BeyondTrust Research Center

BeyondTrust Research Team

Our research team is known for identifying new trends in enterprise security including some of the very first critical Microsoft security vulnerabilities. The implications of cybercrime are universal, pervasive and have financial implications for organizations and individuals. The research team aims to both educate our customers on the evolving threat landscape and to use their understanding of security threat trends to shape the future of our vulnerability and privilege management products.

Latest Security Research Posts

June 2015 Patch Tuesday


This month's Patch Tuesday is a bit on the lighter side with only 8 bulletins. In total, 45 distinct vulnerabilities are addressed with over half belonging to Internet Explorer. At the time of release, Microsoft seemed to skip the MS15-058 bulletin, so we'll be sure to keep an eye out for it. more

May 2015 Patch Tuesday


This month's Patch Tuesday is massive, to say the least, with a total of 13 bulletins, affecting many products and all versions of Windows. Earlier this month, Microsoft announced that the upcoming Windows 10 will not follow the typical Patch Tuesday cycle and updates will be provided when they become available. more

The Delicate Art of Remote Checks – A Glance Into MS15-034


Remote vulnerability detection - using ms15-034 as an example. more

Premera Breach – What Happened and Was it Related to the Anthem Breach?


Premera Blue Cross, a major health care services provider, recently disclosed information regarding a data breach that could impact 11 million of its customers. According to Premera’s cyberattack website created to disseminate information about the breach, hackers gained access to their systems and may have accessed customer information including names, addresses, email addresses, telephone numbers,... more

The Vulnerabilities and Privileges of Carbanak Bank Thieves


Recently Kaspersky released analysis of a series of significant breaches against financial institutions by a group they have dubbed Carbanak. The attacks go back over 2 years and estimates are that potentially $1 billion dollars in total were stolen from more than 100 financial institutions. In some cases the attackers were active in victim organizations between... more

Fuzzing for MS15-010


Intro This past Patch Tuesday Microsoft released MS15-010: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution.  This patch addressed multiple privately reported vulnerabilities in win32k.sys and one publicly disclosed vulnerability in cng.sys. Win32k.sys Diff The first notable thing we noticed was that several handlers for TrueType instructions, @irtp_*, were touched.  While we did... more

GHOST Vulnerability…Scary Indeed


A vulnerability discovered by Qualys security researchers has surfaced within the GNU C Library that affects virtually all Linux operating systems. The vulnerability lies within the various gethostbyname*() functions and, as such, has been dubbed “GHOST.” GHOST is particularly nasty considering remote, arbitrary code execution can be achieved. In an effort to avoid taxing DNS lookups, glibc developers introduced... more

Adobe Patches Zero-Day Flaw Being Exploited in the Wild


Earlier this week, French malware researcher Kafeine reported on a new Adobe Flash zero-day vulnerability that was being exploited in the wild using the latest versions of the Angler Exploit Toolkit. “Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to (included) is installed and enabled”... more

MS15-002 Detection


MS15-002 was one of the more interesting patches this month.  As such, we spent quite a bit of time on it.  But alas, it appears as though a pretty thorough analysis has already been posted at WooYun ( which mostly aligns with our analysis of the issue. We believe this issue to be difficult to exploit... more

January 2015 Patch Tuesday


Starting off the new year, Microsoft directs its focus more toward user rights and access. For the majority of bulletins, an attacker would need some form of authentication prior to elevating their privileges. Aside from these, the most notable vulnerability lies within an old friend named Telnet, which even the newer versions of windows are... more

» View all