Select Page
Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Gaining kernel privileges by taking advantage of legitimate but vulnerable kernel drivers has become an established tool of choice for advanced adversaries. Multiple malware attacks, including RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, and campaigns by the threat actor STRONTIUM, have ... continue reading

Automated CA installs using VB script on Windows Server 2008 and 2008R2 [UPDATED]

First published on TECHNET on Sep 18, 2009 Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the ... continue reading

Using VBScript to install CA on WS2008R2 server core

First published on TECHNET on Sep 18, 2009 In my previous post I provided a script used for setup and installation of a CA using VBScript. The same script is capable of installing a CA on server core, where there ... continue reading
clipboard_image_4.png

Hyper-V Powering Windows Features

December 2019 Hyper-V is Microsoft’s hardware virtualization technology that initially released with Windows Server 2008 to support server virtualization and has since become a core component of many Microsoft products and features. These features range from enhancing security to empowering ... continue reading
Microsoft and partners design new device security requirements to protect against targeted firmware attacks

Microsoft and partners design new device security requirements to protect against targeted firmware attacks

Recent developments in security research and real-world attacks demonstrate that as more protections are proactively built into the OS and in connected services, attackers are looking for other avenues of exploitation with firmware emerging as a top target. In the ... continue reading
In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

Our experience in detecting and blocking threats on millions of endpoints tells us that attackers will stop at nothing to circumvent protections. Even one gap in security can be disastrous to an organization. At Microsoft, we don’t stop finding new ... continue reading

Virtualization-Based Security: Enabled by Default

Virtualization-based Security (VBS) uses hardware virtualization features to create and isolate a secure region of memory from the normal operating system. Windows can use this "virtual secure mode" (VSM) to host a number of security solutions, providing them with greatly ... continue reading
Attack chain diagram

Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability

In early March, we discovered a cyberattack that used an exploit for CVE-2018-20250, an old WinRar vulnerability disclosed just several weeks prior, and targeted organizations in the satellite and communications industry. A complex attack chain incorporating multiple code execution techniques ... continue reading
Monitoring Hyper-V Replica using System Center Operations Manager

Monitoring Hyper-V Replica using System Center Operations Manager

First published on TECHNET on Sep 13, 2013 Customers asked us if they can have a monitoring mechanism for Hyper-v Replica in a rainy day scenario. With System Center Operations Manager 2012 SP1, customers can now monitor Hyper-V Replica using ... continue reading

Use Windows Server 2016 to secure a jump server

First published on TECHNET on Feb 02, 2017 When talking to customers about the security features in Windows Server 2016, a common question keeps coming up, how do I secure my jump server? Recently, I worked with a Microsoft internal ... continue reading