Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems

Last week the technology industry and many of our customers learned of new vulnerabilities in the hardware chips that power phones, PCs and servers. We and others in the industry had learned of this vulnerability under nondisclosure agreement several months ago and immediately began developing...

Application fuzzing in the era of Machine Learning and AI

Proactively testing software for bugs is not new. The earliest examples date back to the 1950s with the term fuzzing. Fuzzing as we now refer to it is the injection of random inputs and commands into applications. It made its debut quite literally on a dark and stormy night in 1988. Since then,...

How Microsoft tools and partners support GDPR compliance

This post is authored by Daniel Grabski,Executive Security Advisor, Microsoft Enterprise Cybersecurity Group. As an Executive Security Advisor for enterprises in Europe and the Middle East, I regularly engage with Chief Information Security Officers CISOs, Chief Information Officers CIOs and Data...

How public-private partnerships can combat cyber adversaries

For several years now, policymakers and practitioners from governments, CERTs, and the security industry have been speaking about the importance of public-private partnerships as an essential part of combating cyber threats. It is impossible to attend a security conference without a keynote...

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit DCU, announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

Office 365 Advanced Threat Protection defense for corporate networks against recent Office exploit attacks

The Office 365 Threat Research team has seen an uptick in the use of Office exploits in attacks across various industry sectors in recent months. In this blog, we will review several of these exploits, including a group of Office moniker exploits that attackers have used in targeted as well as...

Minimize cybersecurity risk with Software Asset Management

This post is authored by Patama Chantaruck, General Manager of Worldwide Software Asset Management & Compliance. By 2021, worldwide cybercrime damage is expected to reach $6 trilliondouble what it cost businesses in 2015. Unapproved apps, unmanaged devices, poor password protection, and other...

#AVGater vulnerability does not affect Windows Defender Antivirus, MSE, or SCEP

On November 10, 2017, a vulnerability called AVGater was discovered affecting some antivirus products. The vulnerability requires a non-administrator-level account to perform a restore of a quarantined file. Windows Defender Antivirus and other Microsoft antimalware products, including System...

Detecting reflective DLL loading with Windows Defender ATP

Today's attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk. In...

A decade inside Microsoft Security

Ten years ago, I walked onto Microsofts Redmond campus to take a role on a team that partnered with governments and CERTs on cybersecurity. Id just left a meaningful career in US federal government service because I thought it would be fascinating to experience first-hand the security challenges...