swiat

Continuing with Our Community Driven, Customer Focused Approach for EMET

Wednesday, April 30, 2014

The Enhanced Mitigation Experience Toolkit, best known as EMET, helps raise the bar against attackers gaining access to computer systems. Since the first release of EMET in 2009, our customers and the security community have adopted EMET and provided us with valuable feedback. Feedback both in forums and through Microsoft Premier Support Services, which provides enterprise support for EMET, has helped shape the new EMET capabilities to further expand the range of scenarios it addresses.

Read More

• EMET

Protection strategies for the Security Advisory 2963983 IE 0day

Wednesday, April 30, 2014

We’ve received a number of customer inquiries about the workaround steps documented in Security Advisory 2963983 published on Saturday evening. We hope this blog post answers those questions. Steps you can take to stay safe The security advisory lists several options customers can take to stay safe. Those options are (in summary):

Read More

• 0-day
• EMET
• Internet Explorer (IE)
• Mitigations
• Workarounds

More Details about Security Advisory 2963983 IE 0day

Saturday, April 26, 2014

Today we released Security Advisory 2963983 regarding a potential vulnerability in Internet Explorer reported by FireEye and currently under investigation. We are working closely with FireEye to investigate this report of a vulnerability which was found used in very limited targeted attack: - the vulnerability is a “use-after-free” memory corruption and the exploit observed seems to target IE9, IE10 and IE11;

Read More

• EMET IE 0day

Assessing risk for the April 2014 security updates

Tuesday, April 08, 2014

Today we released four security bulletins addressing 11 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploitability Likely first 30 days impact Platform mitigations and key notes MS14-017(Word) Victim opens a malicious RTF or DOC/DOCX file.

Read More

• Attack Vector
• Risk Asessment

MS14-019 – Fixing a binary hijacking via .cmd or .bat file

Tuesday, April 08, 2014

Command (.cmd) and batch (.bat) files can be directly provided as input to the CreateProcess as if it is an executable. CreateProcess uses the cmd.exe automatically to run the input .cmd or .bat. Today, with the bulletin MS14-019 we are fixing a vulnerability, where in particular scenario it is possible to hijack the cmd.

Read More

• MS14-019 CMD BAT CreateProcess

Security Advisory 2953095: recommendation to stay protected and for detections

Monday, March 24, 2014

Today, Microsoft released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. This blog will discuss mitigations and temporary defensive strategies that will help customers to protect themselves while we are working on a security update.

Read More

• 0day
• 2953095
• CVE-2014-1761
• EMET
• MSRC
• RTF

When ASLR makes the difference

Wednesday, March 12, 2014

We wrote several times in this blog about the importance of enabling Address Space Layout Randomization mitigation (ASLR) in modern software because it’s a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation. In today’s blog, we’ll go through ASLR one more time to show in practice how it can be valuable to mitigate two real exploits seen in the wild and to suggest solutions for programs not equipped with ASLR yet.

Read More

• ASLR
• CVE-2014-0324
• EMET
• ForceASLR
• HXDS
• LdrHotPatchRoutine
• MS13-006
• MS14-009
• VSAVB7RT

Assessing risk for the March 2014 security updates

Tuesday, March 11, 2014

Today we released five security bulletins addressing 23 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS14-012(Internet Explorer) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Risk Asessment

Announcing EMET 5.0 Technical Preview

Tuesday, February 25, 2014

Today, we are thrilled to announce a preview release of the next version of the Enhanced Mitigation Experience Toolkit, better known as EMET. You can download EMET 5.0 Technical Preview here. This Technical Preview introduces new features and enhancements that we expect to be key components of the final EMET 5.

Read More

• EMET

Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322

Wednesday, February 19, 2014

Today, we released Security Advisory 2934088 to provide guidance to customers concerned about a new vulnerability found in Internet Explorer versions 9 and 10. This vulnerability has been exploited in limited, targeted attacks against Internet Explorer 10 users browsing to www.vfw.org and www.gifas.asso.fr. We will cover the following topics in this blog post:

Read More

• 0day
• Attack
• EMET
• FixIt
• Risk Asessment