Skip to main content


MS14-025: An Update for Group Policy Preferences

Tuesday, May 13, 2014

Today, we released an update to address a vulnerability in Group Policy Preferences (MS14-025). Group Policy Preferences was an addition made to Group Policy to extend its capabilities. Among other things, Group Policy Preferences allows an administrator to configure: Local administrator accounts (name of the account, account password, etc) Configure a service or scheduled task (allowed to specify alternate credentials to run as) Mount network drives when a user logs in (allowed to specify alternate credentials to connect with) Group Policy Preferences are distributed just like normal group policy: An XML file containing the settings is written to the SYSVOL share of the domain controllers, and computers periodically query the SYSVOL share (authenticating to it using their computer account) for updates to the group policy.

The Enhanced Mitigation Experience Toolkit 2.0 is Now Available

Thursday, September 02, 2010

Today we are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0. Users can click here to download the tool free of charge. For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications.

Announcing OffVis 1.0 Beta

Friday, July 31, 2009

We’ve gotten questions from security researchers and malware protection vendors about the binary file format used by Microsoft Word, PowerPoint, and Excel. The format specification is open and we have spoken at several conferences (1, 2, 3) about detecting malicious docs but we wanted to do more to help defenders. So earlier this year we started working on an Office Visualization Tool called “OffVis”.

MS08-042 : Understanding and detecting a specific Word vulnerability

Tuesday, August 12, 2008

A few weeks ago we posted a blog entry titled “How to parse the .doc file format”. Today’s blog post will show you how to use that information to check whether a .doc file is specially crafted to exploit MS08-042, one of the vulnerabilities addressed by today’s security updates. This particular vulnerability is being exploited out in the real world so we believe the benefits of releasing more information about it to help the defenders outweighs the risk of attackers learning more about the already-public vulnerability.

New tools to block and eradicate SQL injection

Tuesday, June 24, 2008

The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements the others. The goal of this blog post is to help you identify the best tool to use depending on your role (i.