Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2018/03/14 7:0 a.m.14 views

Mitigating speculative execution side channel hardware vulnerabilities

On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chanc...

1.1AI score
Exploits0
MSRC
MSRC
added 2018/01/24 8:0 a.m.14 views

マイクロソフト、法執行機関などとの連携により Gamarue (Andromeda) を撲滅

本記事は、Microsoft Secure ブログ “Microsoft teams up with law enforcement and other partners to disrupt Gamarue Andromeda...

3.1AI score
Exploits0
MSRC
MSRC
added 2017/11/21 8:0 a.m.14 views

Clarifying the behavior of mandatory ASLR

Last week, the CERT/CC published an advisory describing some unexpected behavior they observed when enabling system-wide mandatory Address Space Layout Randomization ASLR using Windows Defender Exploit Guard WDEG and EMET on Windows 8 and above. In this blog post, we will explain the configuratio...

7AI score
Exploits0
MSRC
MSRC
added 2017/07/26 5:1 p.m.14 views

Announcing the Windows Bounty Program

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...

7.5AI score
Exploits0
MSRC
MSRC
added 2017/04/14 7:0 a.m.14 views

セキュリティ更新プログラム ガイド (Security Update Guide) を使ってみよう

※ 2020 年 11 月に、セキュリティ更新プログラム ガイドがリニューアルしています。新しいセキュリティ更新プログ...

0.5AI score
Exploits0
MSRC
MSRC
added 2017/02/14 8:0 a.m.14 views

February 2017 security update release

UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some custome...

6.9AI score
Exploits0
MSRC
MSRC
added 2015/02/10 8:0 a.m.14 views

MS15-011 & MS15-014: Hardening Group Policy

Today we are releasing MS15-011 & MS15-014 which harden group policy and address network access vulnerabilities that can be used to achieve remote code execution RCE in domain networks. The MS15-014 update addresses an issue in Group Policy update which can be used to disable client-side global S...

8.4AI score
Exploits0
MSRC
MSRC
added 2014/09/12 7:0 a.m.14 views

September 2014 Security Bulletin Release Webcast and Q&A

Today we’re publishing the September 2014 Security Bulletin Webcast Questions & Answers page. We fielded four questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer MS14-052 and a question about the Windows Update client. We invite...

7.2AI score
Exploits0
MSRC
MSRC
added 2014/09/09 7:0 a.m.14 views

The September 2014 Security Updates

Today, as a part of our regular Update Tuesday process, we released four security bulletins – one rated Critical and three rated Important in severity – to address 42 Common Vulnerabilities & Exposures CVEs in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. We encourage you...

7.3AI score
Exploits0
MSRC
MSRC
added 2013/08/13 7:0 a.m.14 views

Assessing risk for the August 2013 security updates

Today we released eight security bulletins addressing 23 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...

7AI score
Exploits0
MSRC
MSRC
added 2026/02/20 12:0 a.m.13 views

From arcades to Azure: Felix’s security research journey

When you talk with Felix, you quickly get the sense that he has always been propelled by curiosity and by a need for something that truly challenges him. Today, he is a successful independent security researcher who uncovers vulnerabilities across Microsoft cloud services. However, his path into...

5.6AI score
Exploits0
MSRC
MSRC
added 2025/10/30 12:0 a.m.13 views

A deep dive into MUTZ

AtDEF CON 33, we shared our research into MapUrlToZone, a critical Windows security component that determines whether a given path is local, on the intranet, or on the broader Internet. This classification drives several security decisions across Windows, for example, preventing a CreateFile call...

7.1AI score
Exploits0
MSRC
MSRC
added 2024/07/31 7:0 a.m.13 views

Introducing the MSRC Researcher Resource Center

Microsoft partners with the global security researcher community to surface and report security vulnerabilities to protect all users of Microsoft products and services. Researcher submissions help us address immediate threats while also identifying trends and insights to holistically improve the...

7.5AI score
Exploits0
MSRC
MSRC
added 2023/11/20 8:0 a.m.13 views

Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded

This year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70 countries. These...

7.5AI score
Exploits0
MSRC
MSRC
added 2023/10/05 7:0 a.m.13 views

Cybersecurity Awareness Month 2023: Elevating Security Together

As the 20th anniversary of Cybersecurity Awareness Month begins, I find myself reflecting on the strides made since its inception. The journey to enhance and improve cybersecurity is ongoing and extends beyond October. It’s not merely a technological challenge; it is fundamentally about people...

