Security Research & Defense

About Security Research & Defense

The Security Research & Defense blog is intended to provide in-depth information to help keep customers more informed about security efforts at Microsoft. The blog provides information from the Microsoft Security Response Center (MSRC) Engineering team about vulnerabilities in Microsoft products, mitigations and workarounds for vulnerabilities and information on active attacks. Additionally the blog provides information about new security defenses and tools that the Microsoft Security Engineering Center (MSEC) Security Science team is working on.

MSRC Engineering discovers information during technical investigations into software security issues. Examples of the type of blog posts they make include:

• Workarounds that are not 100% effective in every situation, do not apply to every attack vector or are specific to a particular attack
• Complicated workarounds that work but cannot be recommended to all customers for various technical reasons
• Group policy deployment guidance
• “Best Practices” type guidance that applies to a particular vulnerability
• Interesting facts about a vulnerability that Microsoft is addressing that will help customers learn more about Windows, the security infrastructure, or the way we conduct security investigations
• Debugging techniques and information on how to triage security vulnerabilities

As always, Microsoft security bulletins or security advisories are the ultimate authority for security issues, but we’ll include juicy spill-over technical stuff in the SRD blog.

MSEC Security Science develops more effective and scalable ways to find vulnerabilities, researches and applies innovative exploit mitigation techniques to Microsoft products, and focuses on tracking and providing early warning of new exploits. Examples of posts they publish here include:

• General guidance from the team on more secure settings and specific mitigations
• Information about new security defenses that are being built into products
• Applied research that the Science team is working on for future use

We carefully review technical information prior to posting so that the content does not provide an advantage to someone with malicious intent.  Helping to keep our customers more secure and well informed is our number one priority.

Comments are turned off since frankly, we’re concerned that if comments are allowed, we may see some inappropriate ones.  Please do (emphatically) email your questions, feedback, and comments about the blog to us at switech@microsoft.com.  While we can’t promise to address every comment, we will address comments in the blog as appropriate.

For more information please see the following links:

http://blogs.technet.com/msrc/archive/2005/07/15/407755.aspx

http://www.microsoft.com/technet/archive/security/bestprac/secwinin.mspx?mfr=true

About the Security Research & Defense Bloggers:

Group Photo:

Kevin Brown Bio: Kevin has been programming since he discovered BASIC on his TI-99/4A as a kid.  As a BBS sysop in the 90’s, he learned the need for security first hand.  Several years ago, while confined to the couch with a debilitating injury, he entertained himself by writing his first security tools.  After making a full recovery, Kevin decided getting paid to do security work would be even better.  He now enjoys studying the root causes of vulnerabilities and looking for new and interesting ways to protect our customers and make our software more resilient to attack.  Kevin lives in the United Kingdom with his wife Jessica, and their small herd of cats. 

 

Brian Cavenah Bio: Brian Cavenah is a Security Software Engineer in the MSRC Engineering team at Microsoft.  He enjoys taking thing apart and putting them back together again which explains his fulfillment in discovering, exploiting, and securing software vulnerabilities.  Brian enjoys being here in Seattle, and would like to someday build a high-tech greenhouse.

 

 

 

Chengyun Chu Bio: Chengyun Chu, security software engineer in MSRC Engineering. His first encounter with malware happened during a course project when his FORTRAN program (edited so painfully using EDLIN in DOS) was wiped out without his approval.  Ever since, he swore to defend his machine, and finally located his dream job at Microsoft, on the MSRC Engineering team.  He loves hiking, badminton, and PC games like warcraft/starcraft. His latest favorite toy is the Wii.  Sorry Xbox 360.

 

Bruce Dang Bio: During the day, Bruce works in the Microsoft Security Response Center Engineering group and dedicates his time to protecting customers from various types of malicious software on the Internet.  Sometimes this involves helping customers write generic signatures to detect exploits at various layers in the stack.  At night, he reads non-technical books and sleeps.  Once in a while, he analyzes random file format exploits.   In his free time, he enjoys reading and learning about computer security, linguistics, philosophy, and history.  

