Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2025/02/07 8:0 a.m.11 views

Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation

At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot AI Bounty Program. These changes are designed to enhance the program's effectiveness, incentivize...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/06/14 7:0 a.m.11 views

Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry

Summary Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry ACR. Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target user's session within the compromis...

7AI score
Exploits0
MSRC
MSRC
added 2022/10/31 7:0 a.m.11 views

Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People

As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology...

1.9AI score
Exploits0
MSRC
MSRC
added 2022/10/19 7:0 a.m.11 views

Microsoft Storage Location における構成の誤りに関する調査

本ブログは、Investigation Regarding Misconfigured Microsoft Storage Locationの抄訳版です。最新の情報は原文を参照し...

1.2AI score
Exploits0
MSRC
MSRC
added 2022/10/19 7:0 a.m.11 views

潜在的な Service Fabric Explorer (SFX) v1 Web クライアント リスクに関する認識とガイダンス

本ブログは、Awareness and guidance related to potential Service Fabric Explorer SFX v1 web client riskの抄訳版です。最新の情報は原文を参照し...

2.3AI score
Exploits0
MSRC
MSRC
added 2022/09/07 7:0 a.m.11 views

Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez

When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru Previous Job roles : Mopped floors for McDonalds, packed boxes at an Avon warehouse, Manager at Olive Garden, Beer taster/server and then...

3.7AI score
Exploits0
MSRC
MSRC
added 2022/08/09 7:0 a.m.11 views

Security Update Guide Notification System News: Create your profile now

Sharing information through the Security Update Guide SUG is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers to receive email notifications about new Microsoft product...

0.9AI score
Exploits0
MSRC
MSRC
added 2022/07/12 7:0 a.m.11 views

Microsoft Mitigates Azure Site Recovery Vulnerabilities

Summary Summary Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery ASR and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect all ASR on-premises customers using a VMware/Physical to Azure scenario and are fixed in th...

3.3AI score
Exploits0
MSRC
MSRC
added 2022/05/13 7:0 a.m.11 views

Anatomy of a Security Update

The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provid...

2.8AI score
Exploits0
MSRC
MSRC
added 2022/03/31 7:0 a.m.11 views

Increasing Representation of Women in Security Research

Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a part of the journey. Throughout Womens History Month we intentionally sought opportunities to engage with women...

Exploits0
MSRC
MSRC
added 2021/12/14 8:0 a.m.11 views

[IT 管理者むけ] Active Directoryのセキュリティ強化への対応をご確認ください

2021 年 11 月以降のセキュリティ更新プログラムには、脆弱性を解決するために、Active Directory における 4 件のセ...

1.3AI score
Exploits0
MSRC
MSRC
added 2021/11/09 8:0 a.m.11 views

2021 年 11 月のセキュリティ更新プログラム (月例)

2021 年 11 月 10 日 日本時間、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/08/27 7:0 a.m.11 views

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key. We mitigated the vulnerability immediately. Our...

7.5AI score
Exploits0
MSRC
MSRC
added 2021/08/19 7:0 a.m.11 views

Announcing the Launch of the Azure SSRF Security Research Challenge

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery SSRF Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft...

1.1AI score
Exploits0
MSRC
MSRC
added 2021/08/10 7:0 a.m.11 views

Point and Print Default Behavior Change

Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changi...

7.1AI score
Exploits0
MSRC
MSRC
added 2021/03/07 8:0 a.m.11 views

Exchange Server の脆弱性の緩和策

「Microsoft Exchange Server Vulnerabilities Mitigations – March 2021」の日本語抄訳です。 マイクロソフトは先週公開したブログにて、...

2AI score
Exploits0
MSRC
MSRC
added 2021/01/12 8:0 a.m.11 views

2021 年 1 月のセキュリティ更新プログラム (月例)

2021 年 1 月 13 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/12/31 8:0 a.m.11 views

Microsoft Internal Solorigate Investigation Update

As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Like other SolarWinds customers, we have been actively looking for indicators of the Solorigate actor and want ...