6.8AI score
Exploits0
MSRC
MSRC
added 2023/06/14 7:0 a.m.13 views

Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry

Summary Summary Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry ACR. Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target users session within the...

6.8AI score
Exploits0
MSRC
MSRC
added 2023/03/29 7:0 a.m.13 views

Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD

Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of our internal applications. The misconfiguration allowed external parties read and write access...

7.1AI score
Exploits0
MSRC
MSRC
added 2023/02/08 8:0 a.m.13 views

New MSRC Blog Site

We are excited to announce the release of the new Microsoft Security Response Center MSRC blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved si...

0.3AI score
Exploits0
MSRC
MSRC
added 2023/02/06 8:0 a.m.13 views

BlueHat 2023: Connecting the security research community with Microsoft

We’re excited to welcome more than 400 members of the security research community from around the world to Redmond, Washington for BlueHat 2023. Hosted by the Microsoft Security Response Center MSRC, BlueHat is where the security research community, and Microsoft security professionals, come...

6.8AI score
Exploits0
MSRC
MSRC
added 2023/01/17 8:0 a.m.13 views

Microsoft resolves four SSRF vulnerabilities in Azure cloud services

Summary Summary Microsoft recently fixed a set of Server-Side Request Forgery SSRF vulnerabilities in four Azure services Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins reported by Orca Security. These SSRF vulnerabilities were determined to be low risk as...

2.7AI score
Exploits0
MSRC
MSRC
added 2022/12/13 8:0 a.m.13 views

2022 年 12 月のセキュリティ更新プログラム (月例)

2022 年 12 月 13 日 米国時間 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/10/13 7:0 a.m.13 views

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you...

7.1AI score
Exploits0
MSRC
MSRC
added 2022/09/20 7:0 a.m.13 views

Azure Identity SDK と Azure Key Vault SDKに関する多層防御のためのアップデートとベストプラクティスの実装ガイダンス

本ブログは、Defense-in-Depth Updates for Azure Identity SDK and Azure Key Vault SDK plus Best Practice Implementation Guidance の抄訳版です。最新の情報は...

1.9AI score
Exploits0
MSRC
MSRC
added 2022/08/12 7:0 a.m.13 views

1年間のバグ報奨金プログラム レビュー: 報奨金 $13.7M

本ブログは、Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards の抄訳版です。最新の情報は原文を参照してください。 Microsoft...

2.4AI score
Exploits0
MSRC
MSRC
added 2022/08/08 7:0 a.m.13 views

Congratulations to the MSRC 2022 Most Valuable Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most...

0.8AI score
Exploits0
MSRC
MSRC
added 2022/07/19 7:0 a.m.13 views

Azure Storage SDK でのクライアントサイド暗号化におけるパディング オラクル の脆弱性を軽減

本ブログは、Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability の抄訳版です。最新の情報は原文を参照してください。...

1.5AI score
Exploits0
MSRC
MSRC
added 2022/04/28 7:0 a.m.13 views

Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution

MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexib...

7.2AI score
Exploits0
MSRC
MSRC
added 2022/04/15 7:0 a.m.13 views

影響の大きいシナリオにおけるマイクロソフトのバグ報奨金プログラムの拡大

本ブログは、Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programsの抄訳版です。最新の情報は原文を参照し...

1.8AI score
Exploits0
MSRC
MSRC
added 2022/04/05 7:0 a.m.13 views

On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program

Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program. Through this expanded program, we encourage researchers to discover and report high-impact security...

1.1AI score
Exploits0
MSRC
MSRC
added 2022/03/30 7:0 a.m.13 views

Randomizing the KUSER_SHARED_DATA Structure on Windows

Opps, this post exists, but was actually published 4/5/2022. We're navigating you to the correct page now. If that doesn't work click the link below: Randomizing the KUSERSHAREDDATA Structure on Windows – Microsoft Security Response Center...

7.2AI score
Exploits0
MSRC
MSRC
added 2022/03/30 7:0 a.m.13 views

Randomizing the KUSER_SHARED_DATA Structure on Windows

Opps, this post exists, but was actually published 4/5/2022. Were navigating you to the correct page now. If that doesnt work click the link below: Randomizing the KUSERSHAREDDATA Structure on Windows – Microsoft Security Response Center...

