Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Attack Surface Reduction
Enhanced Mitigation Experience Toolkit
Internet Explorer (IE)
safe for initialization
safe for scripting
Windows Media components
Browse by Tags
Security Research & Defense
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322
SRD Blog Author
Today, we released Security Advisory 2934088 to provide guidance to customers concerned about a new vulnerability found in Internet Explorer versions 9 and 10. This vulnerability has been exploited in limited, targeted attacks against Internet Explorer 10 users browsing to www.vfw.org and www.gifas.asso...
19 Feb 2014
CVE-2013-3906: a graphics vulnerability exploited through Word documents
Recently we become aware of a vulnerability of a Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Today we are releasing Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack while we are...
5 Nov 2013
MSXML - 5 steps to stay protected
Today Microsoft provided nine bulletin updates, as described in July’s Security Bulletin Summary . This post is going to focus on the first of the issues described in the above summary - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution. Step 1 – Be informed...
10 Jul 2012
Java: A Fix it for when you cannot let go
There is much to say about the use of Java in both consumer and enterprise environments. Like any other platforms, it has both devoted supporters and fervent critics. But for most, Java is a requirement, a means to an end. In the past few years, Java as a platform has been the target of numerous malware...
29 May 2013
More information on Security Advisory 2757760's Fix It
Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more...
19 Sep 2012
MS13-080 addresses two vulnerabilities under limited, targeted attacks
Today we released MS13-080 which addresses nine CVEs in Internet Explorer. This bulletin fixes multiple security issues, including two critical vulnerabilities that haven been actively exploited in limited targeted attacks, which we will discuss in details in this blog entry. CVE-2013-3893: the final...
8 Oct 2013
Microsoft "Fix it" available for Internet Explorer 6, 7, and 8
This past weekend we have alerted you about a vulnerability present in Internet Explorer 6, 7, and 8 which has already been used in limited targeted attacks. Later versions of Internet Explorer (9 and 10) are not affected by this issue. As always, we recommend upgrading to the latest available. For those...
31 Dec 2012
MSXML: Fix it before fixing it
Yesterday, Microsoft has released Security Advisory 2719615 , associated to a vulnerability in Microsoft XML Core Services. We want to share more details about the issue and explain the additional workarounds available to help you protect your computers. Information about the vulnerability A vulnerability...
14 Jun 2012
© 2014 Microsoft Corporation.
Privacy & Cookies