1366 matches found
March 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
January 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
未更新のシステム脆弱性を狙う WannaCrypt ランサムウェア
本記事は、Windows Security のブログ “WannaCrypt ransomware worm targets out-of-date systems” 2017 年 5 月 12 日 米国時間...
Windows Defender Advanced Threat Protection の機械学習: 未知の侵入アクティビティの検出
本記事は、Windows Security のブログ “Windows Defender ATP machine learning: Detecting new and unusual breach activity” 2017 年 8 月 3 日 米...
Windows Defender Exploit Guard: 攻撃表面を縮小して次世代型マルウェアに対抗する
本記事は、Windows Security のブログ “Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware” 2017 年 10 月 23 日 米国...
September 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
September 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Announcing the BlueHat v17 Schedule
September is here! The dash from the close of the call for papers to now has been amazing. We had nearly two hundred submissions spanning the gamut of security topics and presenters. The result is a solid schedule that will challenge and educate all attendees. On behalf of the content advisory...
June 2017 security update release
Microsoft releases additional updates for older platforms to protect against potential nation-state activity Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of...
BlueHat v17 Call for Papers Opens
Calling security professionals and enthusiasts throughout the world. Microsoft is pleased to open the Call for Papers for our BlueHat v17 Security Conference. Potential speakers have from June 1st through August 18th to submit abstract proposals for this unique opportunity. As in past events, we...
ランサムウェア WannaCrypt 攻撃に関するお客様ガイダンス
概要 概要 2017 年 5 月 12 日 米国時間 より、マイクロソフトは、イギリスを始めとする複数の国の医療機関やその...
Bountycraft at Nullcon 2017
Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the...
Bountycraft at Nullcon 2017
Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the...
Protecting customers and evaluating risk
Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already...
April 2017 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...
Announcing the new Bug Bounty Program for Office Insider Builds on Windows
We’ve engineered Office to be secure by design and continually invest in enhancing its security capabilities. In the spirit of maintaining a high security bar in Office, we’re launching the Bug Bounty Program for Office Insider Builds on Windows. The Office Bug Bounty Program complements our...
Microsoft BlueHat v17 Dates Announced - Update 4/3/2017
Update - The Call For Papers CFP for BlueHat v17 will be held from 6/1/2017 - 8/18/2017. We will be setting up a submissions portal for web based submissions of papers. The portal will be live on 6/1/2017. Please do not send submissions to [email protected]. Microsoft is pleased to announce...
Announcing the new Bug Bounty Program for Office Insider Builds on Windows
We’ve engineered Office to be secure by design and continually invest in enhancing its security capabilities. In the spirit of maintaining a high security bar in Office, we’re launching the Bug Bounty Program for Office Insider Builds on Windows. The Office Bug Bounty Program complements our...
SHA-1 Collisions Research
Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm called “SHAttered”. This is a significant step toward understanding this type of security issue, a...
Adobe Flash Player の脆弱性を修正するセキュリティ更新プログラムを定例外で公開
本日、セキュリティ情報 MS17-005「Adobe Flash Player のセキュリティ更新プログラム」を公開しました。...
Adobe Flash Player security vulnerability release
Today, we released an Adobe Flash Player security update to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about these updates can be found on the Security Update Guide. MSRC team...
2017 年 2 月のセキュリティ更新プログラム リリース
本記事は、MSRC のブログ “February 2017 security update release” 2017 年 2 月 14 日 米国時間公開 を翻訳し...
January 2017 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
November 2016 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
BlueHat IL 2017 Announced
Microsoft is thrilled to announce BlueHat IL 2017. This will mark the first time BlueHat is held in Tel Aviv and it will take place on January 24-25, 2017. Given its location, Israel further serves as a harness which draws in researchers from across Europe, Asia and the Middle East...
Microsoft Bounty Programs Expansion - Bounty for Defense, Authentication Bonus, and RemoteApp
I am very pleased to be releasing additional expansions of the Microsoft Bounty Programs. Please stop by the Microsoft Networking Lounge at Black Hat, August 5-6, to learn more about these programs; or, visit https://aka.ms/BugBounty. We are raising the Bounty for Defense maximum from $50,000 USD...
EMET 5.2 is available (update)
Today, we’re releasing the Enhanced Mitigation Experience Toolkit EMET 5.2, which includes increased security protections to improve your security posture. You can download EMET 5.2 from microsoft.com/emet or directly from here. Following is the list of the main changes and improvements: Control...
EMET 5.1 is available
Today, we’re releasing the Enhanced Mitigation Experience Toolkit EMET 5.1 which will continue to improve your security posture by providing increased application compatibility and hardened mitigations. You can download EMET 5.1 from microsoft.com/emet or directly from here. Following is the list...
