1366 matches found
2018 年 4 月のセキュリティ更新プログラム (月例)
2018 年 4 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Inside the MSRC– The Monthly Security Update Releases
For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...
Inside the MSRC – How we recognize our researchers
This is the first of a series of blog entries to give some insight into the Microsoft Security Response Center MSRC business and how we work with security researchers and vulnerability reports. The Microsoft Security Response Center actively recognizes those security researchers who help us to...
January 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Windows Defender Advanced Threat Protection で反射型の DLL 読み込みを検出
本記事は、Windows Security のブログ “Detecting reflective DLL loading with Windows Defender ATP” 2017 年 11 月 13 日 米国時間公開...
Windows Defender System Guard でシステムのセキュリティを強化し整合性を維持する
本記事は、Windows Security のブログ “Hardening the system and maintaining integrity with Windows Defender System Guard” 2017 年 10 月 23 日 米国...
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues
The Microsoft Security Response Center MSRC receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause of these issues. In practice, a significant proportion of these reports turn out to be memory...
Extending the Microsoft Office Bounty Program
Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017. This extension is retroactive for any cases submitted during the interim. The engagement we have had with the security community has been great and we are looking to continue that collaboration on...
Extending the Microsoft Office Bounty Program
Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017. This extension is retroactive for any cases submitted during the interim. The engagement we have had with the security community has been great and we are looking to continue that collaboration on...
Moving Beyond EMET II – Windows Defender Exploit Guard
Since we last wrote about the future of EMET and how it relates to Windows 10 back in November 2016 see Moving Beyond EMET, we have received lots of invaluable feedback from EMET customers and enthusiasts regarding the upcoming EMET end of life. Based on that feedback, we are excited to share...
August 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Windows に関する報奨金プログラムの発表
本記事は、Microsoft Security Response Center のブログ “Announcing the Windows Bounty Program” 2017 年 7 月 26 日 米...
Tales from the MSRC: from pixels to POC
Is this thing still on? It’s been a while since we’ve posted to this blog and we think it’s time to start posting deep technical content about Security Research & Defense SRD again. For readers who are new or may have forgotten, this blog is the home of the MSRC Vulnerabilities & Mitigations...
June 2017 security update release
Microsoft releases additional updates for older platforms to protect against potential nation-state activity Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of...
Advanced Threat Analytics プレイブックを使って攻撃をシミュレーションし検出する方法
本記事は、Microsoft Advanced Threat Analytics Team のブログ “How to simulate and detect attacks with the Advanced Threat Analytics Playbook” 2017 年 2 月 23...
February 2017 security update release
UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some custome...
EMET 5.52 update is now available
EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit EMET and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI...
Microsoft Bounty Programs Expansion – Azure and Project Spartan
Update 2/22/17: Removed Guest-to-Host DoS non-distributed, from a single guest from Hyper-V escape bounty list. I am excited to announce significant expansions to the Microsoft Bounty Programs. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updati...
January 2015 Updates
Today, as part of Update Tuesday, we released eight security updates– one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures CVEs in Microsoft Windows. We encourage you to apply all of these updates. For more information about this...
November 2014 Updates
Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures CVEs in Microsoft Windows, Internet Explorer IE, Office, .NET Framework, Internet Information Services IIS,...
Advance Notification Service for the November 2014 Security Bulletin Release
Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet...
The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries
It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work...
Security and policy surrounding bring your own devices (BYOD)
As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device BYOD revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost savin...
Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1
In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we’re releasing a ne...
Advance Notification Service for October 2013 Security Bulletin Release
Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update...
Heart of Blue Gold – Announcing New Bounty Programs
Our Philosophy At the heart of our community outreach programs, we’ve always had the same philosophy: help increase the win-win between Microsoft’s customers and the security research community. We have evolved and deepened our relationships with this community since the earliest days of...
A few more days before EMET 4
On May 8th, we announced that EMET 4 would have been released today, May 28th. Since that day, we had additional feedback and we are working on a few things that are requiring a little bit more time than expected. This considered, we are not releasing EMET 4 today, and we will take a few more day...
A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure
In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk...
Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know
On October 14, 2025, Microsoft released a security update addressingCVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, this security update addresses a scenario with a high CVSS score to help encourage mitigation actio...
Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards
Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potenti...
Rising star: Meet Dylan, MSRC’s youngest security researcher
At just 13 years old, Dylan became the youngest security researcher to collaborate with the Microsoft Security Response Center MSRC. His journey into cybersecurity is inspiring—rooted in curiosity, resilience, and a deep desire to make a difference. Early beginnings: From scratch to security...
Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation
At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot AI Bounty Program. These changes are designed to enhance the program's effectiveness, incentivize...
Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry
Summary Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry ACR. Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target user's session within the compromis...
サイバーセキュリティ月間 2023
政府では、サイバーセキュリティに関する普及啓発強化のため、2 月 1 日から 3 月 18 日までを 「サイバーセキュ...
Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People
As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology...
Microsoft Storage Location における構成の誤りに関する調査
本ブログは、Investigation Regarding Misconfigured Microsoft Storage Locationの抄訳版です。最新の情報は原文を参照し...
潜在的な Service Fabric Explorer (SFX) v1 Web クライアント リスクに関する認識とガイダンス
本ブログは、Awareness and guidance related to potential Service Fabric Explorer SFX v1 web client riskの抄訳版です。最新の情報は原文を参照し...
Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez
When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru Previous Job roles : Mopped floors for McDonalds, packed boxes at an Avon warehouse, Manager at Olive Garden, Beer taster/server and then...
Security Update Guide Notification System News: Create your profile now
Sharing information through the Security Update Guide SUG is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers to receive email notifications about new Microsoft product...
Microsoft Office to publish symbols starting August 2022
We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve security and performance for customers and partners. Key...
Microsoft Mitigates Azure Site Recovery Vulnerabilities
Summary Summary Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery ASR and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect all ASR on-premises customers using a VMware/Physical to Azure scenario and are fixed in th...
Service Fabric におけるLinux 上のコンテナ化されたワークロードからの特権昇格について
本ブログは、 Service Fabric Privilege Escalation from Containerized Workloads on Linux の抄訳版です。最新の情報は原文を参照してください。 協調的な脆弱性の公開...
Anatomy of a Security Update
The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provid...
Increasing Representation of Women in Security Research
Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a part of the journey. Throughout Womens History Month we intentionally sought opportunities to engage with women...
[IT 管理者むけ] Active Directoryのセキュリティ強化への対応をご確認ください
2021 年 11 月以降のセキュリティ更新プログラムには、脆弱性を解決するために、Active Directory における 4 件のセ...
2021 年 11 月のセキュリティ更新プログラム (月例)
2021 年 11 月 10 日 日本時間、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...
Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature
On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key. We mitigated the vulnerability immediately. Our...
Announcing the Launch of the Azure SSRF Security Research Challenge
Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery SSRF Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft...
2021 年 8 月のセキュリティ更新プログラム (月例)
2021 年 8 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Point and Print Default Behavior Change
Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changi...