May 28 th . Since that day, we had additional feedback and we are working on a few things that are requiring a little bit more time than expected. This considered, we are not releasing EMET 4 today, and we will take a few more...
  • Blog Post: EMET 3.0 support is now available for enterprise customers

    We are pleased to announce that as of today customers with access to Microsoft Services Premier and Professional Support can receive EMET related technical assistance. This is an important step for us to better support professional and enterprise customers and answer questions related to EMET deployment...
  • Blog Post: New Internet Explorer vulnerability affecting all versions of IE

    Today we released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process. Proof...
  • Blog Post: MS13-051: Get Out of My Office!

    MS13-051 addresses a security vulnerability in Microsoft Office 2003 and Office for Mac. Newer versions of Microsoft Office for Windows are not affected by this vulnerability, but the newest version of Office for Mac (2011) is affected. We have seen this vulnerability exploited in targeted 0day attacks...