Select Page
What’s new in Windows Defender ATP Fall Creators Update

What’s new in Windows Defender ATP Fall Creators Update

When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in ... continue reading
Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. Shortly thereafter, one of these exploits was used to create wormable malware that we now know ... continue reading
Windows Server 2016 labs

Credential Guard lab companion

If you have heard about Credential Guard in Windows Server 2016 (and in Windows 10), but do not have an environment to try it out, here is a lab environment we built for you to play. Lab access The link ... continue reading
wannacrypt1

WannaCrypt ransomware worm targets out-of-date systems

On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches ... continue reading
Windows 10 Memory Protection Features

Windows 10 Memory Protection Features

Hello, Paul Bergson back again with a discussion on the newly built-in memory protection features provided in Windows 10 and Windows Server 2016. I refer to Win10 throughout the document, but this is just for brevity sake. For a complete ... continue reading
java-malware-sample-email

Combating a spate of Java malware with machine learning in real-time

In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert systems and machine learning models, Windows 10 PCs get ... continue reading
Execution stages of the exploit package and corresponding functionality

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The ... continue reading
figure-1

Five reasons to run SQL Server 2016 on Windows Server 2016 — No. 1: Security

This is the first blog in a five-part series. Keep an eye out for upcoming posts, which will cover cutting costs and improving performance of storage, BI, and analytics; improving uptime and reliability; reaching data insights faster by running analytics ... continue reading
tax-social-engineering-email-malware-4

Tax-themed phishing and malware attacks proliferate during the tax filing season

Tax-themed scams and social engineering attacks are as certain as (death or) tax itself. Every year we see these attacks, and 2017 is no different. These attacks circulate year-round as cybercriminals take advantage of the different country and region tax ... continue reading
nsis-old-vs-new

Ransomware operators are hiding malware deeper in installer packages

We are seeing a wave of new NSIS installers used in ransomware campaigns. These new installers pack significant updates, indicating a collective move by attackers to once again dodge AV detection by changing the way they package malicious code. These ... continue reading