Virtualization-based security (VBS) memory enclaves: Data protection through isolation

Credit to Author: Windows Defender ATP| Date: Tue, 05 Jun 2018 16:00:15 +0000

The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote code execution capability, resulting in widescale global outbreaks. Windows 10 remained resilient to these attacks,

Read more

Read more

Introducing Windows Defender System Guard runtime attestation

Credit to Author: Windows Defender ATP| Date: Thu, 19 Apr 2018 16:00:57 +0000

At Microsoft, we want users to be in control of their devices, including knowing the security health of these devices. If important security features should fail, users should be aware. Windows Defender System Guard runtime attestation, a new Windows platform security technology, fills this need. In Windows 10 Fall Creators Update, we reorganized all system

Read more

Read more

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

Credit to Author: msft-mmpc| Date: Mon, 27 Mar 2017 15:00:01 +0000

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these platforms. In this article, we…

Read more