Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2018/02/13 6:43 p.m.15 views

February 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
MSRC
MSRC
added 2018/02/06 8:0 a.m.15 views

はい、これで見えますね: ファイルレス マルウェアをさらけ出す

本記事は、Microsoft Secure ブログ “Now you see me: Exposing fileless malware” 2018 年 1 月 24 日 米国時間公開 を翻...

0.6AI score
Exploits0
MSRC
MSRC
added 2017/11/14 6:0 p.m.15 views

November 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
MSRC
MSRC
added 2017/07/13 7:0 a.m.15 views

Eternal Synergy Exploit Analysis

Introduction Introduction Recently we announced a series of blog posts dissecting the exploits released by the ShadowBrokers in April 2017; specifically some of the less explored exploits. This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This one is...

2.5AI score
Exploits0
MSRC
MSRC
added 2017/06/29 7:0 a.m.15 views

Eternal Champion Exploit Analysis

Recently, a group named the ShadowBrokers published several remote server exploits targeting various protocols on older versions of Windows. In this post we are going to look at the EternalChampion exploit in detail to see what vulnerabilities it exploited, how it exploited them, and how the late...

3.6AI score
Exploits0
MSRC
MSRC
added 2017/05/11 7:0 a.m.15 views

Encapsulated PostScript (EPS) の脆弱性を利用した攻撃に対処するために団結する

本記事は、MSRC Team のブログ “Coming together to address Encapsulated PostScript EPS attacks” 2017 年 5 月 9 日 米国時間公開 を翻...

0.5AI score
Exploits0
MSRC
MSRC
added 2024/11/12 8:0 a.m.14 views

Toward greater transparency: Publishing machine-readable CSAF files

Welcome to the third installment in our series on transparency at the Microsoft Security Response Center MSRC. In this ongoing discussion, we talk about our commitment to providing comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers,...

7AI score
Exploits0
MSRC
MSRC
added 2024/08/06 7:0 a.m.14 views

Congratulations to the MSRC 2024 Most Valuable Security Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s 100 Most...

7.5AI score
Exploits0
MSRC
MSRC
added 2023/06/16 7:0 a.m.14 views

Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks

Summary Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359. Thes...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/06/13 7:0 a.m.14 views

2023 年 6 月のセキュリティ更新プログラム (月例)

2023 年 6 月 13 日 米国時間 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

7.1AI score
Exploits0
MSRC
MSRC
added 2023/04/13 7:0 a.m.14 views

Congratulations to the Top MSRC 2023 Q1 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q1 Security Researcher Leaderboard are: Kai Lu...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/01/10 8:0 a.m.14 views

2023 年 1 月のセキュリティ更新プログラム (月例)

2023 年 1 月 10 日 米国時間 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2023/01/06 8:0 a.m.14 views

Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API

Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide SUG Common Vulnerability Reporting Framework CVRF API. CBL-Mariner is a Linux distribution built by Microsoft to power Azure’s cloud and edge products and services and i...

6.8AI score
Exploits0
MSRC
MSRC
added 2022/11/08 8:0 a.m.14 views

セキュリティ更新プログラム リリース スケジュール (2023 年)

2023 年のセキュリティ更新プログラムの公開予定日は下記のとおりです。更新プログラムの評価、テスト、適用の...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/11/01 7:0 a.m.14 views

Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Summary Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB currently in preview reported by Orca Security. Customers not using Jupyter Notebooks 99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks were not susceptible to th...

3.3AI score
Exploits0
MSRC
MSRC
added 2022/10/24 7:0 a.m.14 views

Congratulations to the Top MSRC 2022 Q3 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zha...

1.3AI score
Exploits0
MSRC
MSRC
added 2022/10/12 5:5 p.m.14 views

Improvements in Security Update Notifications Delivery – And a New Delivery Method

At MSRC, we are passionate about ensuring our customers have a positive experience when they use the Microsoft Security Update Guide SUG. A big part of improving that experience is ensuring that customers have timely and easily accessible notifications. As such we have two important announcements...

3.3AI score
Exploits0
MSRC
MSRC
added 2022/08/08 9:30 a.m.14 views

Microsoft Office to publish symbols starting August 2022

We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve security and performance for customers and partners. Key...

3.1AI score
Exploits0
MSRC
MSRC
added 2022/07/13 2:35 p.m.14 views

All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity

The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this modern engineering marvel. Each day, approx. 100,000 vehicles travel over the bridge deck, which weighs a staggering 150,000 ton...

