Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: Internet Explorer Mitigations for ATL Data Stream Vulnerabilities

    IE security update MS09-034 implements two defense-in-depth measures intended to mitigate the threat of attacks which attempt to exploit the Microsoft Active Template Library (ATL) vulnerabilities described in Security Advisory 973882 and MS09-034 . We would like to explain these mitigations in more...
  • Blog Post: MSVIDCTL (MS09-032) and the ATL vulnerability

    Today we have released Security Advisory 973882 that describes vulnerabilities in the Microsoft Active Template Library (ATL), as well as security updates for Internet Explorer ( MS09-034 ) and Visual Studio ( MS09-035 ). The Visual Studio update addresses several vulnerabilities in the public versions...
  • Blog Post: The Kill-Bit FAQ: Part 1 of 3

    It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the first part of a three-part FAQ we have developed to answer some questions around the Kill-Bit and related functionality. The Kill-Bit FAQ – Part 1 of 3 What...
  • Blog Post: The Kill-Bit FAQ: Part 2 of 3

    It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the second part of our three-part Kill-Bit FAQ. The Kill-Bit FAQ – Part 2 of 3 How do ActiveX Controls, OLE Controls, and COM Objects relate...
  • Blog Post: MS08-041 : The Microsoft Access Snapshot Viewer ActiveX control

    MS08-041 fixes a vulnerability in the Microsoft Access Snapshot Viewer ActiveX control. It’s an interesting vulnerability so we wanted to go into more detail about platforms at reduced risk and also more about the servicing strategy for this vulnerability. Windows Vista at reduced risk? We first...
  • Blog Post: Why there won't be a security update for WkImgSrv.dll

    Recently, there was a public post in milw0rm ( http://www.milw0rm.com/exploits/5530 ), talking about an issue in the ActiveX control of Microsoft Works 7 WkImgSrv.dll. The PoC claims that it would achieve remote code execution. McAfee Avert Labs Blog also had a post about this ( http://www.avertlabs...
  • Blog Post: The Kill-Bit FAQ: Part 3 of 3

    It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the final part of our three-part Kill-Bit FAQ. The Kill-Bit FAQ – Part 3 of 3 Are there issues that could complicate the implementation of a Kill-Bit based fix...
  • Blog Post: Assessing the risk of public issues currently being tracked by the MSRC

    At Microsoft, as at most large software vendors, we are likely to have publicly known issues under investigation at any given time. This is what we do on the Security Research & Defense team. Recently we’ve seen confusion from folks trying to make sense of some of the current public issues...
  • Blog Post: More information about the Office Web Components ActiveX vulnerability

    We are aware of public attacks on the Internet exploiting a vulnerability in the Office Web Components Spreadsheet ActiveX control (OWC 10 and OWC11). Microsoft has released an advisory with further information available here . What’s the attacking vector? This vulnerability could be used for...
  • Blog Post: MS08-023: Same bug, four different security bulletin ratings

    Security bulletin MS08-023 addressed two ActiveX control vulnerabilities, one in a Visual Studio ActiveX control and another in a Yahoo!’s Music Jukebox ActiveX control. The security update sets the killbit for both controls. For more about how the killbit works, see the excellent three-part series ...
  • Blog Post: More information on the December 2011 ActiveX Kill Bits bulletin (MS11-090)

    This month we released MS11-090 to address a vulnerability in the Microsoft Time component (CVE-2011-3397), which features the deprecated time behavior that is still supported in IE6. We would like to provide further information about this issue and help explain why a “binary behavior kill bit”...
  • Blog Post: New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll

    We are aware of active attacks exploiting a remote code execution vulnerability in Microsoft’s MPEG2TuneRequest ActiveX Control Object. We have released advisory 972890 providing guidance to help our customers stay protected. In this blog post, we’d like to go into more detail to help you understand...
  • Blog Post: MS08-050 : Locking an ActiveX control to specific applications.

    MS08-050 concerns an ActiveX control that can be maliciously scripted to leak out personal information such as email addresses. There appeared to be no need for the control to have this behaviour so giving it a Kill-Bit seemed the correct approach to take. During the extensive testing that each security...
  • Blog Post: ATL vulnerability developer deep dive

    This morning we released MS09-035 to address ATL vulnerabilities in Visual Studio. This blog post will help you answer the following questions: What are the ATL vulnerabilities? Which versions of ATL are vulnerable? How can I tell if my ActiveX control is affected? How can I fix a vulnerable...
  • Blog Post: New vulnerability in quartz.dll Quicktime parsing

    Recently, we found a remote code execution vulnerability in Microsoft’s DirectShow platform (quartz.dll) when processing the QuickTime format. We have released advisory 971778 providing guidance to help protect customers. We’d like to go into more detail in this blog to help you understand: Which...
  • Blog Post: Bulletin severity for October bulletins

    Bulletin severity is an interesting topic to many blog readers. We often hear that you think a bulletin should be rated higher or lower. Sometimes we even hear one person suggesting a higher rating and another suggesting a lower rating for the same issue. J This post is not to advocate for or against...
  • Blog Post: Overview of the out-of-band release

    Today we released Security Advisory 973882 and with it, two out-of-band security bulletins. These updates are MS09-034 (an Internet Explorer update) and MS09-035 (a Visual Studio update). At this time for customers who have applied MS09-032 we are not aware of any “in the wild” exploits that leverage...