Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: Assessing the risk of the February Security Bulletins

    This morning, we released 13 security bulletins. Five have maximum severity rating of Critical, seven Important, and one Moderate. One security bulletin ( MS10-015 , ntvdm.dll) has exploit code already published, but we are not aware of any active attacks or customer impact. We hope that the table and...
  • Blog Post: Reports of DEP being bypassed

    Yesterday we heard reports of a commercially available exploit that bypasses DEP. This exploit was made available to a limited number of major security vendors (Antivirus, IDS, and IPS vendors) and government CERT agencies. We wanted to use this opportunity to give an overview of current customer risk...
  • Blog Post: Preventing the exploitation of user mode heap corruption vulnerabilities

    Over the past few months we have discussed a few different defense in depth mitigations (like GS [ pt 1 , pt2 ], SEHOP , and DEP [ pt 1 , pt 2 ]) which are designed to make it harder for attackers to successfully exploit memory safety vulnerabilities in software. In addition to the mitigations that we...
  • Blog Post: Introducing ModSecurity IIS 2.7.2 Stable Release

    We are pleased to announce the release of a stable version of the open source web application firewall module ModSecurity IIS 2.7.2 . Since the announcement of availability of the beta version in July 2012 , we have been working very hard to bring the quality of the module to meet the enterprise class...
  • Blog Post: New Internet Explorer vulnerability affecting all versions of IE

    Today we released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process. Proof...
  • Blog Post: Assessing the risk of the April security updates

    Today we released 17 security bulletins. Nine have a maximum severity rating of Critical and eight have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack...
  • Blog Post: MS09-024: Lower risk if you have Microsoft Word installed

    Today we released bulletin MS09-024 that fixes vulnerabilities in text converters for the Microsoft Works document file format (WPS). Reduced impact if Microsoft Office is installed The Works converters included with Microsoft Word are vulnerable. However, the Microsoft Word installer does not...
  • Blog Post: Assessing the risk of the October 2011 security updates

    Today we released eight security bulletins. Two have a maximum severity rating of Critical with the other six having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most...
  • Blog Post: Technical Analysis of the Top BlueHat Prize Submissions

    Now that we have announced the winners of the first BlueHat Prize competition, we wanted to provide some technical details on the top entries and explain how we evaluated their submissions. Speaking on behalf of the judges, it was great to see people thinking creatively about defensive solutions to important...
  • Blog Post: Internet Explorer Mitigations for ATL Data Stream Vulnerabilities

    IE security update MS09-034 implements two defense-in-depth measures intended to mitigate the threat of attacks which attempt to exploit the Microsoft Active Template Library (ATL) vulnerabilities described in Security Advisory 973882 and MS09-034 . We would like to explain these mitigations in more...
  • Blog Post: Vulnerabilities in DNS Server Could Allow Remote Code Execution

    Today we released MS11-058 to address two vulnerabilities in the Microsoft DNS Service. One of the two issues, CVE-2011-1966, could potentially allow an attacker who successfully exploited the vulnerability to run arbitrary code on Windows Server 2008 and Windows Server 2008 R2 DNS servers having a particular...
  • Blog Post: CVE-2013-3893: Fix it workaround available

    Today, we released a Fix it workaround tool to address a new IE vulnerability that had been actively exploited in extremely limited, targeted attacks. This Fix it makes a minor modification to mshtml.dll when it is loaded in memory to address the vulnerability. This Fix it workaround tool is linked from...
  • Blog Post: The Enhanced Mitigation Experience Toolkit 2.0 is Now Available

    Today we are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0. Users can click here to download the tool free of charge. For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies...
  • Blog Post: MS08-043 : How to prevent this information disclosure vulnerability

    In this month’s update for Excel we addressed an interesting CVE (CVE-2008-3003) – the first vulnerability to affect the new Open XML file format (but it doesn’t result in code execution). This is an information disclosure vulnerability that can arise when a user makes a data connection from Excel to...
  • Blog Post: MS10-065: Exploitability of the IIS FastCGI request header vulnerability

    This month, Microsoft released an update for IIS that addresses three vulnerabilities. The blog post focuses on one of these: the Request Header Buffer Overflow Vulnerability (CVE-2010-2730), which affects IIS version 7.5 and has a maximum security impact of Remote Code Execution (RCE). Below we provide...
  • Blog Post: Assessing the risk of the September security updates

    Today we released nine security bulletins . Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. Furthermore, six of the nine bulletins either do not affect the latest version of our products or affect them with reduced severity. We hope that...
  • Blog Post: Clarification on the various workarounds from the recent IE advisory

    Today Microsoft revised the Workarounds section of Security Advisory 961051 . We wanted to share more detail about the vulnerability and explain the additional workarounds here to help you protect your computers. Information about the vulnerability The vulnerability is caused by memory corruption...
  • Blog Post: Assessing risk for the November 2012 security updates

    Today we released six security bulletins addressing 19 CVE’s. Four of the bulletins have a maximum severity rating of Critical, one has a maximum severity rating of Important, and one has a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of...
  • Blog Post: MS09-048: TCP/IP vulnerabilities

    This month we released MS09-048 which addresses three vulnerabilities in the Windows TCP/IP stack. One of the vulnerabilities, CVE-2009-1925, is rated Critical due to the risk of Remote Code Execution (RCE). The other two vulnerabilities are Denial of Service (DoS) issues (due to memory exhaustion) without...
  • Blog Post: MS10-001: Font file decompression vulnerability

    MS10-001 addresses a vulnerability (CVE-2010-0018 ) in the LZCOMP de-compressor for Microtype Express Fonts. This blog aims to answer some questions regarding the updates we’ve made in this area. What is the issue? t2embed.dll improperly performs bounds-checking on lengths which are decoded from the...
  • Blog Post: More information on Security Advisory 2737111

    Today we released Security Advisory 2737111 to describe the way in which vulnerabilities in Oracle’s Outside In technology impact the document preview functionality of Microsoft Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint. In this blog, we would like to discuss the...
  • Blog Post: SEHOP per-process opt-in support in Windows 7

    In a previous blog post we discussed the technical details of Structured Exception Handler Overwrite Protection (SEHOP) which is an exploit mitigation feature that was first introduced in Windows Vista SP1 and Windows Server 2008 RTM. SEHOP prevents attackers from being able to use the Structured Exception...
  • Blog Post: Details on the New TLS Advisory

    Security Advisory 977377: Vulnerability in TLS Could Allow Spoofing In August of 2009, researchers at PhoneFactor discovered a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. As the issue is present in the actual TLS/SSL-standard, not only our implementation...
  • Blog Post: MS09-023: Windows Search and MSHTML Host Apps

    Today, we released MS09-023, a bulletin for Windows Search 4.0. It is an information disclosure vulnerability rated as Moderate. We would like to go into more details in this blog to help you understand: What is the attack vector? Why is this vulnerability rated as Moderate? What is the risk...
  • Blog Post: MS07-065 - The case of the significant suffix

    MS07-065 fixed a vulnerability in the Message Queueing service. On Windows 2000, a remote anonymous attacker could use this vulnerability to run code as local system on unpatched machines. Windows XP added defense-in-depth hardening to disallow remote access for this service that does not need to be...