 

Mark Debenham Bio: Mark joined the company in the summer of 2006 where we greeted him with MS-06040, which made him decide that he needed to run Windows for the very first time (excluding IDA pro use!). Mark now spends his time in the cloud and moonlights with virtualization technologies. He promises customers he doesn’t have spare time, but if he did he’d use it to catch up with friends and ensure quality control of beer-based technologies wherever they may be found.

 

Nick Finco Bio: Found under a pseudo-random tree somewhere in Montana, Nick has been breaking software ever since his school administrators tried to prevent computer gaming during class.  Upon joining Microsoft, he worked in the Windows Security Management team for years.  Finally, his desire to pen test software pushed him into the MSRC Engineering team, where he worked with Rob and Damian to create the team and refine its processes into the well oiled machine it is today.  Currently, Nick is a member of the MSRC Engineering team where he continues to expand his expertise while tracking down those wily security bugs.

 

Damian Hasse Bio: Damian Hasse, Principal Security Development Manager at Microsoft, manages the Microsoft Security Response Center (MSRC) Engineering team of security researchers that investigate vulnerabilities and security threats as part of the MSRC process, as well as the Microsoft Security Engineering Center (MSEC) Pen Test team which helps to review Microsoft products for security issues before they are released.

The MSRC Engineering teams work on every MSRC case to help improve the guidance and protection we provide our customers. We do this through our security updates. As part of our role, we discover additional attack vectors, new exploitation techniques and adapt quickly to stay ahead of the ever evolving security ecosystem. We also analyze each MSRC vulnerability and determine mitigations and workarounds, which get published in the bulletins.

The teams also provide forward looking security guidance to product teams within Microsoft, impacting products and services before and after release. We ultimately help to protect Microsoft customers from getting their systems compromised by building more resilient software.  This is all part of the security pillar of Trustworthy Computing at Microsoft (http://www.microsoft.com/mscorp/twc/default.mspx).

 

Robert Hensing Bio: Robert Hensing, a 10+ year veteran of Microsoft, is a Software Security Engineer on the Microsoft Security Response Center Engineering team, a role which he has been in for the last 4 years. Robert works closely with the Microsoft Security Response Center with a focus on identifying mitigations and workarounds for product vulnerabilities that can be documented in advisories and bulletins to help protect customers from attacks. Prior to working on the MSRC Engineering team, Robert was a senior member of the Customer Support Services Security team where he helped customers with incident response related investigations.

 

Matt Miller Bio: Matt Miller has been an active member of the security research and development community where he focuses primarily on areas relating to exploitation technology and reverse engineering.  Matt joined the Metasploit project in 2004 and contributed to the advancement of the Metasploit framework.  Some of these advancements included the Meterpreter, VNC injection, and his work as a core developer on Metasploit 3.0.  Matt is also an editor and contributor to the Uninformed Journal which is a free, community-driven outlet for new research.  Matt's contributions to the journal have included papers on bypassing PatchGuard and DEP, as well as other techniques that can be used to improve or inhibit exploit reliability.  In addition to his work with Metasploit and Uninformed, Matt also developed a functional implementation of Address Space Layout Randomization (ASLR) for Windows 2000, Windows XP, and Windows Server 2003 prior to the integration of ASLR into Windows Vista.  Matt recently joined the Microsoft Security Engineering Science team where he is currently focused on program security analysis and exploit mitigations.

