A Windows Defender Flaw Lurked Undetected for 12 Years

Microsoft has finally patched the bug in its antivirus program after researchers spotted it last fall...

Windows Defender AMSI has a binary vulnerability

Microsoft English name: Microsoft; Chinese name: Microsoft Corporation or American Microsoft Corporation is an American multinational technology company that focuses on the business of developing, manufacturing, licensing, and providing a wide range of computer software services. A binary...

Microsoft Defender Elevation of Privilege Vulnerability

...

PT-2021-2082 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft Defender versions prior to the fixed version Description: The issue is related to errors in privilege management in Microsoft Defender, which is part of the Microsoft Windows operating system. Exploitation of this issue may allow an...

Fixed vulnerabilities in Windows Defender and System Center Operations Manager

Microsoft has fixed vulnerabilities in Windows Defender and Microsoft System Center Operations Manager. A malicious party could vulnerabilities potentially exploit them to gain higher privileges. Windows Defender: |----------------|------|-------------------------------------| | CVE ID | CVSS |...

Microsoft Defender Security Feature Issue Vulnerability

Microsoft Defender is a threat protection software from Microsoft Corporation USA. A security feature issue vulnerability exists in Microsoft Defender. The following products and versions are affected: Microsoft Endpoint Protection,Microsoft System Center Endpoint Protection,Microsoft System Cent...

PT-2021-2067 · Microsoft · Windows Defender +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Codecs Library affected versions not specified Microsoft Windows Camera Codec Pack affected versions not specified Description: The issue is related to a remote code execution problem. It may allow remote attackers to execut...

Security Update for Windows Defender (February 2021)

The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host is equal or prior to 1.1.17700.4. It is, therefore, affected by a unspecified privilege escalation vulnerability. An authenticated, local attacker can exploit this to gain administrator access...

Why threat protection is critical to your Zero Trust security strategy

The corporate network perimeter has been completely redefined. Many IT leaders are adopting a Zero Trust security model where identities play a critical role in helping act as the foundation of their modern cybersecurity strategy. As a result, cybercriminals have shifted their focus and identitie...

What tracking an attacker email infrastructure tells us about persistent cybercriminal operations

From March to December 2020, we tracked segments of a dynamically generated email infrastructure that attackers used to send more than a million emails per month, distributing at least seven distinct malware families in dozens of campaigns using a variety of phishing lures and tactics. These...

What tracking an attacker email infrastructure tells us about persistent cybercriminal operations

From March to December 2020, we tracked segments of a dynamically generated email infrastructure that attackers used to send more than a million emails per month, distributing at least seven distinct malware families in dozens of campaigns using a variety of phishing lures and tactics. These...

ZINC attacks against security researchers

In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive securit...

Announcing the general availability of Azure Defender for IoT

As businesses increasingly rely on connected devices to optimize their operations, the number of IoT and Operational Technology OT endpoints is growing dramatically—industry analysts have estimated that CISOs will soon be responsible for an attack surface multiple times larger than just a few yea...

Announcing the general availability of Azure Defender for IoT

As businesses increasingly rely on connected devices to optimize their operations, the number of IoT and Operational Technology OT endpoints is growing dramatically—industry analysts have estimated that CISOs will soon be responsible for an attack surface multiple times larger than just a few yea...

Protecting multi-cloud environments with Azure Security Center

We’ve heard from many of you that multi-cloud adoption is becoming a standard operating model for your organization and that it’s challenging to have the right security controls and posture across your environment. Historically, security teams have not had effective tools to secure multi-cloud...

Protecting multi-cloud environments with Azure Security Center

We’ve heard from many of you that multi-cloud adoption is becoming a standard operating model for your organization and that it’s challenging to have the right security controls and posture across your environment. Historically, security teams have not had effective tools to secure multi-cloud...

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade. Our continued analysis of threat data shows that the attackers behind Solorigate are skilled campaign...

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade. Our continued analysis of threat data shows that the attackers behind Solorigate are skilled campaign...

The vulnerability of the mpengine.dll library of Windows Defender allows a hacker to execute arbitrary code.

The vulnerability of the mpengine.dll library in Windows Defender exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file...

Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender

­Even as investigations into the sophisticated attack known as Solorigate are still underway, details and insights about the tools, patterns, and methods used by the attackers point to steps that organizations can take to improve their defenses against similar attacks. Solorigate is a cross-domai...