Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: MS11-034: Addressing vulnerabilities in the win32k subsystem

    Today we released security bulletin MS11-034 to address vulnerabilities in the win32k subsystem. This update addresses externally reported issues as well as several internally found vulnerabilities that were discovered as part of our variant investigation. The bulletin may appear to address an alarmingly...
  • Blog Post: MS10-048 an explanation of the Defense in Depth fixes

    Today we released several fixes on MS10-048 affecting the win32k.sys kernel component. The most severe vulnerability allows a local user to perform an authenticated elevation of privileges, with no possible remote vector. This update also includes several “Defense in Depth” measures...
  • Blog Post: MS08-025: Win32k vulnerabilities

    MS08-025 addresses several vulnerabilities in win32k.sys where you can execute arbitrary code in kernel mode. These bugs can only be exploited locally and there is no remote vector we are aware of. One of these vulnerabilities deals on how we can bypass some of the ProbeForWrite and ProbeForRead checks...
  • Blog Post: MS08-061 : The case of the kernel mode double-fetch

    MS08-061 addresses several vulnerabilities in win32k.sys where you can execute arbitrary code in kernel mode. These bugs can only be exploited locally and there is no remote vector based on our investigation of the vulnerability. One of these vulnerabilities involves multiple kernel mode accesses...
  • Blog Post: Latest Baidu public posting requires Adminisrator to elevate

    Last night we noticed a Windows XP kernel 0day claim in win32k!NtUserConsoleControl posted on baidu.com. We took a quick look and found that the issue requires administrator privileges to execute. We are still investigating, looking for any chance of privilege escalation but so far it looks like a...
  • Blog Post: MS10-032: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

    Today we released a security update rated Important for CVE-2010-1255 in MS10-032 . This vulnerability affects the win32k.sys driver. This blog post provides more information about this vulnerability that can help with prioritizing the deployment of updates this month. What’s the...
  • Blog Post: Assessing the risk of the June Security Bulletins

    Today we released ten security bulletins . Three have a maximum severity rating of Critical and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most...