Uncovering cross-process injection with Windows Defender ATP

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft—read how Windows 10 continues to raise…

2

Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series

Despite the disruption of Axpergle (Angler), which dominated the landscape in early 2016, exploit kits as a whole continued to be a threat to PCs running unpatched software. Some of the most prominent threats, from malvertising to ransomware, used exploit kits to infect millions of computers worldwide in 2016. The prevalence of exploit kits as an…

2

Hardening Windows 10 with zero-day exploit mitigations

Cyberattacks involving zero-day exploits happen from time to time, affecting different platforms and applications. Over the years, Microsoft security teams have been working extremely hard to address these attacks. While delivering innovative solutions like Windows Defender Application Guard, which provides a safe virtualized layer for the Microsoft Edge browser, and Windows Defender Advanced Threat Protection,…

13

No slowdown in Cerber ransomware activity as 2016 draws to a close

As everybody else winds down for the holidays, the cybercriminals behind Cerber are busy ramping up their operations. Following our discovery of a spam campaign that takes advantage of holiday shopping, we found two new campaigns that continue distributing the latest variants of Cerber ransomware. These campaigns are the latest in a series of persistent cybercriminal…

21

Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe

Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides. Microsoft researchers have encountered twin threat activity groups that appear to target individuals for…

0

Our commitment to our customers’ security

This guest blog post is by Terry Myerson / Executive Vice President, Windows and Devices Group Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. And we take this responsibility very seriously. Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM…

11

Understanding type confusion vulnerabilities: CVE-2015-0336

In March 2014, we observed a patched Adobe Flash vulnerability (CVE-2015-0336) being exploited in the wild. Adobe released the patch on March 12, 2014, and exploit code using this vulnerability first appeared about a week later. To help stay protected: Keep your Microsoft security software, such as Windows Defender for Windows 8.1 up-to-date. Keep your third-party…

7

An interesting case of the CVE-2014-8439 exploit

We have recently seen an exploit targeting the Adobe Flash Player vulnerability CVE-2014-8439 (we detect it as Exploit:SWF/Axpergle). This exploit is being integrated into multiple exploit kits, including the Nuclear exploit kit (Exploit:JS/Neclu) and the Angler exploit kit (Exploit:JS/Axpergle). Adobe released a patch in November to address this exploit (APSB14-26).  Coincidentally, our investigation shows that Adobe…

4

A journey to CVE-2013-5330 exploit

​Recently, we’ve seen a few attacks in the wild targeting a patched Adobe Flash Player vulnerability (CVE-2013-5330). This vulnerability was addressed with a patch released by Adobe on November 12, 2013. On the Windows platform, Flash Player version 11.9.900.117 and earlier, are vulnerable. We had a chance to analyze how the attacks work and noted…

2