Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2017/09/15 7:0 a.m.13 views

Extending the Microsoft Office Bounty Program

Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017. This extension is retroactive for any cases submitted during the interim. The engagement we have had with the security community has been great and we are looking to continue that collaboration on...

2.5AI score
Exploits0
MSRC
MSRC
added 2017/07/26 7:0 a.m.13 views

Announcing the Windows Bounty Program

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...

1.3AI score
Exploits0
MSRC
MSRC
added 2017/06/28 7:0 a.m.13 views

Petya マルウェア攻撃に関する最新情報

本記事は、Microsoft Security Response Center のブログ “Update on Petya malware attacks” 2017 年 6 月 28 日 米国時間公...

1.5AI score
Exploits0
MSRC
MSRC
added 2017/06/13 7:0 a.m.13 views

June 2017 security update release

Microsoft releases additional updates for older platforms to protect against potential nation-state activity Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of...

1AI score
Exploits0
MSRC
MSRC
added 2017/05/09 7:0 a.m.13 views

Coming together to address Encapsulated PostScript (EPS) attacks

Today’s security updates include three updates that exemplify how the security ecosystem can come together to help protect consumers and enterprises. We would like to thank FireEye and ESET for working with us. Customers that have the latest security updates installed are protected against the...

1.7AI score
Exploits0
MSRC
MSRC
added 2016/05/10 7:0 a.m.13 views

May 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

6.7AI score
Exploits0
MSRC
MSRC
added 2016/04/29 7:0 a.m.13 views

Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty

Microsoft is pleased to announce another expansion of the Microsoft Bounty Programs. Today we begin a bounty for the Nano Server installation option of Windows Server 2016Technical Preview 5. Please visit https://aka.ms/BugBounty to find more details. Nano Server is a remotely administered,...

6.9AI score
Exploits0
MSRC
MSRC
added 2016/01/12 8:0 a.m.13 views

January 2016 Security Update Release Summary

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

6.7AI score
Exploits0
MSRC
MSRC
added 2015/11/10 8:0 a.m.13 views

November 2015 Security Update Release Summary

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...

6.7AI score
Exploits0
MSRC
MSRC
added 2015/04/22 7:0 a.m.13 views

Microsoft Bounty Programs Expansion – Azure and Project Spartan

Update 2/22/17: Removed Guest-to-Host DoS non-distributed, from a single guest from Hyper-V escape bounty list. I am excited to announce significant expansions to the Microsoft Bounty Programs. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updati...

7.2AI score
Exploits0
MSRC
MSRC
added 2014/09/04 7:0 a.m.13 views

Advance Notification Service for the September 2014 Security Bulletin Release

Today, we provide advance notification for the release of four Security Bulletins. One of these updates is rated Critical and three are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer, .NET Framework and Lync. As a reminder, we are now using a new format...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/06/17 7:0 a.m.13 views

EMET 4.0 now available for download

We are pleased to announce that the final release of version 4.0 of the Enhanced Mitigation Experience Toolkit , best known as EMET, is now finally available for download. You can download it from http://www.microsoft.com/en-us/download/details.aspx?id=39273. We already mentioned some of the new...

7AI score
Exploits0
MSRC
MSRC
added 2013/05/28 7:0 a.m.14 views

A few more days before EMET 4

On May 8th, we announced that EMET 4 would have been released today, May 28th. Since that day, we had additional feedback and we are working on a few things that are requiring a little bit more time than expected. This considered, we are not releasing EMET 4 today, and we will take a few more day...

7AI score
Exploits0
MSRC
MSRC
added 2026/05/27 12:0 a.m.12 views

A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure

In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk...

5.8AI score
Exploits0
MSRC
MSRC
added 2025/01/15 8:0 a.m.12 views

Congratulations to the Top MSRC 2024 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q4 Security Researcher Leaderboard are Suresh,...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/03/01 8:0 a.m.12 views

Configuring host-level audit logging for AKS VMSS

This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service AKS Virtual Machine Scale Set VMSS using the Linux auditing subsystem, also known as auditd. Warning The information provided below is accurate as of the release date of this blog post...

