Skip to content

Microsoft Secure

Office 365 Advanced Threat Protection defense for corporate networks against recent Office exploit attacks

The Office 365 Threat Research team has seen an uptick in the use of Office exploits in attacks across various industry sectors in recent months. In this blog, we will review several of these exploits, including a group of Office moniker exploits that attackers have used in targeted as well as crimeware attacks. We will...

Read more

Minimize cybersecurity risk with Software Asset Management

This post is authored by Patama Chantaruck, General Manager of Worldwide Software Asset Management & Compliance.  By 2021, worldwide cybercrime damage is expected to reach $6 trillion—double what it cost businesses in 2015. Unapproved apps, unmanaged devices, poor password protection, and other security issues are leaving far too many organizations vulnerable to attack. And as...

Read more

#AVGater vulnerability does not affect Windows Defender Antivirus, MSE, or SCEP

On November 10, 2017, a vulnerability called #AVGater was discovered affecting some antivirus products. The vulnerability requires a non-administrator-level account to perform a restore of a quarantined file. Windows Defender Antivirus and other Microsoft antimalware products, including System Center Endpoint Protection (SCEP) and Microsoft Security Essentials (MSE), are not affected by this vulnerability. This vulnerability...

Read more

Detecting reflective DLL loading with Windows Defender ATP

Today’s attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk. In recent blogs we described how attackers use basic...

Read more

A decade inside Microsoft Security

Ten years ago, I walked onto Microsoft’s Redmond campus to take a role on a team that partnered with governments and CERTs on cybersecurity. I’d just left a meaningful career in US federal government service because I thought it would be fascinating to experience first-hand the security challenges and innovation from the perspective of the...

Read more

Defending against ransomware using system design

This post is authored by Michael Melone, Principal Cybersecurity Consultant, Enterprise Cybersecurity Group.  Earlier this year, the world experienced a new and highly-destructive type of ransomware. The novel aspects of WannaCry and Petya were not skills as ransomware, but the combination of commonplace ransomware tactics paired with worm capability to improve propagation. WannaCry achieved its...

Read more

Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks

The threat to sensitive financial information is greater than ever. Data breaches, phishing attacks, and other forms of information theft are all too common in today’s threat landscape. Point-of-sale systems and ATMs have been targeted by hackers. Information-stealing trojans pose a risk to data and can lead to significant financial loss. Qakbot and Emotet are...

Read more