Defense-in-depth – Page 4 – Microsoft Security Response Center

Internet Explorer Mitigations for ATL Data Stream Vulnerabilities

Security Research & Defense / By swiat / July 28, 2009 June 20, 2019

IE security update MS09-034 implements two defense-in-depth measures intended to mitigate the threat of attacks which attempt to exploit the Microsoft Active Template Library (ATL) vulnerabilities described in Security Advisory 973882 and MS09-034. We would like to explain these mitigations in more detail. ATL persisted data checks The first mitigation is a change to modify …

Internet Explorer Mitigations for ATL Data Stream Vulnerabilities Read More »

Understanding DEP as a mitigation technology part 1

Security Research & Defense / By swiat / June 12, 2009 June 20, 2019

We have mentioned DEP in several recent blog posts (1, 2, 3, and 4). This blog post will answer: What is DEP? How can you enable DEP? What are the risks in enabling different modes of DEP? This is the first of a two-part blog series on DEP as a mitigation technology. What is DEP? …

Understanding DEP as a mitigation technology part 1 Read More »

Understanding DEP as a mitigation technology part 2

Security Research & Defense / By swiat / June 12, 2009 June 20, 2019

In our previous blog post, we explained how DEP works and how to determine if / how a process opted-in to DEP. Now we will demonstrate how DEP can be used to mitigate the risk of a real-world attack. We published a security advisory in February describing an Excel vulnerability in fully-patched Excel being used …

Understanding DEP as a mitigation technology part 2 Read More »

A Brussels retrospective from Oahu

BlueHat / By bluehat / June 12, 2009 June 20, 2019

Handle:Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change – the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk, egos Aloha from the Shakacon III, a security conference held each year in lovely Honolulu, Hawaii! Although I’m currently in …

A Brussels retrospective from Oahu Read More »

MS09-019 (CVE-2009-1140): Benefits of IE Protected Mode, additional Network Protocol Lockdown workaround

Security Research & Defense / By swiat / June 9, 2009 June 20, 2019

Benefits of IE Protected Mode One of the vulnerabilities addressed in MS09-019, CVE-2009-1140, involves navigating to a local file via a UNC path, ex: \\127.0.0.1\c$. This roundabout way of navigating to a file is necessary to execute local content such that it runs in the Internet Explorer Internet zone, where scripting is enabled. As it …

MS09-019 (CVE-2009-1140): Benefits of IE Protected Mode, additional Network Protocol Lockdown workaround Read More »

Safe Unlinking in the Kernel Pool

Security Research & Defense / By swiat / May 26, 2009 June 20, 2019

The heap in user mode has a number of different measures built in to make exploiting heap overrun vulnerabilities more challenging. Similar checks have been in debug versions of the kernel pool for some time to aid driver debugging. Windows 7 RC is the first version of Windows with some of these integrity checks turned …

Safe Unlinking in the Kernel Pool Read More »

Capt I.M. Hardened OS-Microsoft

BlueHat / By bluehat / May 8, 2009 June 20, 2019

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run Hey, Steve here. Just finally settling back in after traveling a bit, meeting up with different parts of the …

Capt I.M. Hardened OS-Microsoft Read More »

MS09-014: Addressing the Safari Carpet Bomb vulnerability

Security Research & Defense / By swiat / April 14, 2009 June 20, 2019

Following up on Security Advisory 953818, today we released MS09-014, rated as Moderate, which addresses aspects of the Safari Carpet Bomb vulnerability. On a Windows operating system this vulnerability allows an attacker, through Safari, to drop arbitrary files on a user’s desktop. As of Safari 3.1.2 Apple has removed this behavior from Safari. Why is …

MS09-014: Addressing the Safari Carpet Bomb vulnerability Read More »