Mitigations

WDigest credential harvesting

WDigest, a legacy authentication protocol that is still in use on many corporate networks, presents opportunities for attackers to acquire passwords. Its abuse essentially nullifies…

Read more

Zacinlo (Detrahere) rootkit

On June 18, 2018, Bleeping Computer reported how a Zacinlo rootkit was impacting Windows 10 machines. Upon investigation, Microsoft security researchers found a few spikes…

Read more

ALPC local privilege elevation

Executive summaryMicrosoft has released security updates to address a vulnerability in Windows that can be used by a non-admin user to elevate privileges and obtain…

Read more

BadRabbit

Executive summaryAround 08:00 UTC on October 24, 2017, widespread reports of a new ransomware campaign began circulating on social media. The majority of affected users…

Read more

Motivated miners

In recent months, multiple security vendors published articles about “motivated miners”—attackers who take advantage of tools, techniques, and procedures (TTPs) developed by advanced threat actors…

Read more

Shamoon (DistTrack) wiper attacks

Microsoft telemetry as well as public reports indicate renewed Shamoon (detected by Microsoft as DistTrack) wiper attacks affecting mostly energy sector operations in Saudi Arabia,…

Read more

Confluence and WebLogic abuse

As early as April 10, 2019, unidentified attackers began leveraging new vulnerabilities in popular enterprise applications to deliver a wide variety of malware, including ransomware,…

Read more

Windows 7 zero-day for CVE-2019-0808

Researchers from Google's Threat Analysis Group notified Microsoft that they discovered evidence of a zero-day exploit active in the wild since late February 2019. The…

Read more