1.8AI score
Exploits0
MSRC
MSRC
added 2022/05/19 7:0 a.m.14 views

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name...

0.6AI score
Exploits0
MSRC
MSRC
added 2022/03/08 8:0 a.m.14 views

2022 年 3 月のセキュリティ更新プログラム (月例)

2022 年 3 月 8 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/12/14 8:0 a.m.14 views

2021 年 12 月のセキュリティ更新プログラム (月例)

2021 年 12 月 14 日(米国時間)に、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セ...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/10/20 7:0 a.m.14 views

Microsoft のバグハンティング:脆弱性発見者へのインタビューとMSRCについて ~ CODE BLUE Open Talkより

より安全で安心な製品やサービスを提供するために、マイクロソフトでは、マイクロソフトの製品やサービスに...

1.3AI score
Exploits0
MSRC
MSRC
added 2021/01/11 8:0 a.m.14 views

Building Faster AMD64 Memset Routines

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memor...

7AI score
Exploits0
MSRC
MSRC
added 2020/08/27 7:0 a.m.14 views

Local Administrator Password Solution (LAPS) 導入ガイド (日本語版)

Active Directory 管理者のみなさん、Local Administrator Password Solution LAPS ツールはご存じですか? LAPS ツールは、Active Directory AD に参加して...

1.8AI score
Exploits0
MSRC
MSRC
added 2020/05/13 7:0 a.m.14 views

Solving Uninitialized Stack Memory on Windows

This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path. This blog post will be broken down into a few parts that folks can jump to: Uninitialized Memory Background Potential Solutions to Uninitialize...

3.9AI score
Exploits0
MSRC
MSRC
added 2020/02/03 8:0 a.m.14 views

Recognizing Security Researchers in 2020

Is it too early to talk about the 2020 MSRC Most Valuable Security Researchers? Five months from now, at the end of June, the program period closes for researchers to be considered for inclusion in the Most Valuable Researchers list. The top researcher list will be revealed at Black Hat North...

1.8AI score
Exploits0
MSRC
MSRC
added 2019/10/25 7:0 a.m.14 views

Time for day 2 of briefings at BlueHat Seattle!

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent complete with toasted marshmallows. Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising...

0.8AI score
Exploits0
MSRC
MSRC
added 2019/09/30 7:0 a.m.14 views

Building the Azure IoT Edge Security Daemon in Rust

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as t...

6.8AI score
Exploits0
MSRC
MSRC
added 2019/08/05 7:0 a.m.14 views

Azure Security Lab: a new space for Azure research and collaboration

Azure is exceptionally secure. To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000. But we aren’t stopping there. To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented...

1.3AI score
Exploits0
MSRC
MSRC
added 2019/07/02 12:5 a.m.14 views

Inside the MSRC – Building your own security incident response process

This is the third and last in a series of posts that looks at how Microsoft responds to elevated threats to customers through the Microsoft Security Response Center’s MSRC Software and Services Incident Response Plan SSIRP. Our previous posts discussed how Microsoft protects customers against...

2.3AI score
Exploits0
MSRC
MSRC
added 2019/06/27 7:0 a.m.14 views

Inside the MSRC – Anatomy of a SSIRP incident

This is the second in a series of blog posts that shares how the MSRC responds to elevated threats to customers through the Software and Services Incident Response Plan SSIRP. In ourlast blog post, we looked at the history of the Microsoft Security Response Center and SSIRP, and how Microsoft tak...

6.8AI score
Exploits0
MSRC
MSRC
added 2019/02/14 8:0 a.m.14 views

BlueHat Shanghai 2019 Call for Papers is Now Open!

We know security experts with diverse skills and experiences are found around the world. This year, the BlueHat Security Conference is coming to Shanghai! BlueHat Shanghai 2019 will take place on May 29-30 at W Shanghai - The Bund. We want to provide a venue for security researchers to come...

1.5AI score
Exploits0
MSRC
MSRC
added 2018/11/12 8:0 a.m.14 views

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

2.3AI score
Exploits0
MSRC
MSRC
added 2018/10/26 7:0 a.m.14 views

BlueHat v18 Content Now Available

Last month we wrapped up another great BlueHat event. As an organizer, it is great to hear that the content is so strong that we have participants have to make hard choices on what to attend. BlueHat is about the community we build and the experiences we share. To further support that we are maki...

