Device Guard – Computer Security Articles

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

March 27, 2017 admin Advanced persistent threats, Antimalware research for IT pros and enthusiasts, Coreinfo, Creators Update, CVE-2017-005, Device Guard, EoP, PALETTE, Product features and announcements, SMEP, virtualization-based security, Windows 10, Windows 10 Creators Update, Windows Defender Advanced Threat Protection, Windows Defender ATP, zero-day exploits, ZIRCONIUM

Credit to Author: msft-mmpc| Date: Mon, 27 Mar 2017 15:00:01 +0000

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these platforms. In this article, we…

Microsoft Security

Been shopping lately? Fake credit card email can spook you into downloading Cerber ransomware

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, AppLocker Group Policy, Cerber, Device Guard, macro malware, Macro-based malware, malware, malware research, MMPC, ransomware, Social engineering, spam, Windows Defender

As the shopping sprees become increasingly frenetic during holiday season, it’s hard not to worry about how much credit card debt we’re piling. Some of us rely on email notifications from our banks to track the damage to our finances. So what happens when we suddenly get notified about charges for things we never bought?…

Microsoft Security

Windows 10: protection, detection, and response against recent Depriz malware attacks

January 23, 2017 admin 0-day exploit, Advanced persistent threats, Antimalware research for IT pros and enthusiasts, Depriz malware, Device Guard, TERBIUM APT, Trojan, Trojan:Win32/Cadlotcorg.A!dha, Win32/Depriz, Windows 10, Windows 10 protection, Windows Defender, Windows Defender ATP, Zero day exploit

A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over the years and the Windows Defender and Windows Defender Advanced Threat Protection Threat Intelligence teams…