Skip to content
Microsoft Secure

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks showed the force of ransomware in making real-world impact, affecting corporate networks and bringing down critical services like hospitals,...

Read more

WannaCrypt ransomware worm targets out-of-date systems

On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as WannaCrypt, appears to have affected computers that have not applied...

Read more

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these...

Read more

Reverse engineering DUBNIUM – Stage 2 payload analysis

Recently, we blogged about the basic functionality and features of the DUBNIUM advanced persistent threat (APT) activity group Stage 1 binary and Adobe Flash exploit used during the December 2015 incident (Part 1, Part 2). In this blog, we will go through the overall infection chain structure and the Stage 2 executable details. Stage 2...

Read more

Reverse-engineering DUBNIUM’s Flash-targeting exploit

The DUBNIUM campaign in December involved one exploit in-the-wild that affected Adobe Flash Player. In this blog, we’re going to examine the technical details of the exploit that targeted vulnerability CVE-2015-8651. For more details on this vulnerability, see Adobe Security Bulletin APSB16-01. Note that Microsoft Edge on Windows 10 was protected from this attack due...

Read more

Reverse-engineering DUBNIUM

DUBNIUM (which shares indicators with what Kaspersky researchers have called DarkHotel) is one of the activity groups that has been very active in recent years, and has many distinctive features. We located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a...

Read more

Understanding type confusion vulnerabilities: CVE-2015-0336

In March 2014, we observed a patched Adobe Flash vulnerability (CVE-2015-0336) being exploited in the wild. Adobe released the patch on March 12, 2014, and exploit code using this vulnerability first appeared about a week later. To help stay protected: Keep your Microsoft security software, such as Windows Defender for Windows 8.1 up-to-date. Keep your...

Read more

Creating an intelligent “sandbox” for coordinated malware eradication

Antimalware companies have for some time used machine learning and big data analysis to detect and disrupt malware. But to move from disruption to eradication, the antimalware ecosystem must work with new types of partners in different ways.  Read more >>...

Read more

RSA Conference 2014: Microsoft’s Trust Principles

The keynote sessions at the RSA Conference are always compelling. This year’s presentations at the Moscone Center in San Francisco have been some of the best I’ve seen, with a strong focus on government surveillance programs and what they mean for the IT industry. In his keynote speech, Trustworthy Computing Corporate Vice President, Scott Charney,...

Read more

A coordinated approach to eradicating malware

Microsoft and others in the technology industry have worked together for many years to disrupt malicious software, or malware, and to reduce its impact on customers. But despite those efforts, many malware families live on, continuing to infect computers and cause damage well after they are discovered.  Can industry leaders come together and begin eliminating...

Read more