MSRT October 2016 release: Adding more unwanted software detections

Unwanted software often piggy-backs on program downloads, delivered by software bundlers. These bundles, which you might have downloaded, can include software that you do not want, and some that are harmful. The bundled or “extra” software can perform actions on your device that run the gambit from unwanted to annoying to malicious. The threat that…

2

Reverse-engineering DUBNIUM’s Flash-targeting exploit

The DUBNIUM campaign in December involved one exploit in-the-wild that affected Adobe Flash Player. In this blog, we’re going to examine the technical details of the exploit that targeted vulnerability CVE-2015-8651. For more details on this vulnerability, see Adobe Security Bulletin APSB16-01. Note that Microsoft Edge on Windows 10 was protected from this attack due…

2

Digging deep for PLATINUM

This blog introduces our latest report from the Windows Defender Advanced Threat Hunting team. You can read the full report at: PLATINUM: Targeted attacks in South and Southeast Asia There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones…

0

MSRT March 2016 – Vonteera

As part of our ongoing effort to provide better malware protection, the March release of the Microsoft Malicious Software Removal Tool (MSRT) will include detections for Vonteera – a family of browser modifiers, and Fynloski – a family of backdoor trojans. In this blog, we’ll focus on the Vonteera family of browser modifiers. BrowserModifier:Win32/Vonteera We…

0

MSRT February 2016

The February release of the Microsoft Malicious Software Removal Tool (MSRT) includes updated detections for the following malware families: Bladabindi Gamarue Sality Kelihos Diplugem​​ The updates include detections for the latest variants from these malware families. There were no new malware families added to the MSRT this month. The MSRT works in tandem with real-time…

3

Microsoft updates Trusted Root Certificate Program to reinforce trust in the Internet

At Microsoft, we are continuously working to deliver on our commitment to the security of our customers and their ecosystems. A core component of our strategy to inform Windows users about the safety of the websites, apps and software they’re accessing online is built into the Microsoft Trusted Root Certificate Program. This program takes root…

5

System Center Endpoint Protection support for Windows Server 2003

From July 14, 2015, Windows Server 2003 will cease to be a supported operating system. From this date Windows Server 2003 customers will no longer receive: Definition updates for System Center Endpoint Protection and Forefront Endpoint Protection Free or paid assisted support options Online technical content updates Security updates We recommend finalizing your Windows Server…

5

An inside look: gathering and analyzing the SIR data

At the Microsoft Malware Protection Center, threat data is a critical source of information to help protect our customers. We use it to understand what’s going on in the overall malware ecosystem, determine the best way to protect our customers, and find the most effective way to deliver that protection. We also use the data…

1

MSRT November 2014 – Tofsee

This month we added the Win32/Tofsee and Win32/Zoxpng malware families to the Malicious Software Removal Tool. Zoxpng is a backdoor component that can execute remote commands from a malicious hacker. It is related to Win32/Hikiti and the other threats added to the MSRT last month. Let’s take a closer look at Tofsee, the email-spamming malware…

1

Cracking the CVE-2014-0569 nutshell

​The Microsoft Malware Protection Center (MMPC) has recently seen an exploit targeting the Adobe Flash Player vulnerability CVE-2014-0569. This exploit is being integrated into the Fiesta exploit kit. The vulnerability related to this malware was addressed with a patch released by Adobe on 14 October 2014. Adobe Flash Player desktop runtime for Windows versions 15.0.0.167 and…

1