Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2019/11/12 8:0 a.m.12 views

2019 年 11 月のセキュリティ更新プログラム (月例)

2019 年 11 月 13 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/11/07 8:0 a.m.12 views

Using Rust in Windows

This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in...

2.7AI score
Exploits0
MSRC
MSRC
added 2019/10/18 7:0 a.m.12 views

Introducing the ElectionGuard Bounty program

Today we are launching the ElectionGuard Bounty program. In May 2019, we announced the release of ElectionGuard, a free open-source SDK to make voting more secure, transparent, and accessible. ElectionGuard enables end-to-end verification of elections, open results to third-party organizations fo...

3.1AI score
Exploits0
MSRC
MSRC
added 2019/07/22 7:0 a.m.12 views

Why Rust for safe systems programming

In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represen...

7.4AI score
Exploits0
MSRC
MSRC
added 2019/07/18 7:0 a.m.12 views

We need a safer systems programming language

In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities assigned a CVE for over a...

2.1AI score
Exploits0
MSRC
MSRC
added 2019/07/09 7:0 a.m.12 views

July 2019 Security Update Release

We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...

6.7AI score
Exploits0
MSRC
MSRC
added 2019/06/25 7:0 a.m.12 views

Inside the MSRC – Customer-centric incident response

The Microsoft Security Response Center MSRC is an integral part of Microsoft’s Cyber Defense Operations Center CDOC that brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with dedicated teams 24x7, the CDOC has...

0.4AI score
Exploits0
MSRC
MSRC
added 2019/06/11 5:0 p.m.12 views

June 2019 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

2.9AI score
Exploits0
MSRC
MSRC
added 2019/05/14 7:0 a.m.12 views

May 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

3AI score
Exploits0
MSRC
MSRC
added 2019/01/28 8:0 a.m.12 views

Fuzzing para-virtualized devices in Hyper-V

Introduction Introduction Hyper-V is the backbone of Azure, running on its Hosts to provide efficient and fair sharing of resources, but also isolation. That’s why we, in the vulnerability research team for Windows, have been working in the background for years now helping secure Hyper-V. And why...

2.6AI score
Exploits0
MSRC
MSRC
added 2018/07/26 7:0 a.m.12 views

Recognizing Q4 Top 5 Bounty Hunters

We have tabulated the results from April-June 2018. The Top 5 Bounty Hunters for Q4 are now in. As with our list from Q3, we want to recognize both the leaders in payouts and in number of successful submissions. We appreciate the hard work and dedication of the following individuals and companies...

2.7AI score
Exploits0
MSRC
MSRC
added 2018/07/18 7:0 a.m.12 views

EMET サポート終了 – Windows Defender Exploitation Guard へ移行を

こんにちは、垣内ゆりかです。 2009 年にリリースされて以来、最先端の攻撃緩和を追加する無償のツールとして、...

2.4AI score
Exploits0
MSRC
MSRC
added 2018/06/12 7:0 a.m.12 views

2018 年 6 月のセキュリティ更新プログラム (月例)

2018/6/21 更新: 2 件のセキュリティ アドバイザリ ADV180016 および ADV180010 の情報を追加しました。 -------------- 2018 年 6 月 13 日 日本時間、マ...

0.3AI score
Exploits0
MSRC
MSRC
added 2018/05/04 7:0 a.m.12 views

BlueHat v18 Announced & Call for Papers Opens

We are back! Microsoft is excited to announce the next installment of the BlueHat Security Conference – BlueHat v18. We will be holding the event at Microsoft’s headquarter campus September 25-27, 2018. This year we are adding the option for workshops and networking on the first day prior to the...

1.4AI score
Exploits0
MSRC
MSRC
added 2018/04/10 7:0 a.m.12 views

2018 年 4 月のセキュリティ更新プログラム (月例)

2018 年 4 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2018/02/14 8:0 a.m.12 views

Inside the MSRC– The Monthly Security Update Releases

For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...

0.9AI score
Exploits0
MSRC
MSRC
added 2018/02/02 8:0 a.m.12 views

Inside the MSRC – How we recognize our researchers

This is the first of a series of blog entries to give some insight into the Microsoft Security Response Center MSRC business and how we work with security researchers and vulnerability reports. The Microsoft Security Response Center actively recognizes those security researchers who help us to...