2.8AI score
Exploits0
MSRC
MSRC
added 2020/11/09 8:0 a.m.11 views

新しいセキュリティ更新プログラム ガイドでの脆弱性情報の詳細

新しいバージョンのセキュリティ更新プログラムについては下記の関連ブログもご覧ください。 「新しいセキュ...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/11/09 8:0 a.m.11 views

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

2.8AI score
Exploits0
MSRC
MSRC
added 2020/10/22 7:0 a.m.11 views

Microsoft Digital Defense Report でサイバーセキュリティの動向を知る

2020 年 9 月マイクロソフトは、昨年のサイバーセキュリティの動向を網羅した「Microsoft Digital Defense Repo...

0.9AI score
Exploits0
MSRC
MSRC
added 2020/09/21 7:0 a.m.11 views

New and improved Security Update Guide!

We’re excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or...

6.6AI score
Exploits0
MSRC
MSRC
added 2020/07/24 7:0 a.m.11 views

Updates to the Windows Insider Preview Bounty Program

Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to encourage and reward vulnerability research focused on the highest impact to customer security. The...

6.9AI score
Exploits0
MSRC
MSRC
added 2020/05/05 7:0 a.m.11 views

Azure Sphere Security Research Challenge Now Open

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new researc...

1.2AI score
Exploits0
MSRC
MSRC
added 2020/04/23 7:0 a.m.11 views

Congratulating Our Top 2020 Q1 Security Researchers!

Following the second Security Researcher Quarterly Leaderboard and the 2020 MSRC Most Valuable Security Researchers criteria we published in February 2020, we are excited to announce the 2020 First Quarter Q1 Security Researcher Leaderboard, listing our top contributing researchers for the last...

2.4AI score
Exploits0
MSRC
MSRC
added 2020/03/10 7:0 a.m.11 views

March 2020 security updates are available

We have released the March security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...

3.1AI score
Exploits0
MSRC
MSRC
added 2020/02/25 8:0 a.m.11 views

[サイバーセキュリティ月間2020] マイクロソフト セキュリティパッチのきほん④

マイクロソフトでは、毎月第二火曜日を月例のセキュリティ更新日とし、さまざまな製品の脆弱性情報を公開し...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/11/20 8:0 a.m.11 views

Customer Guidance for the Dopplepaymer Ransomware

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymerransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP BlueKeep, as ways in which this malware spreads. Our security research teams have investigated and...

1.9AI score
Exploits0
MSRC
MSRC
added 2019/10/16 7:0 a.m.11 views

An intern's experience with Rust

Over the course of my internship at the Microsoft Security Response Center MSRC, I worked on the safe systems programming languages SSPL team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical...

7.4AI score
Exploits0
MSRC
MSRC
added 2019/10/08 7:0 a.m.11 views

Designing a COM library for Rust

I interned with Microsoft as a Software Engineering Intern in the MSRC UK team in Cheltenham this past summer. I worked in the Safe Systems Programming Language SSPL group, which explores safe programming languages as a proactive measure against memory-safety related vulnerabilities. This blog po...

7AI score
Exploits0
MSRC
MSRC
added 2019/10/08 7:0 a.m.11 views

2019 年 10 月のセキュリティ更新プログラム (月例)

2019 年 10 月 9 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/08/05 7:0 a.m.11 views

Corporate IoT - a path to intrusion

Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable,...

6.9AI score
Exploits0
MSRC
MSRC
added 2019/07/25 7:0 a.m.11 views

Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP)

Today we announce the top organizational candidates for Vulnerability Top Contributors, Threat Indicator Top Submitters, and Zero-Day Top Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through...

2.3AI score
Exploits0
MSRC
MSRC
added 2019/07/17 7:0 a.m.11 views

Announcing the Microsoft Dynamics 365 Bounty program

One of Microsoft’s many security investments to protect customers is in the partnerships we build with the external security research community. We are excited to announce the launch of theDynamics 365 Bounty program and welcome researchers to seek out and disclose any high impact vulnerabilities...

