Security Researcher at Microsoft WARP
Joined June 2018
- Tweets 67
- Following 193
- Followers 591
- Likes 150
5 Photos and videos
30 Oct 2025
Super happy to see the blog post and Defcon talk go live!!! These are some of my proudest finds 😊
30 Oct 2025
Ever wondered how Windows decides if a file path is local, intranet, or Internet, and why it matters for security? Our latest blog from MSRC Senior Security Research Managers George Hughey (@ecthr0s) and Rohit Mothe (@rohitwas) dives deep into MapUrlToZone (MUTZ), the critical Windows component that helps protect users from credential leaks and remote code execution.
In this blog, you’ll learn:
➤ How MUTZ works behind the scenes
➤ Real-world vulnerabilities and CVEs discovered by Microsoft researchers
➤ The latest fixes and what they mean for Windows security
Check out our latest blog post and see how MSRC is strengthening defenses for everyone: msft.it/6013tD0lW
ALT A deep dive into MUTZ
1
3
280
George Hughey retweeted
16 Aug 2023
Congratulations to George Hughey, the CyberPatriot XV Mentor of the Year!
3
9
907
George Hughey retweeted
11 Aug 2025
At @defcon 33, George Hughey (@ecthr0s) and Rohit Mothe (@rohitwas), Senior Security Research Managers at MSRC, took us back to the 90s with their talk on the ghost of Internet Explorer in Windows: MapUrlToZone.
They uncovered how this legacy API, used by Outlook, Office, Windows Shell, and sandboxes to make security decisions, was vulnerable to manipulation. Their deep dive revealed a dozen CVEs and led to systemic mitigations across Microsoft platforms.
Learn how MSRC’s technical investigations drive proactive protection for customers and why legacy code still matters in the slides available here: msft.it/6013su8Ef
#DEFCON #DEFCON33
ALT George Hughey and Rohit Mothe
1
6
38
6,925
George Hughey retweeted
13 Aug 2025
At @defcon, the MSRC team had a great time connecting with the security community and cheering on Microsoft employees, MVRs, and other Microsoft security researchers as they shared their expertise through presentations and hands-on collaboration.
#DEFCON #DEFCON33
2
4
23
5,511
17 Jan 2025
This week's Patch Tuesday included 8 CVEs that @rohitwas and I found!
We've been focusing on findings ways to bypass MapUrlToZone and found several very interesting ways to confuse it. This is an API we've seen a lot of interest in lately, so good to have it locked down!
2
3
42
5,262
17 Jan 2025
As many of these exploit differences in CreateFile and MUTZ, we've duplicated some of the behavior in CreateFile. This should help prevent similar bypasses in the future. We're planning on releasing more info about this research over the coming months, so stay tuned!
2
1
627
17 Jan 2025
We're super proud of this work - it took a lot of poking around in Windows Internals and a huge effort from Engineering to fix all these issues. Many thanks to all who worked on these :)
2
3
586
George Hughey retweeted
10 Dec 2024
To help protect against NTLM relay attacks, we’ve enabled Extended Protection for Authentication (EPA) by default in Windows Server 2025. This update strengthens key services like Exchange Server, Active Directory Certificate Services (AD CS), and LDAP, making identity compromise and unauthorized access more difficult.
Learn more about these security improvements and how they can help protect your systems in our blog post: msrc.microsoft.com/blog/2024…
5
44
124
19,096
10 Sep 2024
My 50th CVE came out in today's Patch Tuesday! CVE-2024-38240 is the last of some hardening we've been doing in a Windows service, and CVE-2024-38252/CVE-2024-38253 are two proactive efforts we worked on with some static analysis friends :)
3
1
41
7,910
10 Sep 2024
When I started I honestly didn't think I would ever find a CVE, so it's cool to get all the way up to 50!
1
8
725
CanSecWest Presentation:
Rolling in the Dough: How Microsoft Identified and Remediated a Baker’s Dozen of Security Threats in the Windows DNS Server
George Hughey, Microsoft
secwest.net
ALT CanSecWest 2024 March 20-22 Vancouver
1
9
2,645
12 Apr 2023
Yesterday's Patch Tuesday saw the release of 10 CVEs I found in DNS! These could potentially allow an authenticated attacker to gain remote code execution. A huge thank you to the DNS team who worked through and fixed these.
msrc.microsoft.com/update-gu…
5
27
112
26,591
12 Apr 2023
I'm hoping to give a conference talk/blog post on the DNS Admin research, methodology, and fix process we've been doing soon(ish), so stay tuned!
2
2
15
1,640
5 Feb 2023
Forget buffaloes, the longest grammatically correct sentence using one repeating word is "sudo sudo sudo sudo sudo sudo sudo sudo sudo"
1
5
1,253
13 Jul 2022
Yesterday, a vulnerability in DNS I found was patched: msrc.microsoft.com/update-gu…. Thanks to the DNS team for working through this one!
2
6
34
17 Apr 2022
Tuesday saw the release of fixes for four vulnerabilities I discovered (CVE-2022-26801, CVE-2022-26802, CVE-2022-26803, CVE-2022-24536). Go check them out! msrc.microsoft.com/update-gu…
2
7
18
George Hughey retweeted
12 Sep 2020
It's long been assumed that there are no nontrivial reflected amplification attacks using TCP—prior attacks are UDP or simply TCP SYNs. In our just-now-accepted @USENIXSecurity 2021 paper, we apply a genetic algorithm to discover 5 reflected TCP amplification attacks variants.
3
59
204