Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322

    Today, we released Security Advisory 2934088 to provide guidance to customers concerned about a new vulnerability found in Internet Explorer versions 9 and 10. This vulnerability has been exploited in limited, targeted attacks against Internet Explorer 10 users browsing to www.vfw.org and www.gifas.asso...
  • Blog Post: CVE-2013-3906: a graphics vulnerability exploited through Word documents

    Recently we become aware of a vulnerability of a Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Today we are releasing Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack while we are...
  • Blog Post: MSXML - 5 steps to stay protected

    Today Microsoft provided nine bulletin updates, as described in July’s Security Bulletin Summary . This post is going to focus on the first of the issues described in the above summary - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution. Step 1 – Be informed...
  • Blog Post: Java: A Fix it for when you cannot let go

    There is much to say about the use of Java in both consumer and enterprise environments. Like any other platforms, it has both devoted supporters and fervent critics. But for most, Java is a requirement, a means to an end. In the past few years, Java as a platform has been the target of numerous malware...
  • Blog Post: More information on Security Advisory 2757760's Fix It

    Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more...
  • Blog Post: MS13-080 addresses two vulnerabilities under limited, targeted attacks

    Today we released MS13-080 which addresses nine CVEs in Internet Explorer. This bulletin fixes multiple security issues, including two critical vulnerabilities that haven been actively exploited in limited targeted attacks, which we will discuss in details in this blog entry. CVE-2013-3893: the final...
  • Blog Post: Microsoft "Fix it" available for Internet Explorer 6, 7, and 8

    This past weekend we have alerted you about a vulnerability present in Internet Explorer 6, 7, and 8 which has already been used in limited targeted attacks. Later versions of Internet Explorer (9 and 10) are not affected by this issue. As always, we recommend upgrading to the latest available. For those...
  • Blog Post: MSXML: Fix it before fixing it

    Yesterday, Microsoft has released Security Advisory 2719615 , associated to a vulnerability in Microsoft XML Core Services. We want to share more details about the issue and explain the additional workarounds available to help you protect your computers. Information about the vulnerability A vulnerability...