Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Attack Surface Reduction
Internet Explorer (IE)
MS14-019 CMD BAT CreateProcess
safe for initialization
safe for scripting
Security Development Lifecycle (SDL)
Windows Media components
Browse by Tags
Security Research & Defense
New vulnerability affecting Internet Explorer 8 users
Today, the MSRC released Security Advisory 2794220 alerting customers to limited, targeted attacks affecting customers using Internet Explorer 6, 7, and 8. Internet Explorer 9 and Internet Explorer 10 users are safe. More information about the vulnerability and exploit In this particular vulnerability...
29 Dec 2012
Help and Support Center vulnerability full-disclosure posting
Yesterday evening, one of Google’s security researchers publicly released vulnerability details and a working exploit for an unpatched vulnerability in Windows XP and Windows Server 2003. This afternoon, we’ve released security advisory 2219475 with official guidance. We’d like to use...
10 Jun 2010
CVE-2013-3893: Fix it workaround available
Today, we released a Fix it workaround tool to address a new IE vulnerability that had been actively exploited in extremely limited, targeted attacks. This Fix it makes a minor modification to mshtml.dll when it is loaded in memory to address the vulnerability. This Fix it workaround tool is linked from...
17 Sep 2013
Running in the wild, not for so long
Over the weekend we received a report from our partners about a possible unpatched Internet Explorer vulnerability being exploited in the wild. The exploit code uses a memory corruption bug triggered from a webpage but it deeply leverages a Flash SWF file in order to achieve reliable exploitation and...
11 Jul 2013
Assessing risk of IE 0day vulnerability
Yesterday, the MSRC released Microsoft Security Advisory 979352 alerting customers to limited, sophisticated attacks targeting Internet Explorer 6 customers. Today, samples of that exploit were made publicly available. Before we get into the details I want to make one thing perfectly clear. The attacks...
16 Jan 2010
Microsoft "Fix it" available to mitigate Internet Explorer 8 vulnerability
Today, we are making available a “Microsoft Fix it” solution to block attacks leveraging the Internet Explorer 8 (IE8) vulnerability described in Security Advisory 2847140 . This code-signed, easily downloadable and install-able Fix it package uses the Windows application compatibility toolkit...
9 May 2013
Update on the SMB vulnerability situation
We’d like to give everyone an update on the situation surrounding the new Microsoft Server Message Block Version 2 (SMBv2) vulnerability affecting Windows Vista and Windows Server 2008. Easy way to disable SMBv2 First exploit for code execution released to small number of companies Mitigations...
18 Sep 2009
MS13-080 addresses two vulnerabilities under limited, targeted attacks
Today we released MS13-080 which addresses nine CVEs in Internet Explorer. This bulletin fixes multiple security issues, including two critical vulnerabilities that haven been actively exploited in limited targeted attacks, which we will discuss in details in this blog entry. CVE-2013-3893: the final...
8 Oct 2013
New version of EMET is now available
Today we are pleased to announce a new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here to download the tool free of charge. The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful...
18 May 2011
Technical details of the targeted attack using IE vulnerability CVE-2013-3918
Over the weekend we became aware of an active attack relying on an unknown remote code execution vulnerability of a legacy ActiveX component used by Internet Explorer. We are releasing this blog to confirm one more time that the code execution vulnerability will be fixed in today’s UpdateTuesday...
12 Nov 2013
© 2015 Microsoft Corporation.
Privacy & Cookies