Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Attack Surface Reduction
Internet Explorer (IE)
License Logging Service
safe for initialization
safe for scripting
Windows Media components
Browse by Tags
Security Research & Defense
Assessing risk for the June 2014 security updates
Today we released seven security bulletins addressing 66 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment...
10 Jun 2014
Assessing risk for the May 2014 security updates
SRD Blog Author
Today we released eight security bulletins addressing 13 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. The table is designed to help you prioritize the deployment of updates appropriately for your environment...
13 May 2014
Protection strategies for the Security Advisory 2963983 IE 0day
SRD Blog Author
We’ve received a number of customer inquiries about the workaround steps documented in Security Advisory 2963983 published on Saturday evening. We hope this blog post answers those questions. Steps you can take to stay safe The security advisory lists several options customers can take to...
30 Apr 2014
Assessing the risk of the February Security Bulletins
This morning, we released 13 security bulletins. Five have maximum severity rating of Critical, seven Important, and one Moderate. One security bulletin ( MS10-015 , ntvdm.dll) has exploit code already published, but we are not aware of any active attacks or customer impact. We hope that the table and...
9 Feb 2010
Reports of DEP being bypassed
Yesterday we heard reports of a commercially available exploit that bypasses DEP. This exploit was made available to a limited number of major security vendors (Antivirus, IDS, and IPS vendors) and government CERT agencies. We wanted to use this opportunity to give an overview of current customer risk...
20 Jan 2010
Preventing the exploitation of user mode heap corruption vulnerabilities
Over the past few months we have discussed a few different defense in depth mitigations (like GS [ pt 1 , pt2 ], SEHOP , and DEP [ pt 1 , pt 2 ]) which are designed to make it harder for attackers to successfully exploit memory safety vulnerabilities in software. In addition to the mitigations that we...
4 Aug 2009
Introducing ModSecurity IIS 2.7.2 Stable Release
We are pleased to announce the release of a stable version of the open source web application firewall module ModSecurity IIS 2.7.2 . Since the announcement of availability of the beta version in July 2012 , we have been working very hard to bring the quality of the module to meet the enterprise class...
11 Feb 2013
New Internet Explorer vulnerability affecting all versions of IE
Today we released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process. Proof...
23 Dec 2010
Assessing the risk of the April security updates
Today we released 17 security bulletins. Nine have a maximum severity rating of Critical and eight have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack...
12 Apr 2011
MS09-024: Lower risk if you have Microsoft Word installed
Today we released bulletin MS09-024 that fixes vulnerabilities in text converters for the Microsoft Works document file format (WPS). Reduced impact if Microsoft Office is installed The Works converters included with Microsoft Word are vulnerable. However, the Microsoft Word installer does not...
9 Jun 2009
Assessing the risk of the October 2011 security updates
Today we released eight security bulletins. Two have a maximum severity rating of Critical with the other six having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most...
11 Oct 2011
Technical Analysis of the Top BlueHat Prize Submissions
Now that we have announced the winners of the first BlueHat Prize competition, we wanted to provide some technical details on the top entries and explain how we evaluated their submissions. Speaking on behalf of the judges, it was great to see people thinking creatively about defensive solutions to important...
27 Jul 2012
Internet Explorer Mitigations for ATL Data Stream Vulnerabilities
IE security update MS09-034 implements two defense-in-depth measures intended to mitigate the threat of attacks which attempt to exploit the Microsoft Active Template Library (ATL) vulnerabilities described in Security Advisory 973882 and MS09-034 . We would like to explain these mitigations in more...
28 Jul 2009
Vulnerabilities in DNS Server Could Allow Remote Code Execution
Today we released MS11-058 to address two vulnerabilities in the Microsoft DNS Service. One of the two issues, CVE-2011-1966, could potentially allow an attacker who successfully exploited the vulnerability to run arbitrary code on Windows Server 2008 and Windows Server 2008 R2 DNS servers having a particular...
9 Aug 2011
CVE-2013-3893: Fix it workaround available
Today, we released a Fix it workaround tool to address a new IE vulnerability that had been actively exploited in extremely limited, targeted attacks. This Fix it makes a minor modification to mshtml.dll when it is loaded in memory to address the vulnerability. This Fix it workaround tool is linked from...
17 Sep 2013
The Enhanced Mitigation Experience Toolkit 2.0 is Now Available
Today we are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0. Users can click here to download the tool free of charge. For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies...
2 Sep 2010
MS10-061: Printer Spooler Vulnerability
This morning we released security bulletin MS10-061 to address an issue in the Windows print spooler. In this blog post, we’d like to provide additional detail about the specific configurations of Windows that are vulnerable to this issue and more background on its connection to the Stuxnet malware...
14 Sep 2010
MS09-036: ASP.NET Denial-of-Service vulnerability
We have released MS09-036 to address an anonymous denial of service (DoS) vulnerability in ASP.NET. We’d like to go into more detail in this blog to help you understand: Which configurations are at risk? What could happen if my configuration is impacted? How can I protect myself? Which...
11 Aug 2009
New version of EMET is now available
Today we are pleased to announce a new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here to download the tool free of charge. The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful...
18 May 2011
More information on the impact of MS12-001
Today we released MS12-001, which addresses an issue that can enable an attacker to bypass a defense in depth feature known as SafeSEH. This bypass is limited in scope to applications that make use of binaries that were built with Microsoft Visual C++ .NET 2003 RTM. Binaries that have been built with...
10 Jan 2012
GS cookie protection – effectiveness and limitations
The Microsoft C/C++ compiler supports the GS switch which aims to detect stack buffer overruns at runtime and terminate the process, thus in most cases preventing an attacker from gaining control of the vulnerable machine. This post will not go into detail about how GS works, so it may be helpful to...
17 Mar 2009
Assessing the risk of the September Critical security bulletins
This morning we released five security bulletins , all of them having a bulletin maximum severity rating of Critical and two having a bulletin maximum exploitability index rating of "1" (Consistent exploit code likely). We wanted to just say a few words about each bulletin to help you prioritize your...
8 Sep 2009
Assessing risk for the April 2013 security updates
Today we released nine security bulletins addressing 13 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment...
9 Apr 2013
On the effectiveness of DEP and ASLR
DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there...
8 Dec 2010
Assessing risk for the February 2012 security updates
Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most...
14 Feb 2012
© 2014 Microsoft Corporation.
Privacy & Cookies