Advance Notification Service for the October 2014 Security Bulletin Release
Today, we provide advance notification for the release of nine Security Bulletins. Three of these updates are rated Critical, five are rated as Important, and one is rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, .NET Framework, and ASP.NET. As per...
July 2014 Security Bulletin Webcast and Q&A
Today we published the July 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered eight questions on air, with the majority focusing on the update for Internet Explorer. The transcript also includes a question we did not have time to answer on the ai...
June 2014 Security Bulletin Webcast and Q&A
Today we published the June 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered six questions on air, with the majority focusing on the updates for TCP and Internet Explorer. The transcript also includes a question we did not have time to answer on...
Assessing risk for the June 2014 security updates
Today we released seven security bulletins addressing 66 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your...
An Overview of KB2871997
An Overview of KB2871997 Microsoft recently released KB2871997 for Windows 7, Windows 8, Windows Server 2008R2, and Windows Server 2012. This blog will give an overview of the feature changes, their impact, and some important configuration changes that can be made in conjunction with the update t...
Continuing with Our Community Driven, Customer Focused Approach for EMET
The Enhanced Mitigation Experience Toolkit, best known as EMET, helps raise the bar against attackers gaining access to computer systems. Since the first release of EMET in 2009, our customers and the security community have adopted EMET and provided us with valuable feedback. Feedback both in...
The March 2014 Security Updates
This month we release five bulletins to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088, so it should be at the top of your list. While that...
February 2014 Security Bulletin Webcast and Q&A
Today we published the February 2014 Security Bulletin Webcast Questions & Answers page. We answered seven questions on air, with the majority of questions focusing on the MSXML bulletin MS14-005 and the revision to Security Advisory 2915720. One question that was not answered on air has been...
Advance Notification Service for December 2013 Security Bulletin Release
Today we’re providing advance notification for the release of 11 bulletins, five Critical and six Important, for December 2013. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly...
Assessing risk for the November 2013 security updates
Today we released eight security bulletins addressing 19 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...
Bounty Evolution: $100,000 for New Mitigation Bypass Techniques Wanted Dead or Alive
Those who know me personally or follow me on Twitter are familiar with my obsession with karaoke. I do it as often as I can rope people into going with me, never forcing anyone to sing, though invariably everyone does – or at least sings from the sidelines to the songs they know...
Introduction: Chris Betz, new head of MSRC
By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center MSRC. I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing. Since joining the MSRC, I’ve spent time...
Congratulations to James Forshaw Recipient of Our First $100,000 Bounty for New Mitigation Bypass Techniques!
Congratulations to James Forshaw for coming up with a new exploitation technique to get our first ever $100,000 bounty. A security vulnerability researcher with Context Information Security, James already came in hot with design level bugs he found during the IE11 Preview Bug Bounty, and we’re...
Doors Open for New Bounty Programs
As we announced last week, Microsoft is now offering $100,000 bounties for new exploitation techniques that can bypass our latest platform-wide defenses and up to $50,000 bonus bounties for defense ideas. We’re also offering from now until July 26 bounties of up to $11,000 for critical security...
Java: A Fix it for when you cannot let go
There is much to say about the use of Java in both consumer and enterprise environments. Like any other platforms, it has both devoted supporters and fervent critics. But for most, Java is a requirement, a means to an end. In the past few years, Java as a platform has been the target of numerous...
From points to payouts: The evolution of the Microsoft security researcher leaderboard
The global security research community plays a critical role in helping Microsoft protect customers. Through their deep technical expertise, coordinated disclosure, and collaboration, researchers help identify and remediate vulnerabilities, and shape how our security programs evolve. Many of the...
“The bugs pick you”: Inside Wouter’s security research journey
If you ask Wouter when his security journey began, he’ll take you back to a childhood in the Netherlands, tinkering with the 8086 PC his parents brought home when he was five or six. That early curiosity, fueled by racing games, trial-and-error exploration, and a tendency to pull things apart jus...
BlueHat Asia 2025: Closing soon: Submit your papers by September 14, 2025
The next chapter of the Microsoft Security Response Center’s MSRC BlueHat security conference is fast approaching. BlueHat Asia 2025 will take place in Bengaluru, India, on November 5 – 6, 2025 and the Call for Papers is now open. Submissions will be accepted through September 14, 2025. Now in it...
Microsoft Bounty Program year in review: $17 million in rewards
We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center MSRC, these security...
New MSRC Blog Site
We are excited to announce the release of the new Microsoft Security Response Center MSRC blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved si...
A Ride on the Wild Side with Hacking Heavyweight Sick Codes
Beverage of Choice: Krating Daeng Thai Red Bull Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies Present & Past: Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently...
セキュリティ更新プログラムの通知・配信の改善 – 新しい配信方法について
本ブログは、Improvements in Security Update Notifications Delivery – And a New Delivery Method の抄訳版です。最新の情報は原文を参照してく...