0.9AI score
Exploits0
MSRC
MSRC
added 2018/09/10 7:0 a.m.14 views

Microsoft Security Servicing Criteria for Windows

One of our goals in the Microsoft Security Response Center MSRC is to be more transparent with security researchers and our customers on the criteria we use for determining when we intend to address a reported vulnerability through a security update. Our belief is that improving transparency on...

6.9AI score
Exploits0
MSRC
MSRC
added 2018/06/21 7:0 a.m.14 views

Announcing Changes to Microsoft’s Mitigation Bypass Bounty

Today we’re announcing a change to the Mitigation Bypass Bounty that removes Control Flow Guard CFG from the set of in-scope mitigations. In this blog, we’ll provide additional background and explain why we’re making this change. Mitigation Bypass Bounty Background Microsoft started the Mitigatio...

7.1AI score
Exploits0
MSRC
MSRC
added 2018/01/24 8:0 a.m.14 views

マイクロソフト、法執行機関などとの連携により Gamarue (Andromeda) を撲滅

本記事は、Microsoft Secure ブログ “Microsoft teams up with law enforcement and other partners to disrupt Gamarue Andromeda...

3.1AI score
Exploits0
MSRC
MSRC
added 2017/12/12 6:30 p.m.14 views

December 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
MSRC
MSRC
added 2017/11/21 8:0 a.m.14 views

Clarifying the behavior of mandatory ASLR

Last week, the CERT/CC published an advisory describing some unexpected behavior they observed when enabling system-wide mandatory Address Space Layout Randomization ASLR using Windows Defender Exploit Guard WDEG and EMET on Windows 8 and above. In this blog post, we will explain the configuratio...

7AI score
Exploits0
MSRC
MSRC
added 2017/07/26 5:1 p.m.14 views

Announcing the Windows Bounty Program

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...

7.5AI score
Exploits0
MSRC
MSRC
added 2017/04/14 7:0 a.m.14 views

セキュリティ更新プログラム ガイド (Security Update Guide) を使ってみよう

※ 2020 年 11 月に、セキュリティ更新プログラム ガイドがリニューアルしています。新しいセキュリティ更新プログ...

0.5AI score
Exploits0
MSRC
MSRC
added 2017/02/14 8:0 a.m.14 views

February 2017 security update release

UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some custome...

6.9AI score
Exploits0
MSRC
MSRC
added 2015/02/10 8:0 a.m.14 views

MS15-011 & MS15-014: Hardening Group Policy

Today we are releasing MS15-011 & MS15-014 which harden group policy and address network access vulnerabilities that can be used to achieve remote code execution RCE in domain networks. The MS15-014 update addresses an issue in Group Policy update which can be used to disable client-side global S...

8.4AI score
Exploits0
MSRC
MSRC
added 2014/09/12 7:0 a.m.14 views

September 2014 Security Bulletin Release Webcast and Q&A

Today we’re publishing the September 2014 Security Bulletin Webcast Questions & Answers page. We fielded four questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer MS14-052 and a question about the Windows Update client. We invite...

7.2AI score
Exploits0
MSRC
MSRC
added 2014/09/09 7:0 a.m.14 views

The September 2014 Security Updates

Today, as a part of our regular Update Tuesday process, we released four security bulletins – one rated Critical and three rated Important in severity – to address 42 Common Vulnerabilities & Exposures CVEs in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. We encourage you...

7.3AI score
Exploits0
MSRC
MSRC
added 2013/08/13 7:0 a.m.14 views

Assessing risk for the August 2013 security updates

Today we released eight security bulletins addressing 23 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...

7AI score
Exploits0
MSRC
MSRC
added 2026/02/20 12:0 a.m.13 views

From arcades to Azure: Felix’s security research journey

When you talk with Felix, you quickly get the sense that he has always been propelled by curiosity and by a need for something that truly challenges him. Today, he is a successful independent security researcher who uncovers vulnerabilities across Microsoft cloud services. However, his path into...

5.6AI score
Exploits0
MSRC
MSRC
added 2026/01/05 12:0 a.m.13 views

Congratulations to the top MSRC 2025 Q4 security researchers!

Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...

7AI score
Exploits0
MSRC
MSRC
added 2025/10/30 12:0 a.m.13 views

A deep dive into MUTZ

AtDEF CON 33, we shared our research into MapUrlToZone, a critical Windows security component that determines whether a given path is local, on the intranet, or on the broader Internet. This classification drives several security decisions across Windows, for example, preventing a CreateFile call...

7.1AI score
Exploits0
Total number of security vulnerabilities1366