Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: Help keypress vulnerability in VBScript enabling Remote Code Execution

    The MSRC Engineering team has been investigating reports of a vulnerability involving the use of VBScript and Windows Help files. What is the impact and affected platforms? Our investigation has determined that Windows 7, Windows Server 2008, and Windows Vista are not impacted. Only Windows...
  • Blog Post: Assessing the risk of the June security updates

    Today we released 16 security bulletins. Nine have a maximum severity rating of Critical and seven have a maximum severity rating of Important. This release addresses several publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately...
  • Blog Post: MS13-080 addresses two vulnerabilities under limited, targeted attacks

    Today we released MS13-080 which addresses nine CVEs in Internet Explorer. This bulletin fixes multiple security issues, including two critical vulnerabilities that haven been actively exploited in limited targeted attacks, which we will discuss in details in this blog entry. CVE-2013-3893: the final...
  • Blog Post: New Bounty Program Details

    Today we announced the upcoming Mitigation Bypass Bounty, the BlueHat Bonus for Defense, and the Internet Explorer 11 Preview Bug Bounty program. It’s very exciting to finally take the wraps off of these initiatives and we are anticipating some great submissions from the security research community...
  • Blog Post: Assessing the risk of public issues currently being tracked by the MSRC

    At Microsoft, as at most large software vendors, we are likely to have publicly known issues under investigation at any given time. This is what we do on the Security Research & Defense team. Recently we’ve seen confusion from folks trying to make sense of some of the current public issues...
  • Blog Post: MS10-035: Cross-Domain Information Disclosure Vulnerability

    Today we released MS10-035 , a security update with an Important severity update, addressing CVE-2010-0255. We’d like to talk briefly about that specific vulnerability and how we’ve addressed it. Background information This issue primarily impacts Internet Explorer running on...
  • Blog Post: Technical details of the targeted attack using IE vulnerability CVE-2013-3918

    Over the weekend we became aware of an active attack relying on an unknown remote code execution vulnerability of a legacy ActiveX component used by Internet Explorer. We are releasing this blog to confirm one more time that the code execution vulnerability will be fixed in today’s UpdateTuesday...
  • Blog Post: Assessing the risk of the June Security Bulletins

    Today we released ten security bulletins . Three have a maximum severity rating of Critical and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most...