BeyondTrust Research Center

BeyondTrust Research Team

Our research team, led by BeyondTrust CTO Marc Maiffret, is known for identifying new trends in enterprise security including some of the very first critical Microsoft security vulnerabilities. Marc has led the team for over 10 years and is well-known in the cybersecurity industry for discovering the first Microsoft computer worm, CodeRed. The implications of cybercrime are universal, pervasive and have financial implications for organizations and individuals. The research team aims to both educate our customers on the evolving threat landscape and to use their understanding of security threat trends to shape the future of our vulnerability and privilege management products.

Latest Security Research Posts

Adobe Patches Zero-Day Flaw Being Exploited in the Wild


Earlier this week, French malware researcher Kafeine reported on a new Adobe Flash zero-day vulnerability that was being exploited in the wild using the latest versions of the Angler Exploit Toolkit. “Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to (included) is installed and enabled”... more

MS15-002 Detection


MS15-002 was one of the more interesting patches this month.  As such, we spent quite a bit of time on it.  But alas, it appears as though a pretty thorough analysis has already been posted at WooYun ( which mostly aligns with our analysis of the issue. We believe this issue to be difficult to exploit... more

January 2015 Patch Tuesday


Starting off the new year, Microsoft directs its focus more toward user rights and access. For the majority of bulletins, an attacker would need some form of authentication prior to elevating their privileges. Aside from these, the most notable vulnerability lies within an old friend named Telnet, which even the newer versions of windows are... more

Git’s Case-Insensitive Discrepancies: Exploiting GitHub For Windows And Microsoft Visual Studio (still affected)


A vulnerability within Git has been recently announced concerning the case-insensitive nature of the Windows file system. This vulnerability is unique in that fact that an attacker does have the ability to execute arbitrary code, however conventional exploitation methods, such as memory corruption, is not required. This article explores two ways to execute arbitrary, attacker... more

2014: The Year of Privilege Vulnerabilities


Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers. more

December 2014 Patch Tuesday


This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some... more

CVE-2014-1824 – A New Windows Fuzzing Target


As time progresses, due to constant fuzzing and auditing many common Microsoft products are becoming reasonably hard targets to fuzz and find interesting crashes.  There are two solutions to this: write a better fuzzer ( or pick a less audited target. In a search for less audited attack surface, we are brought to MS14-038, Vulnerability... more

A Quick Look at MS14-068


Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what... more

Triggering MS14-066


Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a... more

November 2014 Patch Tuesday


This month brings a massive number of bulletins and vulnerabilities covering a wide array of Microsoft products. As with most months some of the more critical vulnerabilities to patch immediately are within Internet Explorer and kernel privilege escalation vulnerabilities. There are also a lot of other unique vulnerabilities that will vary on criticality depending on... more

» View all