Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: Assessing risk for the August 2013 security updates

    Today we released eight security bulletins addressing 23 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment...
  • Blog Post: Software defense: mitigating common exploitation techniques

    In our previous posts in this series, we described various mitigation improvements that attempt to prevent the exploitation of specific classes of memory safety vulnerabilities such as those that involve stack corruption , heap corruption , and unsafe list management and reference count mismanagement...
  • Blog Post: Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1

    In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we’re releasing a...
  • Blog Post: Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063

    Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). As we’ve described in the past , these mitigations...
  • Blog Post: MS10-104: SharePoint 2007 Vulnerability

    Today we released MS10-104 to address vulnerability CVE-2010-3964 in SharePoint 2007 server with an important severity rating. In this blog, we would like to cover some additional details of this vulnerability. Is my SharePoint server affected by this vulnerability? There are two types of...