MSRC Engineering works on every vulnerability case to help improve the guidance and protection provided to customers. Through its investigations, the engineering team uncovers a great deal of useful information. For example:

• Workarounds that are not 100% effective in every situation, do not apply to every attack vector, or are specific to a particular attack.
• Complicated workarounds that work but cannot be recommended to all customers for various technical reasons.
• Group policy deployment guidance.
• Best practices guidance.
• Interesting facts about a vulnerability that Microsoft is addressing that will help customers learn more about Windows, the security infrastructure, or the way we conduct security investigations.
• Debugging techniques and information on how to triage security vulnerabilities

Knowledge that’s amassed as the result of technical investigations helps us keep pace with the ever evolving security ecosystem. Each vulnerability is analyzed and a course of action is determined. These actions are passed on to our customers through security bulletins. The results of MSRC’s technical investigations are also shared with Microsoft product teams, influencing products and services before and after release.