Microsoft Security Vulnerability Research and Defense Blog

Hi All, 


The Microsoft Security Response Center (MSRC) team has announced that a lot of vulnerability-related information will be posted on the new Microsoft Security Vulnerability Research and Defense Blog located at:

Welcome to the new Microsoft Security Vulnerability Research and Defense blog!


We are excited to have this outlet to share more in-depth technical information about vulnerabilities serviced by MSRC security updates and ways you can protect your organization from security vulnerabilities. You can read much more about the goals of the blog and about the SWI teams contributing to the blog in our “About” link:

The two posts below are examples of the type of information we’ll be posting. We expect to post every “patch Tuesday” with technical information about the vulnerabilities being fixed. During our vulnerability research, we discover a lot of interesting technical information. We’re going to share as much of that information as possible here because we believe that helping you understand vulnerabilities, workarounds, and mitigations will help you more effectively secure your organization.

About Security Vulnerability Research & Defense

The Security Vulnerability Research & Defense blog’s intent is to provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks. During Microsoft’s technical investigation of security issues, information is discovered that we feel is important to share. Some examples include:

  • Workarounds that are not 100% effective in every situation, every attack vector
  • Workarounds that are specific to a particular attack
  • Super complicated workarounds that work but cannot be recommended to all customers
  • Interesting mitigations that might not be present in all cases
  • “Best Practices” type guidance that applies to a particular vulnerability
  • Group policy deployment guidance
  • “Interesting” facts about a vulnerability Microsoft is fixing that will help customers learn more about Windows, the security infrastructure, or the way we conduct security investigations
  • Debugging techniques and information on how to triage security vulnerabilities
  • Overview of some of the challenges that we face when fixing specific security bugs

As always, security bulletins or security advisories are the ultimate authority but we’ll try to include juicy spill-over technical stuff in the Microsoft Security Vulnerability Research and Defense blog.

We’re going to start this blog with comments turned off. Frankly, we’re concerned that if comments are allowed, we may see some inappropriate comments. Though, please (emphatically) email your questions, feedback, and comments about the blog to us at While we can’t promise to address every comment, we will address comments in the blog as appropriate.

For more information regarding Microsoft's Secure Windows Initiative (SWI) please see the following links:


About the Bloggers:

Damian Hasse Bio: Damian Hasse, Lead Security Software Engineer at Microsoft, manages the SWI React and SWI Defense Teams of security researchers that investigate vulnerabilities and security threats with the Microsoft Security Response Center (MSRC), as well as the SWI Pen Test team which helps to review Microsoft products for security issues before they are released. SWI, just in case you’re not familiar with the acronym, is the Secure Windows Initiative (SWI) at Microsoft, which is an effort comprised of many teams and individuals within Microsoft dedicated to making Microsoft products more secure from malicious attacks.

Within SWI the React and Defense teams work on every MSRC case to help improve the guidance and protection we provide our customers. We do this through our security updates (patches.) As part of our role, we discover additional attack vectors, new exploitation techniques and adapt quickly to stay ahead of the ever evolving security ecosystem. We also analyze each MSRC vulnerability and determine mitigations and workarounds, which get published in the bulletins.

The teams also provide forward looking security guidance to product teams within Microsoft, impacting products and services before and after release. We ultimately help to protect Microsoft customers from getting their systems compromised by building more resilient software. This is all part of the security pillar of Trustworthy Computing at Microsoft (

Jonathan Ness Bio: Jonathan Ness leads the SWI Defense team of software security engineers at Microsoft. He joined Microsoft in March 2003 as a member of the Secure Windows Initiative (SWI) Attack Team. He and his defense team generate mitigations and workarounds for use in the montly Microsoft security bulletins, detailed vulnerability documentation for MSRC cases, and act as engineering technical lead for the Microsoft company-wide Software Security Incident Response Process (

Things Jonathan loves about Microsoft:

· Helping make hundreds of millions of computers more secure every month

· Working every day with some of the smartest security engineers in the world who all care passionately about protecting customers

· Finding ways to convey enough details about a vulnerability to help protect customers but not enough for that information to spawn exploits

· Helping customers find ways to reduce attack surface and protect themselves from attacks

Outside Microsoft work, Jonathan thinks about security pretty much all the time. One weekend each month and several weeks each year, he participates as a member of a reserve military unit helping to protect DoD networks. Jonathan has written two books - Gray Hat Hacking (published in 2004) and Gray Hat Hacking, Second Edition (2008). In his spare time, he enjoys his video editing hobby and mentoring youth at his church. He lives a bit north of Redmond with his wife Jessica and their cat Chewey.

Greg Wroblewski Bio: Greg Wroblewski, Senior Security Software Engineer, drives technical side of the security response process at Microsoft. His experience at breaking things started at the age of three, when he successfully broke a power outlet. Surviving this achievement he decided to move his attention towards low voltage devices. Guided by his parents, he eventually settled on software breaking and protecting techniques. Currently as a member of the SWI React team he is well known for always keeping his development environment updated with newest malware available. Since the time of the WMF vulnerability outbreak, he now keeps his office equipped with a reasonable amount of water, MREs and fire logs. Always prepared to keep customers secure.