0.9AI score
Exploits0
MSRC
MSRC
added 2019/07/17 7:0 a.m.11 views

Announcing the Microsoft Dynamics 365 Bounty program

One of Microsoft’s many security investments to protect customers is in the partnerships we build with the external security research community. We are excited to announce the launch of theDynamics 365 Bounty program and welcome researchers to seek out and disclose any high impact vulnerabilities...

7AI score
Exploits0
MSRC
MSRC
added 2019/03/12 7:0 a.m.11 views

2019 年 3 月のセキュリティ更新プログラム (月例)

2019 年 3 月 13 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/01/23 8:0 a.m.11 views

Microsoft’s Cyber Defense Operations Center shares best practices

Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state o...

2.4AI score
Exploits0
MSRC
MSRC
added 2018/11/13 8:0 a.m.11 views

November 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

3AI score
Exploits0
MSRC
MSRC
added 2018/11/12 8:0 a.m.11 views

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

6.8AI score
Exploits0
MSRC
MSRC
added 2018/10/25 7:0 a.m.11 views

更新プログラムが正しくインストールされたかを確認する方法 – Windows 10 の場合

本ブログ記事は初級レベルから中級レベルのコンピューター ユーザーを対象にしています。 Windows 8.1 をお使いのお客...

1.8AI score
Exploits0
MSRC
MSRC
added 2018/10/23 7:0 a.m.11 views

セキュリティ更新プログラム リリース スケジュール (2019 年)

2018 年のリリース スケジュールは「セキュリティ更新プログラム リリース スケジュール 2018 年」をご覧ください。...

0.3AI score
Exploits0
MSRC
MSRC
added 2018/09/12 7:0 a.m.11 views

[セキュリティ基本対策 5 か条] 第 1 条 最新の状態で利用する

注: この内容は一般の方を対象とした記述にしています。 今日はセキュリティ基本対策 5 か条の第 1 条「最新の...

0.3AI score
Exploits0
MSRC
MSRC
added 2018/08/30 7:0 a.m.11 views

2018 年 10 月 Office 365 で TLS 1.0, 1.1 での接続無効化。 最終確認を!

こんにちは、垣内ゆりかです。 マイクロソフトでは、Transport Layer Security TLS 1.0, 1.1 の利用を廃止し、より安全...

0.9AI score
Exploits0
MSRC
MSRC
added 2018/08/01 7:0 a.m.11 views

The Making of the Top 100 Researcher List

At Black Hat USA each year, we unveil the Top 100 Security Researcher list to reflect the amazing engagement we get from the community. During this period, we had several thousand researchers engage with the Microsoft Security Response Center MSRC. We appreciate all the partnership and coordinati...

1.3AI score
Exploits0
MSRC
MSRC
added 2018/07/10 7:0 a.m.11 views

2018 年 7 月のセキュリティ更新プログラム (月例)

2018 年 7 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2018/04/20 7:0 a.m.11 views

Recognizing Q3 Top 5 Bounty Hunters

Throughout the year, security researchers submit some amazing work to us under the Microsoft Bug Bounty program. Starting this quarter, we want to give a shout out to and acknowledge the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft...

6.8AI score
Exploits0
MSRC
MSRC
added 2018/04/10 7:0 a.m.11 views

April 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

2.6AI score
Exploits0
MSRC
MSRC
added 2018/03/13 7:0 a.m.11 views

March 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

2.5AI score
Exploits0
MSRC
MSRC
added 2018/01/09 8:0 a.m.11 views

January 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

7AI score
Exploits0
MSRC
MSRC
added 2017/12/25 8:0 a.m.11 views

未更新のシステム脆弱性を狙う WannaCrypt ランサムウェア

本記事は、Windows Security のブログ “WannaCrypt ransomware worm targets out-of-date systems” 2017 年 5 月 12 日 米国時間...

1.2AI score
Exploits0
Total number of security vulnerabilities1366