Attack

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Tuesday, October 10, 2023

Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.

Read More

• Network protocol
• Attack
• CVD
• CVE-2023-44487
• DDoS
• HTTP/2 Rapid Reset

Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)

Wednesday, November 16, 2022

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning (ML) systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security and privacy guarantees provided by state-of-the-art ML algorithms – indeed this is one of Microsoft’s Responsible AI Principles.

Read More

• AI/ML
• Attack
• Security Research

New Research Paper: Pre-hijacking Attacks on Web User Accounts

Monday, May 23, 2022

In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researcher Avinash Sudhodanan, investigated account pre-hijacking – a new class of attacks affecting websites and other online services.

Read More

• Attack
• Defense-in-depth
• Mitigations
• Security Research

Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322

Wednesday, February 19, 2014

Today, we released Security Advisory 2934088 to provide guidance to customers concerned about a new vulnerability found in Internet Explorer versions 9 and 10. This vulnerability has been exploited in limited, targeted attacks against Internet Explorer 10 users browsing to www.vfw.org and www.gifas.asso.fr. We will cover the following topics in this blog post:

Read More

• 0day
• Attack
• EMET
• FixIt
• Risk Asessment

Microsoft Releases Security Advisory 2914486

Wednesday, November 27, 2013

Today we released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program (MAPP) found this issue being used on systems compromised by a third-party remote code execution vulnerability.

Read More

• Advisory
• Attack
• Microsoft Windows
• Security
• Security Advisory

Running in the wild, not for so long

Wednesday, July 10, 2013

Over the weekend we received a report from our partners about a possible unpatched Internet Explorer vulnerability being exploited in the wild. The exploit code uses a memory corruption bug triggered from a webpage but it deeply leverages a Flash SWF file in order to achieve reliable exploitation and code execution.

Read More

• Attack
• Detection
• EMET
• Exploitation
• Internet Explorer (IE)
• Workarounds
• Zero-Day Exploit

MS13-051: Get Out of My Office!

Tuesday, June 11, 2013

MS13-051 addresses a security vulnerability in Microsoft Office 2003 and Office for Mac. Newer versions of Microsoft Office for Windows are not affected by this vulnerability, but the newest version of Office for Mac (2011) is affected. We have seen this vulnerability exploited in targeted 0day attacks in the wild. In this blog we’ll cover the following aspects:

Read More

• Attack
• Detection
• EMET

New vulnerability affecting Internet Explorer 8 users

Saturday, December 29, 2012

Today, the MSRC released Security Advisory 2794220 alerting customers to limited, targeted attacks affecting customers using Internet Explorer 6, 7, and 8. Internet Explorer 9 and Internet Explorer 10 users are safe. More information about the vulnerability and exploit In this particular vulnerability, IE attempts to reference and use an object that had previously been freed.

Read More

• Attack
• Detection
• EMET
• Internet Explorer (IE)
• Zero-Day Exploit

More information on Security Advisory 2757760's Fix It

Wednesday, September 19, 2012

Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more about the vulnerability and explain how the Fix It solution addresses the issue.

Read More

• Attack
• EMET
• FixIt
• Internet Explorer (IE)
• Mitigations
• MSHTML
• Risk Asessment

MS12-060: Addressing a vulnerability in MSCOMCTL.OCX's TabStrip control

Tuesday, August 14, 2012

Today we released MS12-060, addressing a potential remote code execution vulnerability in MSCOMCTL.OCX, the binary included with a number of Microsoft products to provide a set of common ActiveX controls. Limited, targeted attacks exploiting CVE-2012-1856 MS12-060 is on the list of high priority updates for this month for two reasons: we are aware of very limited, targeted attacks taking advantage of CVE-2012-1856 and we expect to see new attacks taking advantage of this vulnerability in days ahead.

Read More

• Attack
• Classid
• Clsid
• Defense-in-depth
• EMET
• Mitigations