Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2018/04/10 7:0 a.m.12 views

2018 年 4 月のセキュリティ更新プログラム (月例)

2018 年 4 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2018/02/14 8:0 a.m.12 views

Inside the MSRC– The Monthly Security Update Releases

For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...

0.9AI score
Exploits0
MSRC
MSRC
added 2018/02/02 8:0 a.m.12 views

Inside the MSRC – How we recognize our researchers

This is the first of a series of blog entries to give some insight into the Microsoft Security Response Center MSRC business and how we work with security researchers and vulnerability reports. The Microsoft Security Response Center actively recognizes those security researchers who help us to...

1AI score
Exploits0
MSRC
MSRC
added 2018/01/09 8:0 a.m.12 views

January 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

2.6AI score
Exploits0
MSRC
MSRC
added 2017/12/25 8:0 a.m.12 views

Windows Defender Advanced Threat Protection で反射型の DLL 読み込みを検出

本記事は、Windows Security のブログ “Detecting reflective DLL loading with Windows Defender ATP” 2017 年 11 月 13 日 米国時間公開...

1.9AI score
Exploits0
MSRC
MSRC
added 2017/11/20 8:0 a.m.12 views

Windows Defender System Guard でシステムのセキュリティを強化し整合性を維持する

本記事は、Windows Security のブログ “Hardening the system and maintaining integrity with Windows Defender System Guard” 2017 年 10 月 23 日 米国...

1.5AI score
Exploits0
MSRC
MSRC
added 2017/10/03 7:0 a.m.12 views

VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues

The Microsoft Security Response Center MSRC receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause of these issues. In practice, a significant proportion of these reports turn out to be memory...

1.9AI score
Exploits0
MSRC
MSRC
added 2017/09/15 10:10 p.m.12 views

Extending the Microsoft Office Bounty Program

Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017. This extension is retroactive for any cases submitted during the interim. The engagement we have had with the security community has been great and we are looking to continue that collaboration on...

7.2AI score
Exploits0
MSRC
MSRC
added 2017/09/15 7:0 a.m.12 views

Extending the Microsoft Office Bounty Program

Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017. This extension is retroactive for any cases submitted during the interim. The engagement we have had with the security community has been great and we are looking to continue that collaboration on...

2.5AI score
Exploits0
MSRC
MSRC
added 2017/08/09 7:0 a.m.12 views

Moving Beyond EMET II – Windows Defender Exploit Guard

Since we last wrote about the future of EMET and how it relates to Windows 10 back in November 2016 see Moving Beyond EMET, we have received lots of invaluable feedback from EMET customers and enthusiasts regarding the upcoming EMET end of life. Based on that feedback, we are excited to share...

4.2AI score
Exploits0
MSRC
MSRC
added 2017/08/08 5:2 p.m.12 views

August 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
MSRC
MSRC
added 2017/08/07 7:0 a.m.12 views

Windows に関する報奨金プログラムの発表

本記事は、Microsoft Security Response Center のブログ “Announcing the Windows Bounty Program” 2017 年 7 月 26 日 米...

1.5AI score
Exploits0
MSRC
MSRC
added 2017/06/20 7:0 a.m.12 views

Tales from the MSRC: from pixels to POC

Is this thing still on? It’s been a while since we’ve posted to this blog and we think it’s time to start posting deep technical content about Security Research & Defense SRD again. For readers who are new or may have forgotten, this blog is the home of the MSRC Vulnerabilities & Mitigations...

2AI score
Exploits0
MSRC
MSRC
added 2017/06/13 7:0 a.m.12 views

June 2017 security update release

Microsoft releases additional updates for older platforms to protect against potential nation-state activity Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of...

1AI score
Exploits0
MSRC
MSRC
added 2017/04/03 7:0 a.m.12 views

Advanced Threat Analytics プレイブックを使って攻撃をシミュレーションし検出する方法

本記事は、Microsoft Advanced Threat Analytics Team のブログ “How to simulate and detect attacks with the Advanced Threat Analytics Playbook” 2017 年 2 月 23...

