Microsoft Revamps Windows Insider Preview Bug Bounty Program

Microsoft has revamped its Windows Insider Preview bug bounty program with higher rewards and an improved portal for bounty hunters to report flaws, in an effort to help sniff out more vulnerabilities on its platform. The Microsoft Windows Insider Preview bounty program is part of the Microsoft...

Triaging a DLL planting vulnerability

DLL planting aka binary planting/hijacking/preloading resurface every now and then, it is not always clear on how Microsoft will respond to the report. This blog post will try to clarify the parameters considered while triaging DLL planting issues. It is well known that when an application loads ...

LocalTapiola: Creating arbitrary cookies values /cs/CookieServer (www.lahitapiola.fi)

Issue The reporter was able to inject http-headers to set custom cookies in the response. The cookie scope was .lahitapiola.fi. /cs/CookieServer.The report contained a thorough PoC and appropriate screenshots which assisted the triaging process. Fix The issue was investigated and found to be vali...

Triaging the exploitability of IE/EDGE crashes

Introduction Both Internet Explorer IE and Edge have seen significant changes in order to help protect customers from security threats. This work has featured a number of mitigations that together have not only rendered classes of vulnerabilities not-exploitable, but also dramatically raised the...

A Token’s Tale

Posted by James Forshaw currently impersonating NT AUTHORITY\SYSTEM. Much as I enjoy the process of vulnerability research sometimes there’s a significant disparity between the difficulty of finding a vulnerability and exploiting it. The Project Zero blog contains numerous examples of complex...