Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: MS08-025: Win32k vulnerabilities

    MS08-025 addresses several vulnerabilities in win32k.sys where you can execute arbitrary code in kernel mode. These bugs can only be exploited locally and there is no remote vector we are aware of. One of these vulnerabilities deals on how we can bypass some of the ProbeForWrite and ProbeForRead checks...
  • Blog Post: MS08-061 : The case of the kernel mode double-fetch

    MS08-061 addresses several vulnerabilities in win32k.sys where you can execute arbitrary code in kernel mode. These bugs can only be exploited locally and there is no remote vector based on our investigation of the vulnerability. One of these vulnerabilities involves multiple kernel mode accesses...
  • Blog Post: MS08-066 : Catching and fixing a ProbeForRead / ProbeForWrite bypass

    The driver afd.sys is responsible for handling socket connections. MS08-066 addresses several vulnerabilities in afd.sys that could allow an attacker to execute arbitrary code in kernel mode. These vulnerabilities can only be exploited locally and there is no remote vector from our investigations. ...