2.2AI score
Exploits0
MSRC
MSRC
added 2017/02/14 8:0 a.m.12 views

February 2017 security update release

UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some custome...

1.8AI score
Exploits0
MSRC
MSRC
added 2017/01/12 8:0 a.m.12 views

EMET 5.52 update is now available

EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit EMET and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI...

6.9AI score
Exploits0
MSRC
MSRC
added 2015/04/22 7:0 a.m.12 views

Microsoft Bounty Programs Expansion – Azure and Project Spartan

Update 2/22/17: Removed Guest-to-Host DoS non-distributed, from a single guest from Hyper-V escape bounty list. I am excited to announce significant expansions to the Microsoft Bounty Programs. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updati...

7.2AI score
Exploits0
MSRC
MSRC
added 2015/01/13 8:0 a.m.12 views

January 2015 Updates

Today, as part of Update Tuesday, we released eight security updates– one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures CVEs in Microsoft Windows. We encourage you to apply all of these updates. For more information about this...

6.7AI score
Exploits0
MSRC
MSRC
added 2014/11/11 8:0 a.m.12 views

November 2014 Updates

Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures CVEs in Microsoft Windows, Internet Explorer IE, Office, .NET Framework, Internet Information Services IIS,...

7AI score
Exploits0
MSRC
MSRC
added 2014/11/06 8:0 a.m.12 views

Advance Notification Service for the November 2014 Security Bulletin Release

Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet...

7.1AI score
Exploits0
MSRC
MSRC
added 2014/04/02 7:0 a.m.12 views

The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries

It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/11/26 8:0 a.m.12 views

Security and policy surrounding bring your own devices (BYOD)

As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device BYOD revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost savin...

7.1AI score
Exploits0
MSRC
MSRC
added 2013/11/12 8:0 a.m.12 views

Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1

In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we’re releasing a ne...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/10/02 7:0 a.m.12 views

Advance Notification Service for October 2013 Security Bulletin Release

Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update...

7.1AI score
Exploits0
MSRC
MSRC
added 2013/06/19 7:0 a.m.12 views

Heart of Blue Gold – Announcing New Bounty Programs

Our Philosophy At the heart of our community outreach programs, we’ve always had the same philosophy: help increase the win-win between Microsoft’s customers and the security research community. We have evolved and deepened our relationships with this community since the earliest days of...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/05/28 7:0 a.m.13 views

A few more days before EMET 4

On May 8th, we announced that EMET 4 would have been released today, May 28th. Since that day, we had additional feedback and we are working on a few things that are requiring a little bit more time than expected. This considered, we are not releasing EMET 4 today, and we will take a few more day...

7AI score
Exploits0
MSRC
MSRC
added 2026/05/27 12:0 a.m.11 views

A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure

In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk...

5.8AI score
Exploits0
MSRC
MSRC
added 2025/10/28 12:0 a.m.11 views

Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know

On October 14, 2025, Microsoft released a security update addressingCVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, this security update addresses a scenario with a high CVSS score to help encourage mitigation actio...

9.9CVSS6.9AI score0.66258EPSS
Exploits5
MSRC
MSRC
added 2025/08/04 7:0 a.m.11 views

Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards

Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potenti...

7.4AI score
Exploits0
MSRC
MSRC
added 2025/07/01 7:0 a.m.11 views

Rising star: Meet Dylan, MSRC’s youngest security researcher

At just 13 years old, Dylan became the youngest security researcher to collaborate with the Microsoft Security Response Center MSRC. His journey into cybersecurity is inspiring—rooted in curiosity, resilience, and a deep desire to make a difference. Early beginnings: From scratch to security...

7.3AI score
Exploits0
MSRC
MSRC
added 2025/02/07 8:0 a.m.11 views

Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation

At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot AI Bounty Program. These changes are designed to enhance the program's effectiveness, incentivize...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/06/14 7:0 a.m.11 views

Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry

Summary Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry ACR. Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target user's session within the compromis...

