Microsoft security intelligence

Security research, threat intelligence, and Microsoft Threat Protection news.

Featured image for From unstructured data to actionable intelligence: Using machine learning for threat intelligence

From unstructured data to actionable intelligence: Using machine learning for threat intelligence

Machine learning and natural language processing can automate the processing of unstructured text for insightful, actionable threat intelligence.
Read more From unstructured data to actionable intelligence: Using machine learning for threat intelligence
Featured image for A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Through a cross-company, cross-continent collaboration, we discovered a vulnerability, secured customers, and developed fix, all while learning important lessons that we can share with the industry.
Read more A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response
Featured image for How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

The deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of attacks that tamper with kernel-mode agents at the hypervisor level.
Read more How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection
Featured image for New machine learning model sifts through the good to unearth the bad in evasive malware

New machine learning model sifts through the good to unearth the bad in evasive malware

Most machine learning models are trained on a mix of malicious and clean features. Attackers routinely try to throw these models off balance by stuffing clean features into malware. Monotonic models are resistant against adversarial attacks because they are trained differently: they only look for malicious features. The magic is this: Attackers can’t evade a monotonic model by adding clean features. To evade a monotonic model, an attacker would have to remove malicious features.
Read more New machine learning model sifts through the good to unearth the bad in evasive malware
Featured image for Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

Advanced technologies in Microsoft Defender ATP's Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory
Read more Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
Featured image for Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time

Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time

Microsoft’s Threat & Vulnerability Management solution is generally available!
Read more Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time
Featured image for Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update

Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update

With the Windows 10 May 2019 Update we delivered several important features for Windows Defender Application Control. Our focus for this release was responding to some longstanding feedback on manageability improvements. We’re excited to introduce new capabilities in Windows Defender Application Control.
Read more Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update
Featured image for Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Multiple next-generation protection engines to detect and stop a wide range of threats and attacker techniques at multiple points, providing industry-best detection and blocking capabilities.
Read more Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
Featured image for New browser extensions for integrating Microsoft’s hardware-based isolation

New browser extensions for integrating Microsoft’s hardware-based isolation

The hardware-based isolation technology on Windows 10 that allows Microsoft Edge to isolate browser-based attacks is now available as a browser extension for Google Chrome and Mozilla Firefox.
Read more New browser extensions for integrating Microsoft’s hardware-based isolation
Featured image for Detecting credential theft through memory access modelling with Microsoft Defender ATP

Detecting credential theft through memory access modelling with Microsoft Defender ATP

Microsoft Defender ATP instruments memory-related function calls such as VirtualAlloc and VirtualProtect to catch in-memory attack techniques like reflective DLL loading. The same signals can also be used to generically detect malicious credential dumping activities performed by a wide range of different individual tools.
Read more Detecting credential theft through memory access modelling with Microsoft Defender ATP
Security configuration framework levels 5 through 1 Featured image for Introducing the security configuration framework: A prioritized guide to hardening Windows 10

Introducing the security configuration framework: A prioritized guide to hardening Windows 10

The security configuration framework is designed to help simplify security configuration while still allowing enough flexibility to allow you to balance security, productivity, and user experience. We are defining discrete prescriptive Windows 10 security configurations (levels 5 through 1) to meet many of the common device scenarios we see today in the enterprise.
Read more Introducing the security configuration framework: A prioritized guide to hardening Windows 10
Featured image for Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability

Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability

A complex attack chain incorporating the CVE-2018-20250 exploit and multiple code execution techniques attempted to run a fileless PowerShell backdoor that could allow an adversary to take full control of compromised machines.
Read more Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability