Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Attack Surface Reduction
Enhanced Mitigation Experience Toolkit
Internet Explorer (IE)
safe for initialization
safe for scripting
Windows Media components
Browse by Tags
Security Research & Defense
MS14-025: An Update for Group Policy Preferences
SRD Blog Author
Today, we released an update to address a vulnerability in Group Policy Preferences ( MS14-025 ). Group Policy Preferences was an addition made to Group Policy to extend its capabilities. Among other things, Group Policy Preferences allows an administrator to configure: Local administrator accounts...
13 May 2014
Announcing OffVis 1.0 Beta
We’ve gotten questions from security researchers and malware protection vendors about the binary file format used by Microsoft Word, PowerPoint, and Excel. The format specification is open and we have spoken at several conferences ( 1 , 2 , 3 ) about detecting malicious docs but we wanted to do more...
1 Aug 2009
The Enhanced Mitigation Experience Toolkit 2.0 is Now Available
Today we are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0. Users can click here to download the tool free of charge. For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies...
2 Sep 2010
MS08-042 : Understanding and detecting a specific Word vulnerability
A few weeks ago we posted a blog entry titled " How to parse the .doc file format ". Today's blog post will show you how to use that information to check whether a .doc file is specially crafted to exploit MS08-042, one of the vulnerabilities addressed by today's security updates. This particular vulnerability...
12 Aug 2008
OffVis updated, Office file format training video created
In July, we released a beta Office file format viewer application called OffVis as a downloadable tool. We are pleased today to announce an updated version of OffVis and a 30 minute training video to help you understand the legacy Office binary file format. OffVis 1.1 The community response to...
14 Sep 2009
New tools to block and eradicate SQL injection
The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements the others. The goal of this blog post is...
24 Jun 2008
© 2014 Microsoft Corporation.
Privacy & Cookies