Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » exploitation   (RSS)
Friday, November 20, 2009 4:09 PM

SEHOP per-process opt-in support in Windows 7

In a previous blog post we discussed the technical details of Structured Exception Handler Overwrite Protection (SEHOP) which is an exploit mitigation feature that was first introduced in Windows Vista SP1 and Windows Server 2008 RTM. SEHOP prevents attackers
Posted by swiblog | (Comments Off)
Friday, September 18, 2009 10:00 AM

Update on the SMB vulnerability situation

We’d like to give everyone an update on the situation surrounding the new Microsoft Server Message Block Version 2 (SMBv2) vulnerability affecting Windows Vista and Windows Server 2008. Easy way to disable SMBv2 First exploit for code execution released
Posted by swiblog | (Comments Off)
Tuesday, August 04, 2009 12:33 PM

Preventing the exploitation of user mode heap corruption vulnerabilities

Over the past few months we have discussed a few different defense in depth mitigations (like GS [ pt 1 , pt2 ], SEHOP , and DEP [ pt 1 , pt 2 ]) which are designed to make it harder for attackers to successfully exploit memory safety vulnerabilities
Posted by swiblog | (Comments Off)
Friday, June 05, 2009 6:14 PM

Shellcode Analysis via MSEC Debugger Extensions

In a previous post we provided some background on the !exploitable Crash Analyzer which was released earlier this year. One of the things that we didn’t mention is that !exploitable is just one of the debugger commands exported by the MSEC debugger extension
Posted by swiblog | (Comments Off)
Tuesday, May 26, 2009 10:57 AM

Safe Unlinking in the Kernel Pool

The heap in user mode has a number of different measures built in to make exploiting heap overrun vulnerabilities more challenging. Similar checks have been in debug versions of the kernel pool for some time to aid driver debugging. Windows 7 RC is the
Posted by swiblog | (Comments Off)
Tuesday, May 12, 2009 10:11 AM

MS09-017: An out-of-the-ordinary PowerPoint security update

Security update MS09-017 addresses the PowerPoint (PPT) zero-day vulnerability that has recently been used in targeted attacks. We issued security advisory 969136 with workarounds on April 2nd after we first saw the exploits in-the-wild abusing this vulnerability.
Posted by swiblog | (Comments Off)
Monday, March 23, 2009 11:35 AM

Released build of Internet Explorer 8 blocks Dowd/Sotirov ASLR+DEP .NET bypass

Last summer at BlackHat Vegas, Alexander Sotirov and Mark Dowd outlined several clever ways to bypass the Windows Vista defense-in-depth protection combination of DEP and ASLR in attacks targeting Internet Explorer. One approach they presented allowed
Posted by swiblog | (Comments Off)
Monday, February 02, 2009 2:53 PM

Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP

One of the responsibilities of Microsoft’s Security Engineering Center is to investigate defense in depth techniques that can be used to make it harder for attackers to successfully exploit a software vulnerability. These techniques are commonly referred
Posted by swiblog | (Comments Off)
Tuesday, January 08, 2008 1:15 PM

MS08-001 (part 3) – The case of the IGMP network critical

This is the final post in the three-part series covering MS08-001. In this post we’ll look at the IGMP vulnerability (CVE-2007-0069) and why we think successful exploitation for remote code execution is not likely. This vulnerability is around Windows’
Posted by migrady | (Comments Off)
 
Page view tracker