Select Page
Windows Defender System Guard runtime attestation architecture

Introducing Windows Defender System Guard runtime attestation

At Microsoft, we want users to be in control of their devices, including knowing the security health of these devices. If important security features should fail, users should be aware. Windows Defender System Guard runtime attestation, a new Windows platform ... continue reading
Hardening the system and maintaining integrity with Windows Defender System Guard

Hardening the system and maintaining integrity with Windows Defender System Guard

Security
One of the things we spend a great deal of time thinking about here at Microsoft is how attackers will attempt to persist and evade detection once they’ve successfully compromised a device. With Windows 10 we’ve made it more difficult ... continue reading
Figure 1. Infection cycle overview

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

Security
On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsar backdoor module leaked in April by a group calling itself Shadow Brokers. Using ETERNALBLUE, WannaCrypt propagated as ... continue reading
Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

Security
On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. Shortly thereafter, one of these exploits was used to create wormable malware that we now know ... continue reading
Execution stages of the exploit package and corresponding functionality

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

Security
On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The ... continue reading