Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2021/01/11 8:0 a.m.15 views

Building Faster AMD64 Memset Routines

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memor...

4.4AI score
Exploits0
MSRC
MSRC
added 2020/08/17 7:0 a.m.15 views

Control Flow Guard for Clang/LLVM and Rust

As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard CFG support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? What is Control Flow Guard? CFG is a platform security technology designed to...

1.8AI score
Exploits0
MSRC
MSRC
added 2020/05/13 7:0 a.m.15 views

Solving Uninitialized Stack Memory on Windows

This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path. This blog post will be broken down into a few parts that folks can jump to: Uninitialized Memory Background Potential Solutions to Uninitialize...

3.9AI score
Exploits0
MSRC
MSRC
added 2019/11/06 8:0 a.m.15 views

Vulnerability hunting with Semmle QL: DOM XSS

In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­...

1.3AI score
Exploits0
MSRC
MSRC
added 2019/09/30 7:0 a.m.15 views

Building the Azure IoT Edge Security Daemon in Rust

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as t...

2AI score
Exploits0
MSRC
MSRC
added 2019/09/03 7:0 a.m.15 views

BlueHat Seattle 2019 Call for Papers is Now Open!

2019 has seen a phenomenal BlueHatIL in February followed by a wildly successful BlueHat Shanghai in May… now it’s time to come back home for BlueHat Seattle! 2 days of hands-on technical training October 22-23, 2019 2 days of conference talks from industry-leading security researchers and cyber...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/07/30 7:0 a.m.15 views

Recognizing Security Researchers in 2019

Who’s going to be on the Most Valuable Security Researcher list at Black Hat USA 2019? We’re not announcing the names—yet—but this is how we’ll determine who’s there. How do we define the Most Valuable Security Researchers? The list at Black Hat will be the top tier of researchers based on not ju...

1.7AI score
Exploits0
MSRC
MSRC
added 2018/10/26 7:0 a.m.15 views

BlueHat v18 Content Now Available

Last month we wrapped up another great BlueHat event. As an organizer, it is great to hear that the content is so strong that we have participants have to make hard choices on what to attend. BlueHat is about the community we build and the experiences we share. To further support that we are maki...

0.9AI score
Exploits0
MSRC
MSRC
added 2018/09/11 7:0 a.m.15 views

セキュリティ更新プログラム リリース スケジュール (2018 年)

概要 概要 セキュリティ更新プログラムは通常、米国日付の毎月第 2 火曜日に公開します。日本では、時差の関係...

0.3AI score
Exploits0
MSRC
MSRC
added 2018/05/03 7:0 a.m.15 views

Hyper-V Debugging Symbols Are Publicly Available

The security of Microsoft’s cloud services is a top priority for us. One of the technologies that is central to cloud security is Microsoft Hyper-V which we use to isolate tenants from one another in the cloud. Given the importance of this technology, Microsoft has made and continues to make...

1.5AI score
Exploits0
MSRC
MSRC
added 2018/02/13 6:43 p.m.15 views

February 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
MSRC
MSRC
added 2018/02/06 8:0 a.m.15 views

はい、これで見えますね: ファイルレス マルウェアをさらけ出す

本記事は、Microsoft Secure ブログ “Now you see me: Exposing fileless malware” 2018 年 1 月 24 日 米国時間公開 を翻...

0.6AI score
Exploits0
MSRC
MSRC
added 2017/11/14 6:0 p.m.15 views

November 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
MSRC
MSRC
added 2017/07/13 7:0 a.m.15 views

Eternal Synergy Exploit Analysis

Introduction Introduction Recently we announced a series of blog posts dissecting the exploits released by the ShadowBrokers in April 2017; specifically some of the less explored exploits. This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This one is...

2.5AI score
Exploits0
MSRC
MSRC
added 2017/06/29 7:0 a.m.15 views

Eternal Champion Exploit Analysis

Recently, a group named the ShadowBrokers published several remote server exploits targeting various protocols on older versions of Windows. In this post we are going to look at the EternalChampion exploit in detail to see what vulnerabilities it exploited, how it exploited them, and how the late...

3.6AI score
Exploits0
MSRC
MSRC
added 2017/05/11 7:0 a.m.15 views

Encapsulated PostScript (EPS) の脆弱性を利用した攻撃に対処するために団結する

本記事は、MSRC Team のブログ “Coming together to address Encapsulated PostScript EPS attacks” 2017 年 5 月 9 日 米国時間公開 を翻...

0.5AI score
Exploits0
MSRC
MSRC
added 2026/01/05 12:0 a.m.14 views

Congratulations to the top MSRC 2025 Q4 security researchers!

Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...

