Microsoft Defender Security Research Team, Author at Microsoft Security Blog

Research
March 27, 2017
6 min read

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges.

Research
March 8, 2017
7 min read

Uncovering cross-process injection with Windows Defender ATP

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity.

You can detect that the fake browser is different from the real one

Research
March 2, 2017
4 min read

Breaking down a notably sophisticated tech support scam M.O.

The cornerstone of tech support scams is the deception that there is something wrong with your PC.

Research
January 26, 2017
5 min read

Phishers unleash simple but effective social engineering techniques using PDF attachments

The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg.

Research
December 14, 2016
3 min read

Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe

Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations.

Research
October 26, 2016
1 min read

Office 2013 can now block macros to help prevent infection

In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros in Office documents that originated from the Internet.

Research
October 21, 2016
4 min read

Beware of Hicurdismos: It’s a fake Microsoft Security Essentials installer that can lead to a support call scam

(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines.

Research
July 22, 2016
4 min read

Kovter becomes almost fileless, creates a new file type, and gets some new certificates

Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs.

Research
May 26, 2016
2 min read

Limited Periodic Scanning in Windows 10 to Provide Additional Malware Protection

Every month, Microsoft’s Malicious Software Removal Tool (MSRT) scans more than 500 million Windows devices for malware and malicious software.

Research
April 21, 2016
1 min read

A brief discourse on ‘Changing browsing experience’

In response to questions we’ve received from the software distribution and monetization industry, and following our blog announcing our browser modifier policy update, we’d like to provide some details on what we refer to in our policy as “changing browsing experience”.

Research
April 12, 2016
3 min read

MSRT April release features Bedep detection

As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this April will include detections for: In this blog, we’ll focus on the Bedep family of trojans.

Research
March 22, 2016
4 min read

New feature in Office 2016 can block macros and help prevent infection

To help counter malware, we are releasing a new feature in Office 2016 that blocks macros from loading in certain high-risk scenarios.

Microsoft Defender Security Research Team posts