Microsoft offers several mechanisms to protect against ransomware

The start of a new year is the perfect time to reassess your security strategy and tactics especially when looking back at the new levels of ransomwares reach and damage in 2017. Its no secret that ransomware attacks are increasing. In fact, a business is hit with ransomware every 40 seconds. If...

Windows Defender Advanced Threat Protection で反射型の DLL 読み込みを検出

本記事は、Windows Security のブログ “Detecting reflective DLL loading with Windows Defender ATP” 2017 年 11 月 13 日 米国時間公開...

Windows Defender Advanced Threat Protection の機械学習: 未知の侵入アクティビティの検出

本記事は、Windows Security のブログ “Windows Defender ATP machine learning: Detecting new and unusual breach activity” 2017 年 8 月 3 日 米...

Crooks Switch from Ransomware to Cryptocurrency Mining

Criminals behind the VenusLocker ransomware have switched to cryptocurrency mining in their latest campaign targeting computer users in South Korea. Instead of attempting to infect targeted computers with ransomware, the group is now trying to install malware on PCs that mines for Monero, an...

We’re moving to Microsoft Secure

We’re packing up and moving! Starting January 2018, we’ll move our blogs to Microsoft Secure. At Microsoft Secure, you will find technical information for Office 365, Microsoft Azure, and Windows, alongside product updates, cybersecurity guidance, industry trends, and more. You can expect the sam...

Women in Tech and Career Spotlight: Inna Shalom

The latest in our series featuring women in tech at Imperva is my interview with Inna Shalom, the data insight team lead at Imperva. She spoke about her professional journey and experience working in the cybersecurity industry. Tell us how you got into cybersecurity. IS: I spent the first six yea...

GCHQ Found -- and Disclosed -- a Windows 10 Vulnerability

Now this is good news. The UK's National Cyber Security Centre NCSC -- part of GCHQ -- found a serious vulnerability in Windows Defender their anti-virus component. Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I'd like believe the US does this, too...

Windows Defender Application Guard で Microsoft Edge を最もセキュアなブラウザーに

本記事は、Windows Security のブログ “Making Microsoft Edge the most secure browser with Windows Defender Application Guard” 2017 年 10 月 23 日 米国時間...

Patch Tuesday, December 2017 Edition

The final Patch Tuesday of the year is upon us, with Adobe and Microsoft each issuing security updates for their software once again. Redmond fixed problems with various flavors of Windows, Microsoft Edge, Office, Exchange and its Malware Protection Engine. And of course Adobe's got another...

December 12, 2017—KB4054517 (OS Build 16299.125)

December 12, 2017—KB4054517 OS Build 16299.125 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge...

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...

Multiple Microsoft Products Malware Protection Engine Remote Code Execution Vulnerability

Microsoft Endpoint Protection and others are products of Microsoft Corporation, U.S.A. Microsoft Endpoint Protection is a free antivirus program; Windows Defender is a suite of antivirus programs used to remove, quarantine and prevent spyware. Malware Protection Engine is one of the malware...

Remote code execution

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properl...

CVE-2017-11940

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properl...

CVE-2017-11940

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properl...

CVE-2017-11940

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properl...

CVE-2017-11940

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properl...

Microsoft Malware Protection Engine < 1.1.14405.2 RCE

The version of Microsoft Malware Protection Engine MMPE installed on the remote Windows host is prior to 1.1.14405.2. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has checked if a vulnerable version of MMPE is being used by any of the following application...