site: cloudblogs.microsoft.com
Windows Defender Antivirus can now run in a sandbox
https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/ [cloudblogs.microsoft.com]
2018-10-27 01:31
tags:
defense
malware
security
update
virtualization
windows
Putting Windows Defender Antivirus in a restrictive process execution environment is a direct result of feedback that we received from the security industry and the research community.
One might say finally, but here it is.
Taking apart a double zero-day sample discovered in joint hunt with ESET
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/ [cloudblogs.microsoft.com]
2018-07-11 02:53
tags:
exploit
malware
security
windows
The sample was initially reported to Microsoft as a potential exploit for an unknown Windows kernel vulnerability. During my investigation in parallel with ESET researchers, I was surprised to discover two new zero-day exploits in the same PDF. One exploit affected Adobe Acrobat and Reader, while the other exploit affected older platforms, Windows 7 and Windows Server 2008.
source: R
Introducing Windows Defender System Guard runtime attestation
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/ [cloudblogs.microsoft.com]
2018-05-10 16:32
tags:
defense
security
virtualization
windows
In Windows 10 Fall Creators Update, we reorganized all system integrity features into Windows Defender System Guard. This move allowed us to continually make significant innovations in platform security. Windows Defender System Guard runtime attestation, which is built into the core Windows operating system, will soon be delivered in all editions of Windows. Windows Defender System Guard runtime attestation, like Credential Guard, takes advantage of the same hardware-rooted security technologies in virtualization-based security (VBS) to mitigate attacks in software.
source: solar
Now you see me: Exposing fileless malware
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/24/now-you-see-me-exposing-fileless-malware/ [cloudblogs.microsoft.com]
2018-02-01 09:26
tags:
malware
windows
The idea behind fileless malware is simple: If tools already exist on a device (for example PowerShell.exe or wmic.exe) to fulfill an attacker’s objectives, then why drop custom tools that could be flagged as malware? If an attacker can take over a process, run code in its memory space, and then use that code to call tools that are already on a device, the attack becomes more difficult to detect.