Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Attack Surface Reduction
Internet Explorer (IE)
safe for initialization
safe for scripting
Windows Media components
Browse by Tags
Security Research & Defense
EMET 5.2 is available (update)
Today, we’re releasing the Enhanced Mitigation Experience Toolkit (EMET) 5.2, which includes increased security protections to improve your security posture. You can download EMET 5.2 from microsoft.com/emet or directly from here . Following is the list of the main changes and improvements:...
16 Mar 2015
Assessing risk for the August 2014 security updates
SRD Blog Author
Today we released nine security bulletins addressing 37 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other seven have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment...
12 Aug 2014
Assessing risk for the June 2014 security updates
Today we released seven security bulletins addressing 66 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment...
10 Jun 2014
Assessing risk for the May 2014 security updates
SRD Blog Author
Today we released eight security bulletins addressing 13 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. The table is designed to help you prioritize the deployment of updates appropriately for your environment...
13 May 2014
Protection strategies for the Security Advisory 2963983 IE 0day
SRD Blog Author
We’ve received a number of customer inquiries about the workaround steps documented in Security Advisory 2963983 published on Saturday evening. We hope this blog post answers those questions. Steps you can take to stay safe The security advisory lists several options customers can take to...
30 Apr 2014
Safe Unlinking in the Kernel Pool
The heap in user mode has a number of different measures built in to make exploiting heap overrun vulnerabilities more challenging. Similar checks have been in debug versions of the kernel pool for some time to aid driver debugging. Windows 7 RC is the first version of Windows with some of these integrity...
26 May 2009
Assessing the risk of the February Security Bulletins
This morning, we released 13 security bulletins. Five have maximum severity rating of Critical, seven Important, and one Moderate. One security bulletin ( MS10-015 , ntvdm.dll) has exploit code already published, but we are not aware of any active attacks or customer impact. We hope that the table and...
9 Feb 2010
Reports of DEP being bypassed
Yesterday we heard reports of a commercially available exploit that bypasses DEP. This exploit was made available to a limited number of major security vendors (Antivirus, IDS, and IPS vendors) and government CERT agencies. We wanted to use this opportunity to give an overview of current customer risk...
20 Jan 2010
Preventing the exploitation of user mode heap corruption vulnerabilities
Over the past few months we have discussed a few different defense in depth mitigations (like GS [ pt 1 , pt2 ], SEHOP , and DEP [ pt 1 , pt 2 ]) which are designed to make it harder for attackers to successfully exploit memory safety vulnerabilities in software. In addition to the mitigations that we...
4 Aug 2009
Introducing ModSecurity IIS 2.7.2 Stable Release
We are pleased to announce the release of a stable version of the open source web application firewall module ModSecurity IIS 2.7.2 . Since the announcement of availability of the beta version in July 2012 , we have been working very hard to bring the quality of the module to meet the enterprise class...
11 Feb 2013
New Internet Explorer vulnerability affecting all versions of IE
Today we released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process. Proof...
23 Dec 2010
Assessing the risk of the April security updates
Today we released 17 security bulletins. Nine have a maximum severity rating of Critical and eight have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack...
12 Apr 2011
MS09-024: Lower risk if you have Microsoft Word installed
Today we released bulletin MS09-024 that fixes vulnerabilities in text converters for the Microsoft Works document file format (WPS). Reduced impact if Microsoft Office is installed The Works converters included with Microsoft Word are vulnerable. However, the Microsoft Word installer does not...
9 Jun 2009
Assessing the risk of the October 2011 security updates
Today we released eight security bulletins. Two have a maximum severity rating of Critical with the other six having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most...
11 Oct 2011
Technical Analysis of the Top BlueHat Prize Submissions
Now that we have announced the winners of the first BlueHat Prize competition, we wanted to provide some technical details on the top entries and explain how we evaluated their submissions. Speaking on behalf of the judges, it was great to see people thinking creatively about defensive solutions to important...
27 Jul 2012
Internet Explorer Mitigations for ATL Data Stream Vulnerabilities
IE security update MS09-034 implements two defense-in-depth measures intended to mitigate the threat of attacks which attempt to exploit the Microsoft Active Template Library (ATL) vulnerabilities described in Security Advisory 973882 and MS09-034 . We would like to explain these mitigations in more...
28 Jul 2009
Vulnerabilities in DNS Server Could Allow Remote Code Execution
Today we released MS11-058 to address two vulnerabilities in the Microsoft DNS Service. One of the two issues, CVE-2011-1966, could potentially allow an attacker who successfully exploited the vulnerability to run arbitrary code on Windows Server 2008 and Windows Server 2008 R2 DNS servers having a particular...
9 Aug 2011
CVE-2013-3893: Fix it workaround available
Today, we released a Fix it workaround tool to address a new IE vulnerability that had been actively exploited in extremely limited, targeted attacks. This Fix it makes a minor modification to mshtml.dll when it is loaded in memory to address the vulnerability. This Fix it workaround tool is linked from...
17 Sep 2013
The Enhanced Mitigation Experience Toolkit 2.0 is Now Available
Today we are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0. Users can click here to download the tool free of charge. For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies...
2 Sep 2010
MS08-043 : How to prevent this information disclosure vulnerability
In this month’s update for Excel we addressed an interesting CVE (CVE-2008-3003) – the first vulnerability to affect the new Open XML file format (but it doesn’t result in code execution). This is an information disclosure vulnerability that can arise when a user makes a data connection from Excel to...
12 Aug 2008
MS10-065: Exploitability of the IIS FastCGI request header vulnerability
This month, Microsoft released an update for IIS that addresses three vulnerabilities. The blog post focuses on one of these: the Request Header Buffer Overflow Vulnerability (CVE-2010-2730), which affects IIS version 7.5 and has a maximum security impact of Remote Code Execution (RCE). Below we provide...
14 Sep 2010
Assessing the risk of the September security updates
Today we released nine security bulletins . Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. Furthermore, six of the nine bulletins either do not affect the latest version of our products or affect them with reduced severity. We hope that...
14 Sep 2010
Clarification on the various workarounds from the recent IE advisory
Today Microsoft revised the Workarounds section of Security Advisory 961051 . We wanted to share more detail about the vulnerability and explain the additional workarounds here to help you protect your computers. Information about the vulnerability The vulnerability is caused by memory corruption...
13 Dec 2008
Assessing risk for the November 2012 security updates
Today we released six security bulletins addressing 19 CVE’s. Four of the bulletins have a maximum severity rating of Critical, one has a maximum severity rating of Important, and one has a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of...
13 Nov 2012
MS09-048: TCP/IP vulnerabilities
This month we released MS09-048 which addresses three vulnerabilities in the Windows TCP/IP stack. One of the vulnerabilities, CVE-2009-1925, is rated Critical due to the risk of Remote Code Execution (RCE). The other two vulnerabilities are Denial of Service (DoS) issues (due to memory exhaustion) without...
8 Sep 2009
© 2015 Microsoft Corporation.
Privacy & Cookies