 

Jonathan Ness Bio: Jonathan Ness leads the MSRC Engineering team of software security engineers at Microsoft.  He joined Microsoft in March 2003 as a member of the MSRC Engineering (then Secure Windows Initiative (SWI) Attack Team).   He and his defense team generate mitigations and workarounds for use in the montly Microsoft security bulletins, detailed vulnerability documentation for MSRC cases, and act as engineering technical lead for the Microsoft company-wide Software Security Incident Response Process (http://www.microsoft.com/security/msrc/incident_response.mspx#ESB).   
Things Jonathan loves about Microsoft:

• Helping make hundreds of millions of computers more secure every month
• Working every day with some of the smartest security engineers in the world who all care passionately about protecting customers
• Finding ways to convey enough details about a vulnerability to help protect customers but not enough for that information to spawn exploits
• Helping customers find ways to reduce attack surface and protect themselves from attacks

Outside Microsoft work, Jonathan thinks about security pretty much all the time.  One weekend each month and several weeks each year, he participates as a member of a reserve military unit helping to protect DoD networks.  Jonathan has written two books - Gray Hat Hacking (published in 2004) and Gray Hat Hacking, Second Edition (2008).  In his spare time, he enjoys his video editing hobby and mentoring youth at his church.  He lives a bit north of Redmond with his wife Jessica and their cat Chewey.

 

Fermin J. Serna Bio: Fermin J. Serna is a Security Software Engineer in the MSRC Engineering team.  Prior to joining Microsoft, he spent 7 years in Spain working as a Penetration tester and lately running his own company in the security field.  He has collaborated with US-CERT in the responsible disclosure of several vulnerabilities, such as CA-2002-12 for ISC-DHCP, and published documents on exploitation techniques on rare architectures such as SPARC and PA-RISC.  He loves security, coding, challenges, and chess. 

 

Gavin Thomas Bio:  In 2006, Gavin joined the Microsoft Security Response Center (MSRC) Engineering (React) team as a Security Software Engineer.  He thoroughly enjoys breaking software, finding new and innovative techniques to do it and he always relishes a challenge.  Prior to joining Microsoft, he worked as a software security specialist for the UK government. Gavin and his family currently live in the UK. 

 

Matt Thomlinson Bio: Matt Thomlinson is the Senior Director of security engineering in the Trustworthy Computing Group at Microsoft. His teams are responsible for proactively implementing tools and processes to help secure Microsoft products and services, like the Security Development Lifecycle (SDL), as well as reacting to the technical aspects of security response. Matt also leads a security research group that is charged with furthering security science in order to better secure products and develop new vulnerability mitigations for products.

 

Mark Wodrich Bio: Mark Wodrich is a Security Software Engineer in the MSRC Engineering team. He spent several years working on various networking technologies at Microsoft before joining MSRC Engineering, which explains why he has fond feelings for all network-based vulnerabilities. In his spare time he enjoys travel, hiking and snowshoeing, good food and wine.

Greg Wroblewski Bio: Greg Wroblewski, Senior Security Software Engineer, drives technical side of the security response process at Microsoft. His experience at breaking things started at the age of three, when he successfully broke a power outlet. Surviving this achievement he decided to move his attention towards low voltage devices. Guided by his parents, he eventually settled on software breaking and protecting techniques. Currently as a member of the MSRC Engineering team he is well known for always keeping his development environment updated with newest malware available. Since the time of the WMF vulnerability outbreak, he now keeps his office equipped with a reasonable amount of water, MREs and fire logs. Always prepared to keep customers secure.

 

David Ross Bio: David Ross is a Principal Security Software Engineer on the MSRC Engineering team. David lives and breathes browser and web application security. Prior to joining MSRC Engineering in 2002, David spent his formative years at Microsoft on the Internet Explorer Security Team and wears the battle scars with pride. David’s blog:http://blogs.msdn.com/dross

Andrew Roths Bio: Andrew Roths manages one of two MSRC Engineering teams.  His team is responsible for triaging externally discovered security issues and helping to ensure they are addressed appropriately.  Other responsibilities of his team include hunting for variations of security issues and providing technical guidance to customers.  Prior to being a manager, Andrew was part of Microsoft’s Security Engineering Center (MSEC).  Outside of work, Andrew spends much of his free time cycling around the back roads of the Seattle area.