1366 matches found
2019 年 11 月のセキュリティ更新プログラム (月例)
2019 年 11 月 13 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Using Rust in Windows
This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in...
Introducing the ElectionGuard Bounty program
Today we are launching the ElectionGuard Bounty program. In May 2019, we announced the release of ElectionGuard, a free open-source SDK to make voting more secure, transparent, and accessible. ElectionGuard enables end-to-end verification of elections, open results to third-party organizations fo...
Why Rust for safe systems programming
In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represen...
We need a safer systems programming language
In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities assigned a CVE for over a...
July 2019 Security Update Release
We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...
Inside the MSRC – Customer-centric incident response
The Microsoft Security Response Center MSRC is an integral part of Microsoft’s Cyber Defense Operations Center CDOC that brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with dedicated teams 24x7, the CDOC has...
June 2019 security update release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
May 2019 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
Fuzzing para-virtualized devices in Hyper-V
Introduction Introduction Hyper-V is the backbone of Azure, running on its Hosts to provide efficient and fair sharing of resources, but also isolation. That’s why we, in the vulnerability research team for Windows, have been working in the background for years now helping secure Hyper-V. And why...
Recognizing Q4 Top 5 Bounty Hunters
We have tabulated the results from April-June 2018. The Top 5 Bounty Hunters for Q4 are now in. As with our list from Q3, we want to recognize both the leaders in payouts and in number of successful submissions. We appreciate the hard work and dedication of the following individuals and companies...
EMET サポート終了 – Windows Defender Exploitation Guard へ移行を
こんにちは、垣内ゆりかです。 2009 年にリリースされて以来、最先端の攻撃緩和を追加する無償のツールとして、...
2018 年 6 月のセキュリティ更新プログラム (月例)
2018/6/21 更新: 2 件のセキュリティ アドバイザリ ADV180016 および ADV180010 の情報を追加しました。 -------------- 2018 年 6 月 13 日 日本時間、マ...
BlueHat v18 Announced & Call for Papers Opens
We are back! Microsoft is excited to announce the next installment of the BlueHat Security Conference – BlueHat v18. We will be holding the event at Microsoft’s headquarter campus September 25-27, 2018. This year we are adding the option for workshops and networking on the first day prior to the...
2018 年 4 月のセキュリティ更新プログラム (月例)
2018 年 4 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Inside the MSRC– The Monthly Security Update Releases
For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...
Inside the MSRC – How we recognize our researchers
This is the first of a series of blog entries to give some insight into the Microsoft Security Response Center MSRC business and how we work with security researchers and vulnerability reports. The Microsoft Security Response Center actively recognizes those security researchers who help us to...
January 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Windows Defender Advanced Threat Protection で反射型の DLL 読み込みを検出
本記事は、Windows Security のブログ “Detecting reflective DLL loading with Windows Defender ATP” 2017 年 11 月 13 日 米国時間公開...
Windows Defender System Guard でシステムのセキュリティを強化し整合性を維持する
本記事は、Windows Security のブログ “Hardening the system and maintaining integrity with Windows Defender System Guard” 2017 年 10 月 23 日 米国...
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues
The Microsoft Security Response Center MSRC receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause of these issues. In practice, a significant proportion of these reports turn out to be memory...
Extending the Microsoft Office Bounty Program
Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017. This extension is retroactive for any cases submitted during the interim. The engagement we have had with the security community has been great and we are looking to continue that collaboration on...
Moving Beyond EMET II – Windows Defender Exploit Guard
Since we last wrote about the future of EMET and how it relates to Windows 10 back in November 2016 see Moving Beyond EMET, we have received lots of invaluable feedback from EMET customers and enthusiasts regarding the upcoming EMET end of life. Based on that feedback, we are excited to share...
August 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Windows に関する報奨金プログラムの発表
本記事は、Microsoft Security Response Center のブログ “Announcing the Windows Bounty Program” 2017 年 7 月 26 日 米...
Tales from the MSRC: from pixels to POC
Is this thing still on? It’s been a while since we’ve posted to this blog and we think it’s time to start posting deep technical content about Security Research & Defense SRD again. For readers who are new or may have forgotten, this blog is the home of the MSRC Vulnerabilities & Mitigations...
Advanced Threat Analytics プレイブックを使って攻撃をシミュレーションし検出する方法
本記事は、Microsoft Advanced Threat Analytics Team のブログ “How to simulate and detect attacks with the Advanced Threat Analytics Playbook” 2017 年 2 月 23...
March 2017 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Security bulletins were also...
February 2017 security update release
UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some custome...
EMET 5.52 update is now available
EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit EMET and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI...
BlueHat v16 Announced
Microsoft is pleased to announce our sixteenth BlueHat Security Conference set for November 3-4, 2016 at the Microsoft Conference Center here in Redmond. BlueHat is a unique opportunity for Microsoft engineers and the security community to come together learn about the current threat landscape an...
January 2015 Updates
Today, as part of Update Tuesday, we released eight security updates– one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures CVEs in Microsoft Windows. We encourage you to apply all of these updates. For more information about this...
November 2014 Updates
Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures CVEs in Microsoft Windows, Internet Explorer IE, Office, .NET Framework, Internet Information Services IIS,...
Advance Notification Service for the November 2014 Security Bulletin Release
Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet...
The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries
It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work...
Security and policy surrounding bring your own devices (BYOD)
As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device BYOD revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost savin...
Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1
In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we’re releasing a ne...
Microsoft Releases Security Advisory 2896666
Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asi...
Advance Notification Service for October 2013 Security Bulletin Release
Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update...
Heart of Blue Gold – Announcing New Bounty Programs
Our Philosophy At the heart of our community outreach programs, we’ve always had the same philosophy: help increase the win-win between Microsoft’s customers and the security research community. We have evolved and deepened our relationships with this community since the earliest days of...
Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know
On October 14, 2025, Microsoft released a security update addressingCVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, this security update addresses a scenario with a high CVSS score to help encourage mitigation actio...
Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards
Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potenti...
Rising star: Meet Dylan, MSRC’s youngest security researcher
At just 13 years old, Dylan became the youngest security researcher to collaborate with the Microsoft Security Response Center MSRC. His journey into cybersecurity is inspiring—rooted in curiosity, resilience, and a deep desire to make a difference. Early beginnings: From scratch to security...
RedirectionGuard: Mitigating unsafe junction traversal in Windows
As attackers continue to evolve, Microsoft is committed to staying ahead by not only responding to vulnerabilities, but also by anticipating and mitigating entire classes of threats. One such threat, filesystem redirection attacks, has been a persistent vector for privilege escalation. In respons...
Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation
At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot AI Bounty Program. These changes are designed to enhance the program's effectiveness, incentivize...
Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry
Summary Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry ACR. Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target user's session within the compromis...
サイバーセキュリティ月間 2023
政府では、サイバーセキュリティに関する普及啓発強化のため、2 月 1 日から 3 月 18 日までを 「サイバーセキュ...
Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People
As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology...
Microsoft Storage Location における構成の誤りに関する調査
本ブログは、Investigation Regarding Misconfigured Microsoft Storage Locationの抄訳版です。最新の情報は原文を参照し...
潜在的な Service Fabric Explorer (SFX) v1 Web クライアント リスクに関する認識とガイダンス
本ブログは、Awareness and guidance related to potential Service Fabric Explorer SFX v1 web client riskの抄訳版です。最新の情報は原文を参照し...