1366 matches found
Extending the Microsoft Office Bounty Program
Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017. This extension is retroactive for any cases submitted during the interim. The engagement we have had with the security community has been great and we are looking to continue that collaboration on...
Announcing the Windows Bounty Program
Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...
Petya マルウェア攻撃に関する最新情報
本記事は、Microsoft Security Response Center のブログ “Update on Petya malware attacks” 2017 年 6 月 28 日 米国時間公...
June 2017 security update release
Microsoft releases additional updates for older platforms to protect against potential nation-state activity Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of...
Coming together to address Encapsulated PostScript (EPS) attacks
Today’s security updates include three updates that exemplify how the security ecosystem can come together to help protect consumers and enterprises. We would like to thank FireEye and ESET for working with us. Customers that have the latest security updates installed are protected against the...
May 2016 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty
Microsoft is pleased to announce another expansion of the Microsoft Bounty Programs. Today we begin a bounty for the Nano Server installation option of Windows Server 2016Technical Preview 5. Please visit https://aka.ms/BugBounty to find more details. Nano Server is a remotely administered,...
January 2016 Security Update Release Summary
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
November 2015 Security Update Release Summary
Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...
Microsoft Bounty Programs Expansion – Azure and Project Spartan
Update 2/22/17: Removed Guest-to-Host DoS non-distributed, from a single guest from Hyper-V escape bounty list. I am excited to announce significant expansions to the Microsoft Bounty Programs. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updati...
Advance Notification Service for the September 2014 Security Bulletin Release
Today, we provide advance notification for the release of four Security Bulletins. One of these updates is rated Critical and three are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer, .NET Framework and Lync. As a reminder, we are now using a new format...
EMET 4.0 now available for download
We are pleased to announce that the final release of version 4.0 of the Enhanced Mitigation Experience Toolkit , best known as EMET, is now finally available for download. You can download it from http://www.microsoft.com/en-us/download/details.aspx?id=39273. We already mentioned some of the new...
A few more days before EMET 4
On May 8th, we announced that EMET 4 would have been released today, May 28th. Since that day, we had additional feedback and we are working on a few things that are requiring a little bit more time than expected. This considered, we are not releasing EMET 4 today, and we will take a few more day...
A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure
In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk...
Congratulations to the Top MSRC 2024 Q4 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q4 Security Researcher Leaderboard are Suresh,...
Configuring host-level audit logging for AKS VMSS
This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service AKS Virtual Machine Scale Set VMSS using the Linux auditing subsystem, also known as auditd. Warning The information provided below is accurate as of the release date of this blog post...
BlueHat 2023: Connecting the security research community with Microsoft
We’re excited to welcome more than 400 members of the security research community from around the world to Redmond, Washington for BlueHat 2023. Hosted by the Microsoft Security Response Center MSRC, BlueHat is where the security research community, and Microsoft security professionals, come...
サイバーセキュリティ月間 2023
政府では、サイバーセキュリティに関する普及啓発強化のため、2 月 1 日から 3 月 18 日までを 「サイバーセキュ...
Microsoft は、Azure クラウド サービスにおける 4 つの SSRF の脆弱性を解決しました。
本ブログは、Microsoft resolves four SSRF vulnerabilities in Azure cloud services の抄訳版です。最新の情報は原文を参照してください。 概要...
BlueHat 2023: Applications to Attend NOW OPEN!
We are excited to announce that applications to attend BlueHat 2023 are now open BlueHat 2023 will be the 20th version of the BlueHat conference and will once again be on the Microsoft campus in Redmond, WA, USA, from February 8 – 9, 2023. Hosted by the Microsoft Security Response Center MSRC,...
Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)
We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning ML systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security...
マイクロソフト、Jupyter Notebooks for Azure Cosmos DB の脆弱性を修正
本ブログは、Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB の抄訳版です。最新の情報は原文を参照してください。 概...
2022 年 10 月 のセキュリティ更新プログラム (月例)
2022 年 10 月 11 日 米国時間 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...
What’s the smallest variety of CHERI?
The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to scale the key ideas from CHERI down to tiny cores on the scale of the cheapest...
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards
The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the...
セキュリティ更新プログラム ガイドの通知システム : 今すぐプロファイルを作成しましょう
本ブログは、Security Update Guide Notification System News: Create your profile now の抄訳版です。最新の情報は原文を参照してください。 セキ...
Microsoft Office、2022年8月からシンボルを公開
本ブログは、Microsoft Office to publish symbols starting August 2022 の抄訳版です。最新の情報は原文を参照してください。 Microsoft Office が...
All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity
The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this modern engineering marvel. Each day, approx. 100,000 vehicles travel over the bridge deck, which weighs a staggering 150,000 ton...
Service Fabric におけるLinux 上のコンテナ化されたワークロードからの特権昇格について
本ブログは、 Service Fabric Privilege Escalation from Containerized Workloads on Linux の抄訳版です。最新の情報は原文を参照してください。 協調的な脆弱性の公開...
2022 年 6 月のセキュリティ更新プログラム (月例)
2022 年 6 月 14 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...
Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards
“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name...
2022 年 5 月のセキュリティ更新プログラム (月例)
2022 年 5 月 10 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...
Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution
MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexib...
Exploring a New Class of Kernel Exploit Primitive
The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel pointer read. These often happen whe...
Disclosure of Vulnerability in Azure Automation Managed Identity Tokens
On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identitiestokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens...
Congratulations to the Top MSRC 2021 Q4 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q4 Security Researcher Leaderboard are: rezer0dai...
Congratulations to the Top MSRC 2021 Q3 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 8...
Coordinated disclosure of vulnerability in Azure Container Instances Service
Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances ACI that could potentially allow a user to access other customers’ information in the ACI service. Our investigation surfaced no unauthorized access to customer data. Out of an abundanc...
Announcing the Launch of the Azure SSRF Security Research Challenge
Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery SSRF Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft...
2021 年 8 月のセキュリティ更新プログラム (月例)
2021 年 8 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Point and Print Default Behavior Change
Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changi...
Introducing Bounty Awards for Teams Desktop Client Security Research
Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate...
オンプレミス Exchange Server の脆弱性の調査や修復に対応する方向けのガイダンス
「Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities」の日本語抄訳です。 最近一般に公開さ...
2021 年 3 月のセキュリティ更新プログラム (月例)
2021 年 3 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021
On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by applying the patches immediately to...
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards
Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude. The...
Updates to the Windows Insider Preview Bounty Program
Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to encourage and reward vulnerability research focused on the highest impact to customer security. The...
2020 年 7 月のセキュリティ更新プログラム (月例)
2020 年 7 月 15 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
2020 年 6 月のセキュリティ更新プログラム (月例)
2020 年 6 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
[サイバーセキュリティ月間2020] 製品のサポートが終了したらどうなるの?
2020 年 1 月に、広く利用されてきた Windows 7, Windows Server 2008/2008R2 のサポートが終了して既に数か月が過ぎました。サポートが終了す...