1AI score
Exploits0
MSRC
MSRC
added 2018/01/09 8:0 a.m.12 views

January 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

2.6AI score
Exploits0
MSRC
MSRC
added 2017/12/25 8:0 a.m.12 views

Windows Defender Advanced Threat Protection で反射型の DLL 読み込みを検出

本記事は、Windows Security のブログ “Detecting reflective DLL loading with Windows Defender ATP” 2017 年 11 月 13 日 米国時間公開...

1.9AI score
Exploits0
MSRC
MSRC
added 2017/11/20 8:0 a.m.12 views

Windows Defender System Guard でシステムのセキュリティを強化し整合性を維持する

本記事は、Windows Security のブログ “Hardening the system and maintaining integrity with Windows Defender System Guard” 2017 年 10 月 23 日 米国...

1.5AI score
Exploits0
MSRC
MSRC
added 2017/10/03 7:0 a.m.12 views

VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues

The Microsoft Security Response Center MSRC receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause of these issues. In practice, a significant proportion of these reports turn out to be memory...

1.9AI score
Exploits0
MSRC
MSRC
added 2017/09/15 10:10 p.m.12 views

Extending the Microsoft Office Bounty Program

Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017. This extension is retroactive for any cases submitted during the interim. The engagement we have had with the security community has been great and we are looking to continue that collaboration on...

7.2AI score
Exploits0
MSRC
MSRC
added 2017/08/09 7:0 a.m.12 views

Moving Beyond EMET II – Windows Defender Exploit Guard

Since we last wrote about the future of EMET and how it relates to Windows 10 back in November 2016 see Moving Beyond EMET, we have received lots of invaluable feedback from EMET customers and enthusiasts regarding the upcoming EMET end of life. Based on that feedback, we are excited to share...

4.2AI score
Exploits0
MSRC
MSRC
added 2017/08/08 5:2 p.m.12 views

August 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
MSRC
MSRC
added 2017/08/07 7:0 a.m.12 views

Windows に関する報奨金プログラムの発表

本記事は、Microsoft Security Response Center のブログ “Announcing the Windows Bounty Program” 2017 年 7 月 26 日 米...

1.5AI score
Exploits0
MSRC
MSRC
added 2017/06/20 7:0 a.m.12 views

Tales from the MSRC: from pixels to POC

Is this thing still on? It’s been a while since we’ve posted to this blog and we think it’s time to start posting deep technical content about Security Research & Defense SRD again. For readers who are new or may have forgotten, this blog is the home of the MSRC Vulnerabilities & Mitigations...

2AI score
Exploits0
MSRC
MSRC
added 2017/04/03 7:0 a.m.12 views

Advanced Threat Analytics プレイブックを使って攻撃をシミュレーションし検出する方法

本記事は、Microsoft Advanced Threat Analytics Team のブログ “How to simulate and detect attacks with the Advanced Threat Analytics Playbook” 2017 年 2 月 23...

2.2AI score
Exploits0
MSRC
MSRC
added 2017/03/14 7:0 a.m.12 views

March 2017 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Security bulletins were also...

6.8AI score
Exploits0
MSRC
MSRC
added 2017/02/14 8:0 a.m.12 views

February 2017 security update release

UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some custome...

1.8AI score
Exploits0
MSRC
MSRC
added 2017/01/12 8:0 a.m.12 views

EMET 5.52 update is now available

EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit EMET and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI...

6.9AI score
Exploits0
MSRC
MSRC
added 2016/06/01 7:0 a.m.12 views

BlueHat v16 Announced

Microsoft is pleased to announce our sixteenth BlueHat Security Conference set for November 3-4, 2016 at the Microsoft Conference Center here in Redmond. BlueHat is a unique opportunity for Microsoft engineers and the security community to come together learn about the current threat landscape an...

6.8AI score
Exploits0
MSRC
MSRC
added 2015/01/13 8:0 a.m.12 views

January 2015 Updates

Today, as part of Update Tuesday, we released eight security updates– one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures CVEs in Microsoft Windows. We encourage you to apply all of these updates. For more information about this...

