Microsoft Defender Vulnerability Management News and Insights

Research

Threat intelligence

Microsoft 365 Defender

Vulnerabilities and exploits
Published Oct 18

10 minutes
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
Since early October 2023, Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the Jet Brains TeamCity CVE-2023-42793 remote-code execution vulnerability. Given supply chain attacks carried out by these threat actors in the past, Microsoft assesses that this activity poses a particularly high risk to organizations who are affected.
Research

Threat intelligence

Microsoft Defender Vulnerability Management

Vulnerabilities and exploits
Published Sep 14

13 minutes
Uncursing the ncurses: Memory corruption vulnerabilities found in library
A set of memory corruption vulnerabilities in the ncurses library could have allowed attackers to chain the vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious actions.
Research

Incident response

Microsoft Incident Response

Ransomware
Published Jul 6

18 minutes
The five-day job: A BlackByte ransomware intrusion case study
In a recent investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.
Research

Threat intelligence

Microsoft Defender

Attacker techniques, tools, and infrastructure
Published Jun 14

13 minutes
Cadet Blizzard emerges as a novel and distinct Russian threat actor
Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
Research

Threat intelligence

Microsoft Defender for Endpoint

Vulnerabilities and exploits
Published May 30

10 minutes
New macOS vulnerability, Migraine, could bypass System Integrity Protection
A new vulnerability, which we refer to as “Migraine”, could allow an attacker with root access to bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device.

Go beyond data protection with Microsoft Purview

Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.

Learn more

Research

Threat intelligence

Microsoft Defender

Vulnerabilities and exploits
Published Dec 19

9 minutes
Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
Microsoft discovered a vulnerability in macOS, referred to as “Achilles”, allowing attackers to bypass application execution restrictions enforced by the Gatekeeper security mechanism.
Research

Threat intelligence

Microsoft Defender

Supply chain attacks
Published Nov 22

6 minutes
Vulnerable SDK components lead to supply chain risks in IoT and OT environments
As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence of a supply chain risk that might affect millions of organizations and devices.

Microsoft Defender Vulnerability Management

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

Uncursing the ncurses: Memory corruption vulnerabilities found in library

The five-day job: A BlackByte ransomware intrusion case study

Cadet Blizzard emerges as a novel and distinct Russian threat actor

New macOS vulnerability, Migraine, could bypass System Integrity Protection

Go beyond data protection with Microsoft Purview

Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability

Vulnerable SDK components lead to supply chain risks in IoT and OT environments