1.7AI score
Exploits0
MSRC
MSRC
added 2021/11/17 8:0 a.m.13 views

アプリケーションおよびサービス プリンシパル API での Azure Active Directory (AD) keyCredential プロパティの情報漏えいに関するガイダンス

本ブログは、“Guidance for Azure Active Directory AD keyCredential property Information Disclosure in Application and Service Principal APIs” の抄訳版です。最新の情報は、原本...

2.1AI score
Exploits0
MSRC
MSRC
added 2021/04/29 7:0 a.m.13 views

“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks

Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These...

3.4AI score
Exploits0
MSRC
MSRC
added 2021/02/10 8:0 a.m.13 views

MSRC Security Researcher Recognition: 2021

Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different paths you can take to get into the top researcher tiers. The MSRC Most Valuable Security Researcher MVR and MSRC...

1.8AI score
Exploits0
MSRC
MSRC
added 2021/02/09 8:0 a.m.13 views

Continuing to Listen: Good News about the Security Update Guide API!

Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. Were happy to make this valuable public...

3.2AI score
Exploits0
MSRC
MSRC
added 2020/11/10 8:0 a.m.13 views

セキュリティ更新プログラム リリース スケジュール (2021 年)

2021 年のセキュリティ更新プログラムの公開予定日は下記のとおりです。更新プログラムの評価、テスト、適用の...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/04/21 7:0 a.m.13 views

安心・安全に利用するために : 基本のセキュリティ設定を確認しましょう (Windows 10)

昨今は、リモートワークのために、企業や組織で新たに持ち出し用デバイスを展開したり、あるいは、個人で所...

1.8AI score
Exploits0
MSRC
MSRC
added 2020/02/11 8:0 a.m.13 views

February 2020 security updates are available

We have released the February security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...

6.7AI score
Exploits0
MSRC
MSRC
added 2020/01/15 8:0 a.m.13 views

Announcing MSRC 2019 Q4 Security Researcher Leaderboard

Following the first Security Researcher Quarterly Leaderboard we published in October 2019, we are excited to announce the MSRC Q4 2019 Security Researcher Leaderboard, which shows the top contributing researchers for the last quarter. In each quarterly leaderboard, we recognize the security...

2.7AI score
Exploits0
MSRC
MSRC
added 2019/11/06 8:0 a.m.13 views

Vulnerability hunting with Semmle QL: DOM XSS

In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­...

6.5AI score
Exploits0
MSRC
MSRC
added 2019/09/03 7:0 a.m.13 views

Acquiring a VHD to Investigate

In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating and maintaining a VM image which can be...

2.1AI score
Exploits0
MSRC
MSRC
added 2019/07/22 7:0 a.m.13 views

Why Rust for safe systems programming

In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represen...

2.6AI score
Exploits0
MSRC
MSRC
added 2019/07/18 7:0 a.m.13 views

We need a safer systems programming language

In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities assigned a CVE for over a...

2.1AI score
Exploits0
MSRC
MSRC
added 2019/07/16 7:0 a.m.13 views

A proactive approach to more secure code

What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre MSRC has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019...

1AI score
Exploits0
MSRC
MSRC
added 2019/06/25 9:21 p.m.13 views

Inside the MSRC – Customer-centric incident response

The Microsoft Security Response Center MSRC is an integral part of Microsoft’s Cyber Defense Operations Center CDOC that brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with dedicated teams 24×7, the CDOC has...

0.7AI score
Exploits0
MSRC
MSRC
added 2019/06/11 11:48 p.m.13 views

2019 年 6 月のセキュリティ更新プログラム (月例)

2019 年 6 月 12 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/06/11 7:0 a.m.13 views

June 2019 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

2.9AI score
Exploits0
MSRC
MSRC
added 2019/01/17 8:0 a.m.13 views

Announcing the Microsoft Azure DevOps Bounty program

The Microsoft Security Response Center MSRC is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities i...

2.4AI score
Exploits0
MSRC
MSRC
added 2018/09/11 7:0 a.m.13 views

September 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...

2.7AI score
Exploits0
MSRC
MSRC
added 2018/04/10 7:0 a.m.13 views

2018 年 4 月のセキュリティ更新プログラム (月例)

2018 年 4 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
Total number of security vulnerabilities1366