1366 matches found
Increasing Representation of Women in Security Research
Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a part of the journey. Throughout Women's History Month we intentionally sought opportunities to engage with wome...
Researcher Spotlight: Cyber Viking Nate Warfield is Here to Help
“There are few jobs where I can say, I make two billion people more secure on the internet every single day.” Childhood Look: Goth kid, all in black Current Look: Cyber Viking Childhood hobby: Head banging to Metallica, Marilyn Manson, and Guns N’ Roses Current hobby: n0x08 DJ’s Live events aroun...
Expanding the Microsoft Researcher Recognition Program
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are expanding the program to recognize more...
2022 年 1 月のセキュリティ更新プログラム (月例)
2022 年 1 月 11 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...
We’re Excited to Announce the Launch of Comms Hub!
We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs case managers, attach additional files, track case and bug bounty status all in the Researcher...
Congratulations to the Top MSRC 2021 Q3 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 8...
セキュリティイベント CODE BLUE でお会いしましょう
より安全で安心な製品やサービスを提供するために、マイクロソフトでは、マイクロソフトの製品やサービスに...
Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature
On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customers resources by using the accounts primary read-write key. We mitigated the vulnerability immediately. Our...
Point and Print の既定動作の変更
本記事は「Point and Print Default Behavior Change」の日本語抄訳です。 "PrintNightmare" と総称されるいくつかの脆弱性を調査した...
Investigating and Mitigating Malicious Drivers
The security landscape continues to rapidly evolve as threat actors find new and innovative methods to gain access to environments across a wide range of vectors. As the industry moves closer to the adoption of a Zero Trust security posture with broad and layered defenses, we remain committed to...
マイクロソフト脆弱性報告窓口 ガイド (日本語)
マイクロソフトでは、より安全・安心な製品・サービスを提供するため、脆弱性報告窓口および報告者に対する...
2021 年 6 月のセキュリティ更新プログラム (月例)
2021 年 6 月 9 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
2021 年 4 月のセキュリティ更新プログラム (月例)
2021 年 4 月 14 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021
Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously blogged our strong recommendation that customers...
Customer Guidance on Recent Nation-State Cyber Attacks
Note: we are updating as the investigation continues. Revision history listed at the bottom. This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activit...
新しいセキュリティ更新プログラム ガイド (Security Update Guide) を使ってみよう
新しいバージョンのセキュリティ更新プログラムについては下記の関連ブログもご覧ください。 「新しいセキュ...
[IT 管理者向け] DNS レコードを管理してサブドメイン テイクオーバーを防ぐ
みなさんは、「サブドメイン テイクオーバー」というセキュリティの問題をご存じですか? サブドメイン テイク...
Security Analysis of CHERI ISA
Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI Capability Hardware Enhanced RISC Instructions, which provides memory protection features against many exploited...
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards
Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude. The...
Microsoft Joins Open Source Security Foundation
Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...
Top MSRC 2020 Q2 Security Researchers Announced – Congratulations!
We are excited to announce the top contributing researchers for the 2020 Second Quarter Q2! Congratulations to all the researchers who continue to rock the leaderboard, and a big thank you to everyone for your contribution to securing our customers and the ecosystem. The top three researchers of...
2020 年 5 月のセキュリティ更新プログラム (月例)
2020 年 5 月 13 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...
[サイバーセキュリティ月間2020] マイクロソフトセキュリティ関連の問い合わせ先の紹介
セキュリティ管理をしている時やセキュリティのインシデントを調査している時など、マイクロソフトのどこに...
Calling for security research in Azure Sphere, now generally available
Today, Microsoft released Azure Sphere into General Availability GA. Azure Sphere’s mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. Azure Sphere is an end-to-end solution for securely connecting existing equipment and for creating...
[サイバーセキュリティ月間2020] マイクロソフト セキュリティパッチのきほん③
マイクロソフトでは、セキュリティ更新プログラムの適用を、よりシンプルに、より効率よくすることで、更新...
