Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time
Microsoft’s Threat & Vulnerability Management solution is generally available!
Vulnerabilities and exploits
Microsoft security researchers monitor the threat landscape and collaborate with customers, partners, and industry experts to discover new vulnerabilities and exploits. Explore our latest findings and how they inform faster, more effective defenses.
Refine results
Topic
Products and services
Publish date
Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
-
-
The evolution of Microsoft Threat Protection, April update
Learn about the latest updates to Microsoft Threat Protection and the details of its foundation built on supporting Zero Trust. -
Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability
A complex attack chain incorporating the CVE-2018-20250 exploit and multiple code execution techniques attempted to run a fileless PowerShell backdoor that could allow an adversary to take full control of compromised machines. -
Taking apart a double zero-day sample discovered in joint hunt with ESET
In late March 2018, I analyzed an interesting PDF sample found by ESET senior malware researcher Anton Cherepanov. Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
-
Sharing research and discoveries at PWN2OWN
The annual PWN2OWN exploit contest at the CanSecWest conference in Vancouver, British Columbia, Canada, brings together some of the top security talent from across the globe in a friendly competition. -
Now you see me: Exposing fileless malware
Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. -
#AVGater vulnerability does not affect Windows Defender Antivirus, MSE, or SCEP
On November 10, 2017, a vulnerability called #AVGater was discovered affecting some antivirus products. -
Microsoft to remove WoSign and StartCom certificates in Windows 10
Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
-
TLS 1.2 Support added to Windows Server 2008
We are announcing that support for TLS1. -
Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005
On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. -
Understanding type confusion vulnerabilities: CVE-2015-0336
In March 2014, we observed a patched Adobe Flash vulnerability (CVE-2015-0336) being exploited in the wild. -
Industry Vulnerability Disclosures Trending Up
A vulnerability disclosure, as the term is used in the <a href=”http://www.
