Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Defense-in-depth   (RSS)
Friday, November 20, 2009 4:09 PM

SEHOP per-process opt-in support in Windows 7

In a previous blog post we discussed the technical details of Structured Exception Handler Overwrite Protection (SEHOP) which is an exploit mitigation feature that was first introduced in Windows Vista SP1 and Windows Server 2008 RTM. SEHOP prevents attackers
Posted by swiblog | (Comments Off)
Monday, October 12, 2009 7:27 AM

New attack surface reduction feature in GDI+

MS09-062 fixes several vulnerabilities in GDI+ related to image parsing. It also includes a feature which allows administrators to disable parsing for each of the different image formats. This feature was publicly released early this year in an optional
Posted by swiblog | (Comments Off)
Tuesday, September 08, 2009 9:57 AM

Assessing the risk of the September Critical security bulletins

This morning we released five security bulletins , all of them having a bulletin maximum severity rating of Critical and two having a bulletin maximum exploitability index rating of "1" (Consistent exploit code likely). We wanted to just say a few words
Posted by swiblog | (Comments Off)
Tuesday, August 04, 2009 12:33 PM

Preventing the exploitation of user mode heap corruption vulnerabilities

Over the past few months we have discussed a few different defense in depth mitigations (like GS [ pt 1 , pt2 ], SEHOP , and DEP [ pt 1 , pt 2 ]) which are designed to make it harder for attackers to successfully exploit memory safety vulnerabilities
Posted by swiblog | (Comments Off)
Tuesday, July 28, 2009 9:57 AM

Internet Explorer Mitigations for ATL Data Stream Vulnerabilities

IE security update MS09-034 implements two defense-in-depth measures intended to mitigate the threat of attacks which attempt to exploit the Microsoft Active Template Library (ATL) vulnerabilities described in Security Advisory 973882 and MS09-034 . We
Posted by swiblog | (Comments Off)
Friday, June 12, 2009 10:48 AM

Understanding DEP as a mitigation technology part 2

In our previous blog post , we explained how DEP works and how to determine if / how a process opted-in to DEP. Now we will demonstrate how DEP can be used to mitigate the risk of a real-world attack. We published a security advisory in February describing
Posted by swiblog | (Comments Off)
Friday, June 12, 2009 10:30 AM

Understanding DEP as a mitigation technology part 1

We have mentioned DEP in several recent blog posts ( 1 , 2 , 3 , and 4 ). This blog post will answer: What is DEP? How can you enable DEP? What are the risks in enabling different modes of DEP? This is the first of a two-part blog series on DEP as a mitigation
Posted by swiblog | (Comments Off)
Attachment(s): AddProcessParametersFlags - XPSP2.txt
Tuesday, June 09, 2009 10:01 AM

MS09-019 (CVE-2009-1140): Benefits of IE Protected Mode, additional Network Protocol Lockdown workaround

Benefits of IE Protected Mode One of the vulnerabilities addressed in MS09-019 , CVE-2009-1140, involves navigating to a local file via a UNC path, ex: \\127.0.0.1\c$. This roundabout way of navigating to a file is necessary to execute local content such
Posted by swiblog | (Comments Off)
Tuesday, May 26, 2009 10:57 AM

Safe Unlinking in the Kernel Pool

The heap in user mode has a number of different measures built in to make exploiting heap overrun vulnerabilities more challenging. Similar checks have been in debug versions of the kernel pool for some time to aid driver debugging. Windows 7 RC is the
Posted by swiblog | (Comments Off)
Tuesday, April 14, 2009 9:58 AM

MS09-014: Addressing the Safari Carpet Bomb vulnerability

Following up on Security Advisory 953818 , today we released MS09-014 , rated as Moderate, which addresses aspects of the Safari Carpet Bomb vulnerability. On a Windows operating system this vulnerability allows an attacker, through Safari, to drop arbitrary
Posted by swiblog | (Comments Off)
 
Page view tracker