7AI score
Exploits0
MSRC
MSRC
added 2025/09/04 7:0 a.m.14 views

Why XSS still matters: MSRC’s perspective on a 25-year-old threat

Cross-Site Scripting XSS has been a known vulnerability class for two decades, yet it continues to surface in modern applications, including those built with the latest frameworks and cloud-native architectures. At Microsoft, we still receive a steady stream of XSS reports across our services, fr...

5.7AI score
Exploits0
MSRC
MSRC
added 2024/11/19 8:0 a.m.14 views

Securing AI and Cloud with the Zero Day Quest

Our security teams work around the clock to help protect every person and organization on the planet from security threats. We also know that security is a team sport, and that’s why we also partner with the global security community through our bug bounty programs to proactively identify and...

7.4AI score
Exploits0
MSRC
MSRC
added 2024/11/12 8:0 a.m.14 views

Toward greater transparency: Publishing machine-readable CSAF files

Welcome to the third installment in our series on transparency at the Microsoft Security Response Center MSRC. In this ongoing discussion, we talk about our commitment to providing comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers,...

7AI score
Exploits0
MSRC
MSRC
added 2024/08/06 7:0 a.m.14 views

Congratulations to the MSRC 2024 Most Valuable Security Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s 100 Most...

7.5AI score
Exploits0
MSRC
MSRC
added 2023/01/10 8:0 a.m.14 views

2023 年 1 月のセキュリティ更新プログラム (月例)

2023 年 1 月 10 日 米国時間 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2023/01/06 8:0 a.m.14 views

Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API

Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide SUG Common Vulnerability Reporting Framework CVRF API. CBL-Mariner is a Linux distribution built by Microsoft to power Azure’s cloud and edge products and services and i...

6.8AI score
Exploits0
MSRC
MSRC
added 2022/11/08 8:0 a.m.14 views

セキュリティ更新プログラム リリース スケジュール (2023 年)

2023 年のセキュリティ更新プログラムの公開予定日は下記のとおりです。更新プログラムの評価、テスト、適用の...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/11/01 7:0 a.m.14 views

Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Summary Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB currently in preview reported by Orca Security. Customers not using Jupyter Notebooks 99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks were not susceptible to th...

3.3AI score
Exploits0
MSRC
MSRC
added 2022/10/24 7:0 a.m.14 views

Congratulations to the Top MSRC 2022 Q3 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zha...

1.3AI score
Exploits0
MSRC
MSRC
added 2022/10/12 7:0 a.m.14 views

Improvements in Security Update Notifications Delivery - And a New Delivery Method

At MSRC, we are passionate about ensuring our customers have a positive experience when they use the Microsoft Security Update Guide SUG. A big part of improving that experience is ensuring that customers have timely and easily accessible notifications. As such we have two important announcements...

6.8AI score
Exploits0
MSRC
MSRC
added 2022/05/19 7:0 a.m.14 views

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name...

0.6AI score
Exploits0
MSRC
MSRC
added 2022/03/08 8:0 a.m.14 views

2022 年 3 月のセキュリティ更新プログラム (月例)

2022 年 3 月 8 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/12/14 8:0 a.m.14 views

Researcher Spotlight: Dr. Nestori Syynimaa’s Constant Mission Protecting Identities

"When you find the things I find, they really matter. They affect everybody’s security.” Currently streaming : The Expanse and Lost in Space on Netflix Currently listening to : Amorphis, Architects, and Killswitch Engage Currently running : 130 kilometers or 80 miles a month Currently playing :...

7.2AI score
Exploits0
MSRC
MSRC
added 2021/10/20 7:0 a.m.14 views

Microsoft のバグハンティング:脆弱性発見者へのインタビューとMSRCについて ~ CODE BLUE Open Talkより

より安全で安心な製品やサービスを提供するために、マイクロソフトでは、マイクロソフトの製品やサービスに...

1.3AI score
Exploits0
MSRC
MSRC
added 2021/01/11 8:0 a.m.14 views

Building Faster AMD64 Memset Routines

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memor...

7AI score
Exploits0
MSRC
MSRC
added 2020/08/27 7:0 a.m.14 views

Local Administrator Password Solution (LAPS) 導入ガイド (日本語版)

Active Directory 管理者のみなさん、Local Administrator Password Solution LAPS ツールはご存じですか? LAPS ツールは、Active Directory AD に参加して...

1.8AI score
Exploits0
MSRC
MSRC
added 2020/04/09 7:0 a.m.14 views

リモート環境における更新プログラム適用の考慮事項

マイクロソフトは通常通り、4 月の月例セキュリティ更新日 2020 年 4 月 15 日 日本時間 に、定例のセキュリティ更...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/02/03 8:0 a.m.14 views

Recognizing Security Researchers in 2020

Is it too early to talk about the 2020 MSRC Most Valuable Security Researchers? Five months from now, at the end of June, the program period closes for researchers to be considered for inclusion in the Most Valuable Researchers list. The top researcher list will be revealed at Black Hat North...

