Today, we are making available a “Microsoft Fix it” solution to block attacks leveraging the Internet Explorer 8 (IE8) vulnerability described in Security Advisory 2847140 . This code-signed, easily downloadable and install-able Fix it package uses the Windows application compatibility toolkit...

Three weeks ago, we released a beta version of EMET 4.0 to get feedback on the new EMET features and to get more real-world testing before the official release. We have been amazed and so grateful for the thousands of downloads and hundreds of emails with feature suggestions, bug reports, questions about...

Great news! Today we are proud to announce a beta release of the next version of the Enhanced Mitigation Experience Toolkit (EMET) – EMET 4.0. Download it here: http://www.microsoft.com/en-us/download/details.aspx?id=38761 EMET is a free utility that helps prevent memory corruption vulnerabilities...

We are pleased to announce that as of today customers with access to Microsoft Services Premier and Professional Support can receive EMET related technical assistance. This is an important step for us to better support professional and enterprise customers and answer questions related to EMET deployment...

Today, the MSRC released Security Advisory 2794220 alerting customers to limited, targeted attacks affecting customers using Internet Explorer 6, 7, and 8. Internet Explorer 9 and Internet Explorer 10 users are safe. More information about the vulnerability and exploit In this particular vulnerability...

Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more...

Today we released MS12-060 , addressing a potential remote code execution vulnerability in MSCOMCTL.OCX, the binary included with a number of Microsoft products to provide a set of common ActiveX controls. Limited, targeted attacks exploiting CVE-2012-1856 MS12-060 is on the list of high priority...

Last year at Black Hat Las Vegas, we announced the BlueHat Prize contest – a large cash prize awarded for defensive security research. One month ago , we announced the names of three finalists. On Thursday night shortly after 10 PM, at the Microsoft Researcher Appreciation Party, we will unveil...

Today Microsoft provided nine bulletin updates, as described in July’s Security Bulletin Summary . This post is going to focus on the first of the issues described in the above summary - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution. Step 1 – Be informed...

Yesterday, Microsoft has released Security Advisory 2719615 , associated to a vulnerability in Microsoft XML Core Services. We want to share more details about the issue and explain the additional workarounds available to help you protect your computers. Information about the vulnerability A vulnerability...

We are pleased to announce the release of a new version of our Enhanced Mitigation Experience Toolkit (EMET) - EMET 3.0 . EMET it is a free utility that helps prevent vulnerabilities in software from being successfully exploited for code execution. It does so by opt-ing in software to the latest security...

How can you protect yourself, your business, and your customers when faced with an unknown or unpatched software vulnerability? This question can be difficult to answer but it is nevertheless worthy of thoughtful consideration. One particularly noteworthy answer to this question is provided in the form...

Today we are pleased to announce a new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here to download the tool free of charge. The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful...

We’ve recently become aware of a new exploit in the wild targeting a 0-day vulnerability in Adobe Flash Player . This exploit differs from the typical Flash Player attacks we’ve seen where a victim is lured into browsing to a website hosting malicious Flash content. Instead, these attacks...

Today we released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process. Proof...

DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there...

It’s recently come to our attention that some Enhanced Mitigation Experience Toolkit (EMET) v2.0 users may have potential issues with the update functionality of specific applications from Adobe and Google. As a result, today we released a new version of EMET that will help ensure these updaters...

Today we released Security Advisory 2458511 notifying customers of limited attacks leveraging an Internet Explorer vulnerability. The beta version of Internet Explorer 9 is not affected while Internet Explorer 6, 7, and 8 are affected. So far the attacks we have seen only target Internet Explorer versions...

Background on the exploit As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP). Normally Address Space Layout Randomization...

Today we are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0. Users can click here to download the tool free of charge. For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies...

*** UPDATE: Version 2.0 of EMET is now available. Click here to read more about it . *** What is EMET? In October 2009, we released a tool on this blog called EMET that provides users with the ability to deploy security mitigation technologies to arbitrary applications. Doing so helps to prevent...