6.7AI score
Exploits0
MSRC
MSRC
added 2014/11/11 8:0 a.m.12 views

November 2014 Updates

Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures CVEs in Microsoft Windows, Internet Explorer IE, Office, .NET Framework, Internet Information Services IIS,...

7AI score
Exploits0
MSRC
MSRC
added 2014/11/06 8:0 a.m.12 views

Advance Notification Service for the November 2014 Security Bulletin Release

Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet...

7.1AI score
Exploits0
MSRC
MSRC
added 2014/04/02 7:0 a.m.12 views

The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries

It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/11/26 8:0 a.m.12 views

Security and policy surrounding bring your own devices (BYOD)

As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device BYOD revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost savin...

7.1AI score
Exploits0
MSRC
MSRC
added 2013/11/12 8:0 a.m.12 views

Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1

In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we’re releasing a ne...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/11/05 8:0 a.m.12 views

Microsoft Releases Security Advisory 2896666

Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asi...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/10/02 7:0 a.m.12 views

Advance Notification Service for October 2013 Security Bulletin Release

Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update...

7.1AI score
Exploits0
MSRC
MSRC
added 2013/06/19 7:0 a.m.12 views

Heart of Blue Gold – Announcing New Bounty Programs

Our Philosophy At the heart of our community outreach programs, we’ve always had the same philosophy: help increase the win-win between Microsoft’s customers and the security research community. We have evolved and deepened our relationships with this community since the earliest days of...

6.9AI score
Exploits0
MSRC
MSRC
added 2025/10/28 12:0 a.m.11 views

Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know

On October 14, 2025, Microsoft released a security update addressingCVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, this security update addresses a scenario with a high CVSS score to help encourage mitigation actio...

9.9CVSS6.9AI score0.66258EPSS
Exploits5
MSRC
MSRC
added 2025/08/04 7:0 a.m.11 views

Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards

Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potenti...

7.4AI score
Exploits0
MSRC
MSRC
added 2025/07/01 7:0 a.m.11 views

Rising star: Meet Dylan, MSRC’s youngest security researcher

At just 13 years old, Dylan became the youngest security researcher to collaborate with the Microsoft Security Response Center MSRC. His journey into cybersecurity is inspiring—rooted in curiosity, resilience, and a deep desire to make a difference. Early beginnings: From scratch to security...

7.3AI score
Exploits0
MSRC
MSRC
added 2025/06/25 7:0 a.m.11 views

RedirectionGuard: Mitigating unsafe junction traversal in Windows

As attackers continue to evolve, Microsoft is committed to staying ahead by not only responding to vulnerabilities, but also by anticipating and mitigating entire classes of threats. One such threat, filesystem redirection attacks, has been a persistent vector for privilege escalation. In respons...

7.3AI score
Exploits0
MSRC
MSRC
added 2025/02/07 8:0 a.m.11 views

Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation

At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot AI Bounty Program. These changes are designed to enhance the program's effectiveness, incentivize...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/06/14 7:0 a.m.11 views

Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry

Summary Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry ACR. Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target user's session within the compromis...

7AI score
Exploits0
MSRC
MSRC
added 2023/01/31 8:0 a.m.11 views

サイバーセキュリティ月間 2023

政府では、サイバーセキュリティに関する普及啓発強化のため、2 月 1 日から 3 月 18 日までを 「サイバーセキュ...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/10/31 7:0 a.m.11 views

Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People

As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology...

1.9AI score
Exploits0
MSRC
MSRC
added 2022/10/19 7:0 a.m.11 views

Microsoft Storage Location における構成の誤りに関する調査

本ブログは、Investigation Regarding Misconfigured Microsoft Storage Locationの抄訳版です。最新の情報は原文を参照し...

1.2AI score
Exploits0
MSRC
MSRC
added 2022/10/19 7:0 a.m.11 views

潜在的な Service Fabric Explorer (SFX) v1 Web クライアント リスクに関する認識とガイダンス

本ブログは、Awareness and guidance related to potential Service Fabric Explorer SFX v1 web client riskの抄訳版です。最新の情報は原文を参照し...

2.3AI score
Exploits0
Total number of security vulnerabilities1366