1.8AI score
Exploits0
MSRC
MSRC
added 2019/10/25 7:0 a.m.14 views

Time for day 2 of briefings at BlueHat Seattle!

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent complete with toasted marshmallows. Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising...

0.8AI score
Exploits0
MSRC
MSRC
added 2019/10/23 7:0 a.m.14 views

セキュリティ更新プログラム リリース スケジュール (2020 年)

2019 年のリリース スケジュールは「セキュリティ更新プログラム リリース スケジュール 2019 年」をご覧ください。...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/09/30 7:0 a.m.14 views

Building the Azure IoT Edge Security Daemon in Rust

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as t...

6.8AI score
Exploits0
MSRC
MSRC
added 2019/08/05 7:0 a.m.14 views

Azure Security Lab: a new space for Azure research and collaboration

Azure is exceptionally secure. To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000. But we aren’t stopping there. To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented...

1.3AI score
Exploits0
MSRC
MSRC
added 2019/07/02 12:5 a.m.14 views

Inside the MSRC – Building your own security incident response process

This is the third and last in a series of posts that looks at how Microsoft responds to elevated threats to customers through the Microsoft Security Response Center’s MSRC Software and Services Incident Response Plan SSIRP. Our previous posts discussed how Microsoft protects customers against...

2.3AI score
Exploits0
MSRC
MSRC
added 2019/06/27 7:0 a.m.14 views

Inside the MSRC – Anatomy of a SSIRP incident

This is the second in a series of blog posts that shares how the MSRC responds to elevated threats to customers through the Software and Services Incident Response Plan SSIRP. In ourlast blog post, we looked at the history of the Microsoft Security Response Center and SSIRP, and how Microsoft tak...

6.8AI score
Exploits0
MSRC
MSRC
added 2019/02/14 8:0 a.m.14 views

BlueHat Shanghai 2019 Call for Papers is Now Open!

We know security experts with diverse skills and experiences are found around the world. This year, the BlueHat Security Conference is coming to Shanghai! BlueHat Shanghai 2019 will take place on May 29-30 at W Shanghai - The Bund. We want to provide a venue for security researchers to come...

1.5AI score
Exploits0
MSRC
MSRC
added 2018/11/12 8:0 a.m.14 views

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

2.3AI score
Exploits0
MSRC
MSRC
added 2018/09/10 7:0 a.m.14 views

Microsoft Security Servicing Criteria for Windows

One of our goals in the Microsoft Security Response Center MSRC is to be more transparent with security researchers and our customers on the criteria we use for determining when we intend to address a reported vulnerability through a security update. Our belief is that improving transparency on...

6.9AI score
Exploits0
MSRC
MSRC
added 2018/08/08 7:0 a.m.14 views

Microsoft’s Top 100 Security Researchers – Black Hat 2018 Edition

This morning we are excited to unveil the security researcher leaderboard at the Black Hat Security Conference. This list recognizes the top security researchers who have contributed research to the Microsoft products and services. If you are curious on how we build the list, check out our blog...

6.9AI score
Exploits0
MSRC
MSRC
added 2018/06/21 7:0 a.m.14 views

Announcing Changes to Microsoft’s Mitigation Bypass Bounty

Today we’re announcing a change to the Mitigation Bypass Bounty that removes Control Flow Guard CFG from the set of in-scope mitigations. In this blog, we’ll provide additional background and explain why we’re making this change. Mitigation Bypass Bounty Background Microsoft started the Mitigatio...

7.1AI score
Exploits0
MSRC
MSRC
added 2018/03/14 7:0 a.m.14 views

Mitigating speculative execution side channel hardware vulnerabilities

On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chanc...

1.1AI score
Exploits0
MSRC
MSRC
added 2018/01/24 8:0 a.m.14 views

マイクロソフト、法執行機関などとの連携により Gamarue (Andromeda) を撲滅

本記事は、Microsoft Secure ブログ “Microsoft teams up with law enforcement and other partners to disrupt Gamarue Andromeda...

3.1AI score
Exploits0
MSRC
MSRC
added 2017/12/12 6:30 p.m.14 views

December 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
MSRC
MSRC
added 2017/11/21 8:0 a.m.14 views

Clarifying the behavior of mandatory ASLR

Last week, the CERT/CC published an advisory describing some unexpected behavior they observed when enabling system-wide mandatory Address Space Layout Randomization ASLR using Windows Defender Exploit Guard WDEG and EMET on Windows 8 and above. In this blog post, we will explain the configuratio...

7AI score
Exploits0
Total number of security vulnerabilities1366