6.7AI score
Exploits0
MSRC
MSRC
added 2023/02/06 8:0 a.m.12 views

BlueHat 2023: Connecting the security research community with Microsoft

We’re excited to welcome more than 400 members of the security research community from around the world to Redmond, Washington for BlueHat 2023. Hosted by the Microsoft Security Response Center MSRC, BlueHat is where the security research community, and Microsoft security professionals, come...

1.3AI score
Exploits0
MSRC
MSRC
added 2023/01/31 8:0 a.m.12 views

サイバーセキュリティ月間 2023

政府では、サイバーセキュリティに関する普及啓発強化のため、2 月 1 日から 3 月 18 日までを 「サイバーセキュ...

0.3AI score
Exploits0
MSRC
MSRC
added 2023/01/18 8:0 a.m.12 views

Microsoft は、Azure クラウド サービスにおける 4 つの SSRF の脆弱性を解決しました。

本ブログは、Microsoft resolves four SSRF vulnerabilities in Azure cloud services の抄訳版です。最新の情報は原文を参照してください。 概要...

2AI score
Exploits0
MSRC
MSRC
added 2022/12/02 8:0 a.m.12 views

BlueHat 2023: Applications to Attend NOW OPEN!

We are excited to announce that applications to attend BlueHat 2023 are now open BlueHat 2023 will be the 20th version of the BlueHat conference and will once again be on the Microsoft campus in Redmond, WA, USA, from February 8 – 9, 2023. Hosted by the Microsoft Security Response Center MSRC,...

7.2AI score
Exploits0
MSRC
MSRC
added 2022/11/16 8:0 a.m.12 views

Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning ML systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security...

2.8AI score
Exploits0
MSRC
MSRC
added 2022/11/02 7:0 a.m.12 views

マイクロソフト、Jupyter Notebooks for Azure Cosmos DB の脆弱性を修正

本ブログは、Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB の抄訳版です。最新の情報は原文を参照してください。 概...

1.8AI score
Exploits0
MSRC
MSRC
added 2022/10/11 7:0 a.m.12 views

2022 年 10 月 のセキュリティ更新プログラム (月例)

2022 年 10 月 11 日 米国時間 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/09/06 7:0 a.m.12 views

What’s the smallest variety of CHERI?

The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to scale the key ideas from CHERI down to tiny cores on the scale of the cheapest...

2.7AI score
Exploits0
MSRC
MSRC
added 2022/08/11 4:0 p.m.12 views

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the...

Exploits0
MSRC
MSRC
added 2022/08/10 7:0 a.m.12 views

セキュリティ更新プログラム ガイドの通知システム : 今すぐプロファイルを作成しましょう

本ブログは、Security Update Guide Notification System News: Create your profile now の抄訳版です。最新の情報は原文を参照してください。 セキ...

1.1AI score
Exploits0
MSRC
MSRC
added 2022/08/10 7:0 a.m.12 views

Microsoft Office、2022年8月からシンボルを公開

本ブログは、Microsoft Office to publish symbols starting August 2022 の抄訳版です。最新の情報は原文を参照してください。 Microsoft Office が...

1.7AI score
Exploits0
MSRC
MSRC
added 2022/07/13 7:0 a.m.12 views

All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity

The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this modern engineering marvel. Each day, approx. 100,000 vehicles travel over the bridge deck, which weighs a staggering 150,000 ton...

2AI score
Exploits0
MSRC
MSRC
added 2022/06/30 7:0 a.m.12 views

Service Fabric におけるLinux 上のコンテナ化されたワークロードからの特権昇格について

本ブログは、 Service Fabric Privilege Escalation from Containerized Workloads on Linux の抄訳版です。最新の情報は原文を参照してください。 協調的な脆弱性の公開...