7AI score
Exploits0
MSRC
MSRC
added 2023/01/31 8:0 a.m.11 views

サイバーセキュリティ月間 2023

政府では、サイバーセキュリティに関する普及啓発強化のため、2 月 1 日から 3 月 18 日までを 「サイバーセキュ...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/10/31 7:0 a.m.11 views

Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People

As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology...

1.9AI score
Exploits0
MSRC
MSRC
added 2022/10/19 7:0 a.m.11 views

Microsoft Storage Location における構成の誤りに関する調査

本ブログは、Investigation Regarding Misconfigured Microsoft Storage Locationの抄訳版です。最新の情報は原文を参照し...

1.2AI score
Exploits0
MSRC
MSRC
added 2022/10/19 7:0 a.m.11 views

潜在的な Service Fabric Explorer (SFX) v1 Web クライアント リスクに関する認識とガイダンス

本ブログは、Awareness and guidance related to potential Service Fabric Explorer SFX v1 web client riskの抄訳版です。最新の情報は原文を参照し...

2.3AI score
Exploits0
MSRC
MSRC
added 2022/09/07 7:0 a.m.11 views

Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez

When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru Previous Job roles : Mopped floors for McDonalds, packed boxes at an Avon warehouse, Manager at Olive Garden, Beer taster/server and then...

3.7AI score
Exploits0
MSRC
MSRC
added 2022/08/09 7:0 a.m.11 views

Security Update Guide Notification System News: Create your profile now

Sharing information through the Security Update Guide SUG is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers to receive email notifications about new Microsoft product...

0.9AI score
Exploits0
MSRC
MSRC
added 2022/08/08 7:0 a.m.11 views

Microsoft Office to publish symbols starting August 2022

We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve security and performance for customers and partners. Key...

3.2AI score
Exploits0
MSRC
MSRC
added 2022/07/12 7:0 a.m.11 views

Microsoft Mitigates Azure Site Recovery Vulnerabilities

Summary Summary Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery ASR and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect all ASR on-premises customers using a VMware/Physical to Azure scenario and are fixed in th...

3.3AI score
Exploits0
MSRC
MSRC
added 2022/06/30 7:0 a.m.11 views

Service Fabric におけるLinux 上のコンテナ化されたワークロードからの特権昇格について

本ブログは、 Service Fabric Privilege Escalation from Containerized Workloads on Linux の抄訳版です。最新の情報は原文を参照してください。 協調的な脆弱性の公開...

2.9AI score
Exploits0
MSRC
MSRC
added 2022/05/13 7:0 a.m.11 views

Anatomy of a Security Update

The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provid...

2.8AI score
Exploits0
MSRC
MSRC
added 2022/03/31 7:0 a.m.11 views

Increasing Representation of Women in Security Research

Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a part of the journey. Throughout Womens History Month we intentionally sought opportunities to engage with women...

Exploits0
MSRC
MSRC
added 2021/12/14 8:0 a.m.11 views

[IT 管理者むけ] Active Directoryのセキュリティ強化への対応をご確認ください

2021 年 11 月以降のセキュリティ更新プログラムには、脆弱性を解決するために、Active Directory における 4 件のセ...

1.3AI score
Exploits0
MSRC
MSRC
added 2021/11/09 8:0 a.m.11 views

2021 年 11 月のセキュリティ更新プログラム (月例)

2021 年 11 月 10 日 日本時間、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/08/27 7:0 a.m.11 views

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key. We mitigated the vulnerability immediately. Our...

7.5AI score
Exploits0
MSRC
MSRC
added 2021/08/19 7:0 a.m.11 views

Announcing the Launch of the Azure SSRF Security Research Challenge

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery SSRF Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft...

1.1AI score
Exploits0
MSRC
MSRC
added 2021/08/10 7:0 a.m.11 views

2021 年 8 月のセキュリティ更新プログラム (月例)

2021 年 8 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/08/10 7:0 a.m.11 views

Point and Print Default Behavior Change

Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changi...

7.1AI score
Exploits0
Total number of security vulnerabilities1366