BeyondTrust Research Center

BeyondTrust Research Team

Our research team, led by BeyondTrust CTO Marc Maiffret, is known for identifying new trends in enterprise security including some of the very first critical Microsoft security vulnerabilities. Marc has led the team for over 10 years and is well-known in the cybersecurity industry for discovering the first Microsoft computer worm, CodeRed. The implications of cybercrime are universal, pervasive and have financial implications for organizations and individuals. The research team aims to both educate our customers on the evolving threat landscape and to use their understanding of security threat trends to shape the future of our vulnerability and privilege management products.

Latest Security Research Posts

2014: The Year of Privilege Vulnerabilities


Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers. more

December 2014 Patch Tuesday


This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some... more

CVE-2014-1824 – A New Windows Fuzzing Target


As time progresses, due to constant fuzzing and auditing many common Microsoft products are becoming reasonably hard targets to fuzz and find interesting crashes.  There are two solutions to this: write a better fuzzer ( or pick a less audited target. In a search for less audited attack surface, we are brought to MS14-038, Vulnerability... more

A Quick Look at MS14-068


Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what... more

Triggering MS14-066


Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a... more

November 2014 Patch Tuesday


This month brings a massive number of bulletins and vulnerabilities covering a wide array of Microsoft products. As with most months some of the more critical vulnerabilities to patch immediately are within Internet Explorer and kernel privilege escalation vulnerabilities. There are also a lot of other unique vulnerabilities that will vary on criticality depending on... more

Exploiting MS14-059 because sometimes XSS is fun, sometimes…


This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists... more

Bad POODLE, Don’t Bite!


Researchers at Google (Bodo Moller, Thai Duong, and Krzysztof Kotowicz) have discovered that the encryption schemes used by SSL 3.0 are exploitable (CVE-2014-3566). Although the majority of web servers implement Transport Layer Security (TLS), the majority of clients will downgrade to SSL 3.0 in an attempt to maintain interoperability between protocols. For example, when a... more

MS14-063 – FastFat vulnerability fixed years ago…


In vulnerability research, and computer security, we often deal strictly in the intangible. There are times however when tangible attack vectors can play a big part in real-world attacks. In a lot of cases it is USB memory sticks and related that play a common physical role in aiding attacks. From Stuxnet leveraging USB to bridge air gap networks... more

October 2014 Patch Tuesday


This October Microsoft has released eight security bulletins that cover a variety of Windows technologies from client-application attacks that would be useful in drive-by web attacks to privilege escalation vulnerabilities useful as second stage payloads to elevate from a standard user to having increased Administrator privileges. We recommend patching MS14-056 (Internet Explorer) first and then... more

» View all