2.9AI score
Exploits0
MSRC
MSRC
added 2022/06/14 7:0 a.m.12 views

2022 年 6 月のセキュリティ更新プログラム (月例)

2022 年 6 月 14 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/05/19 7:0 a.m.12 views

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name...

7AI score
Exploits0
MSRC
MSRC
added 2022/05/10 7:0 a.m.12 views

2022 年 5 月のセキュリティ更新プログラム (月例)

2022 年 5 月 10 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/04/28 7:0 a.m.12 views

Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution

MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexib...

7.2AI score
Exploits0
MSRC
MSRC
added 2022/03/22 7:0 a.m.12 views

Exploring a New Class of Kernel Exploit Primitive

The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel pointer read. These often happen whe...

7AI score
Exploits0
MSRC
MSRC
added 2022/03/07 8:0 a.m.12 views

Disclosure of Vulnerability in Azure Automation Managed Identity Tokens

On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identitiestokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens...

1.7AI score
Exploits0
MSRC
MSRC
added 2022/02/01 8:0 a.m.12 views

Congratulations to the Top MSRC 2021 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q4 Security Researcher Leaderboard are: rezer0dai...

6.8AI score
Exploits0
MSRC
MSRC
added 2021/10/14 7:0 a.m.12 views

Congratulations to the Top MSRC 2021 Q3 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 8...

6.9AI score
Exploits0
MSRC
MSRC
added 2021/09/08 7:0 a.m.12 views

Coordinated disclosure of vulnerability in Azure Container Instances Service

Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances ACI that could potentially allow a user to access other customers’ information in the ACI service. Our investigation surfaced no unauthorized access to customer data. Out of an abundanc...

6.6AI score
Exploits0
MSRC
MSRC
added 2021/08/19 7:0 a.m.12 views

Announcing the Launch of the Azure SSRF Security Research Challenge

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery SSRF Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft...

7.1AI score
Exploits0
MSRC
MSRC
added 2021/08/10 7:0 a.m.12 views

2021 年 8 月のセキュリティ更新プログラム (月例)

2021 年 8 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/08/10 7:0 a.m.12 views

Point and Print Default Behavior Change

Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changi...

3AI score
Exploits0
MSRC
MSRC
added 2021/03/24 7:0 a.m.12 views

Introducing Bounty Awards for Teams Desktop Client Security Research

Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate...

1.2AI score
Exploits0
MSRC
MSRC
added 2021/03/18 7:0 a.m.12 views

オンプレミス Exchange Server の脆弱性の調査や修復に対応する方向けのガイダンス

「Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities」の日本語抄訳です。 最近一般に公開さ...

3.1AI score
Exploits0
MSRC
MSRC
added 2021/03/09 8:0 a.m.12 views

2021 年 3 月のセキュリティ更新プログラム (月例)

2021 年 3 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/03/02 8:0 a.m.12 views

On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021

On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by applying the patches immediately to...

3.8AI score
Exploits0
MSRC
MSRC
added 2020/08/04 7:0 a.m.12 views

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude. The...

7AI score
Exploits0
MSRC
MSRC
added 2020/07/24 7:0 a.m.12 views

Updates to the Windows Insider Preview Bounty Program

Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to encourage and reward vulnerability research focused on the highest impact to customer security. The...

1.4AI score
Exploits0
MSRC
MSRC
added 2020/07/14 7:0 a.m.12 views

2020 年 7 月のセキュリティ更新プログラム (月例)

2020 年 7 月 15 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/06/09 7:0 a.m.12 views

2020 年 6 月のセキュリティ更新プログラム (月例)

2020 年 6 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/03/17 7:0 a.m.12 views

[サイバーセキュリティ月間2020] 製品のサポートが終了したらどうなるの?

2020 年 1 月に、広く利用されてきた Windows 7, Windows Server 2008/2008R2 のサポートが終了して既に数か月が過ぎました。サポートが終了す...

1.9AI score
Exploits0
Total number of security vulnerabilities1366