Skip to content

Microsoft Secure

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to further close the gap between malware release and...

Read more

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit (DCU), announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the Andromeda botnet. The disruption is the culmination of a journey that started in...

Read more

Microsoft Contact: Stephen Smith (stepsmit)
Agency: Cinco Design
Agency Contact: Kate Callahan (
Photographer: Amy Sacka (
Shoot month: March 2017
Location: Portland, OR
Business: LinkedIn Datacenter

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run through legitimate processes and are perfect tools for “living off the land”—staying away from the...

Read more

#AVGater vulnerability does not affect Windows Defender Antivirus, MSE, or SCEP

On November 10, 2017, a vulnerability called #AVGater was discovered affecting some antivirus products. The vulnerability requires a non-administrator-level account to perform a restore of a quarantined file. Windows Defender Antivirus and other Microsoft antimalware products, including System Center Endpoint Protection (SCEP) and Microsoft Security Essentials (MSE), are not affected by this vulnerability. This vulnerability...

Read more

Guidance for Internet Explorer vulnerability

On April 26, 2014, Microsoft notified customers of a vulnerability in Internet Explorer. To date, we are aware of limited, targeted attacks and are working on a fix. UPDATE: Microsoft released a security update for this vulnerability on May 1. For more information, see Available now: Security update for Internet Explorer. We encourage you to take steps that protect...

Read more

Anti-virus Software is Dead…Really?

Yesterday we released the latest volume of the Microsoft Security Intelligence Report. Among the ~800 pages of new threat intelligence is a new study that attempts to quantify the benefit of running up-to-date anti-virus (AV) software.  The study leveraged data from over a billion systems worldwide and it turns out that systems that do not have...

Read more

Hundreds of Pages of New Security Intelligence Now Available: Microsoft Security Intelligence Report Volume 12 Released

Today we released the latest volume of the Microsoft Security Intelligence Report (SIR) containing a large body of new data and analysis on the threat landscape.  This volume of the SIR includes: Latest industry vulnerability disclosure trends and analysis Latest data and analysis of global vulnerability exploit activity Latest trends and analysis on global malware...

Read more

Weekly Roundup : Dec 30, 2011 : Taking a Look Back at Some of the Year’s Top Security Stories

Trending Security News In August we started posting the Weekly Roundup to share trending security news from many viewpoints. Week by week the flow of news provides insights into the ever growing challenges faced in the global efforts to secure cyberspace, as well as the progress made and security guidance as well as new and...

Read more