January 2020 security updates are available!
We have released the January security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...
BlueHat Seattle videos are online!
Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone...
Calling all breakers & builders: BlueHat Seattle registration is open!
@TODO: Exciting changes are coming to BlueHat Seattle 2019! If you’d like to attend this premier security conference, we have good news for you: registration for BlueHat Seattle is now open and we hope you register. Wait, isnt BlueHat invitation-only? It is…but if we haven’t sent you an invitatio...
September 2019 Security Updates
We have released the September security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...
BlueHat Seattle 2019 Call for Papers is Now Open!
2019 has seen a phenomenal BlueHatIL in February followed by a wildly successful BlueHat Shanghai in May… now it’s time to come back home for BlueHat Seattle! 2 days of hands-on technical training October 22-23, 2019 2 days of conference talks from industry-leading security researchers and cyber...
Acquiring a VHD to Investigate
In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating and maintaining a VM image which can be...
Scalable infrastructure for investigations and incident response
Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to th...
Corporate IoT - a path to intrusion
Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable,...
Meet the MSRC at Black Hat 2019
We’re getting close to Black Hat, and we hope to see you there. Here’s where you can find members of the Microsoft Security Response Center if you’d like to say hello, ask a question about a report you made, discuss a recent blog article, or just show us pictures of your dog...
BlueHat Shanghai 2019: Amplifying the power of defensive partnerships around the world
Earlier this week BlueHat Shanghai brought together security researchers and hundreds of cybersecurity professionals from China and across Asia to explore the latest topics in cybersecurity research. Including presentations from Qihoo 360, Baidu, Alibaba and the Chinese Academy of Sciences, BlueH...
Vulnerability hunting with Semmle QL, part 2
The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center MSRC are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware...
Local privilege escalation via the Windows I/O Manager: a variant finding collaboration
The Microsoft Security Response Center MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services to help make our customers and the global online community more secure. We appreciate the excellent vulnerability research reported to us regularly from the...
セキュリティ インテリジェンス レポート (SIR) 第 24 版公開
2019 年 2 月 28 日 米国時間、マイクロソフトは「マイクロソフト セキュリティ インテリジェンス レポート SIR 第 24...
February 2019 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
Microsoft’s Cyber Defense Operations Center shares best practices
Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state o...
December 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
First Steps in Hyper-V Research
Microsoft has put a lot of effort in Hyper-V security. Hyper-V, and the whole virtualization stack, runs at the core of many of our products: cloud computing, Windows Defender Application Guard, and technology built on top of Virtualization Based Security VBS. Because Hyper-V is critical to so mu...
November 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
更新プログラムが正しくインストールされたかを確認する方法 – Windows 10 の場合
本ブログ記事は初級レベルから中級レベルのコンピューター ユーザーを対象にしています。 Windows 8.1 をお使いのお客...
セキュリティ更新プログラム リリース スケジュール (2019 年)
2018 年のリリース スケジュールは「セキュリティ更新プログラム リリース スケジュール 2018 年」をご覧ください。...
Standing behind “MSRC Listens”
Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...
2018 年 10 月 Office 365 で TLS 1.0, 1.1 での接続無効化。 最終確認を!
こんにちは、垣内ゆりかです。 マイクロソフトでは、Transport Layer Security TLS 1.0, 1.1 の利用を廃止し、より安全...
Announcing the BlueHat v18 Schedule
Where did the summer go? This year the BlueHat Security Conference moved forward in the schedule to late September. Next year it will settle into a steady orbit of early October moving forward. With that change in schedule, it is hard to believe that it is time to reveal the schedule for BlueHat...
Microsoft launches Identity Bounty program
Modern security depends today on collaborative communication of identities and identity data within and across domains. A customer’s digital identity is often the key to accessing services and interacting across the internet. Microsoft has invested heavily in the security and privacy of both our...