Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2022/03/31 7:0 a.m.10 views

Increasing Representation of Women in Security Research

Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a part of the journey. Throughout Women's History Month we intentionally sought opportunities to engage with wome...

7.2AI score
Exploits0
MSRC
MSRC
added 2022/02/11 8:0 a.m.10 views

Researcher Spotlight: Cyber Viking Nate Warfield is Here to Help

“There are few jobs where I can say, I make two billion people more secure on the internet every single day.” Childhood Look: Goth kid, all in black Current Look: Cyber Viking Childhood hobby: Head banging to Metallica, Marilyn Manson, and Guns N’ Roses Current hobby: n0x08 DJ’s Live events aroun...

7AI score
Exploits0
MSRC
MSRC
added 2022/02/01 8:0 a.m.10 views

Expanding the Microsoft Researcher Recognition Program

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are expanding the program to recognize more...

1.2AI score
Exploits0
MSRC
MSRC
added 2022/01/11 8:0 a.m.10 views

2022 年 1 月のセキュリティ更新プログラム (月例)

2022 年 1 月 11 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/10/25 7:0 a.m.10 views

We’re Excited to Announce the Launch of Comms Hub!

We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs case managers, attach additional files, track case and bug bounty status all in the Researcher...

2.2AI score
Exploits0
MSRC
MSRC
added 2021/10/14 7:0 a.m.10 views

Congratulations to the Top MSRC 2021 Q3 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 8...

1.3AI score
Exploits0
MSRC
MSRC
added 2021/10/06 7:0 a.m.10 views

セキュリティイベント CODE BLUE でお会いしましょう

より安全で安心な製品やサービスを提供するために、マイクロソフトでは、マイクロソフトの製品やサービスに...

0.5AI score
Exploits0
MSRC
MSRC
added 2021/08/27 7:0 a.m.10 views

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customers resources by using the accounts primary read-write key. We mitigated the vulnerability immediately. Our...

2.7AI score
Exploits0
MSRC
MSRC
added 2021/08/10 7:0 a.m.10 views

Point and Print の既定動作の変更

本記事は「Point and Print Default Behavior Change」の日本語抄訳です。 "PrintNightmare" と総称されるいくつかの脆弱性を調査した...

1.6AI score
Exploits0
MSRC
MSRC
added 2021/06/25 7:0 a.m.10 views

Investigating and Mitigating Malicious Drivers

The security landscape continues to rapidly evolve as threat actors find new and innovative methods to gain access to environments across a wide range of vectors. As the industry moves closer to the adoption of a Zero Trust security posture with broad and layered defenses, we remain committed to...

1.9AI score
Exploits0
MSRC
MSRC
added 2021/06/17 7:0 a.m.10 views

マイクロソフト脆弱性報告窓口 ガイド (日本語)

マイクロソフトでは、より安全・安心な製品・サービスを提供するため、脆弱性報告窓口および報告者に対する...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/06/08 7:0 a.m.10 views

2021 年 6 月のセキュリティ更新プログラム (月例)

2021 年 6 月 9 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/04/13 7:0 a.m.10 views

2021 年 4 月のセキュリティ更新プログラム (月例)

2021 年 4 月 14 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/03/05 8:0 a.m.10 views

Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021

Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously blogged our strong recommendation that customers...

3.1AI score
Exploits0
MSRC
MSRC
added 2020/12/14 8:0 a.m.10 views

Customer Guidance on Recent Nation-State Cyber Attacks

Note: we are updating as the investigation continues. Revision history listed at the bottom. This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activit...

1.9AI score
Exploits0
MSRC
MSRC
added 2020/12/03 8:0 a.m.10 views

新しいセキュリティ更新プログラム ガイド (Security Update Guide) を使ってみよう

新しいバージョンのセキュリティ更新プログラムについては下記の関連ブログもご覧ください。 「新しいセキュ...

0.5AI score
Exploits0
MSRC
MSRC
added 2020/10/27 7:0 a.m.10 views

[IT 管理者向け] DNS レコードを管理してサブドメイン テイクオーバーを防ぐ

みなさんは、「サブドメイン テイクオーバー」というセキュリティの問題をご存じですか? サブドメイン テイク...

0.4AI score
Exploits0
MSRC
MSRC
added 2020/10/14 7:0 a.m.10 views

Security Analysis of CHERI ISA

Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI Capability Hardware Enhanced RISC Instructions, which provides memory protection features against many exploited...

1.6AI score
Exploits0
MSRC
MSRC
added 2020/08/04 7:0 a.m.10 views

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude. The...

2.4AI score
Exploits0
MSRC
MSRC
added 2020/08/03 7:0 a.m.10 views

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...

1.5AI score
Exploits0
MSRC
MSRC
added 2020/07/15 7:0 a.m.10 views

Top MSRC 2020 Q2 Security Researchers Announced – Congratulations!

We are excited to announce the top contributing researchers for the 2020 Second Quarter Q2! Congratulations to all the researchers who continue to rock the leaderboard, and a big thank you to everyone for your contribution to securing our customers and the ecosystem. The top three researchers of...

6.9AI score
Exploits0
MSRC
MSRC
added 2020/05/12 7:0 a.m.10 views

2020 年 5 月のセキュリティ更新プログラム (月例)

2020 年 5 月 13 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/04/29 7:0 a.m.10 views

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...

2.5AI score
Exploits0
MSRC
MSRC
added 2020/03/02 8:0 a.m.10 views

[サイバーセキュリティ月間2020] マイクロソフトセキュリティ関連の問い合わせ先の紹介

セキュリティ管理をしている時やセキュリティのインシデントを調査している時など、マイクロソフトのどこに...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/02/24 8:0 a.m.10 views

Calling for security research in Azure Sphere, now generally available

Today, Microsoft released Azure Sphere into General Availability GA. Azure Sphere’s mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. Azure Sphere is an end-to-end solution for securely connecting existing equipment and for creating...

7AI score
Exploits0
MSRC
MSRC
added 2020/02/18 8:0 a.m.10 views

[サイバーセキュリティ月間2020] マイクロソフト セキュリティパッチのきほん③

マイクロソフトでは、セキュリティ更新プログラムの適用を、よりシンプルに、より効率よくすることで、更新...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/01/14 8:0 a.m.10 views

January 2020 security updates are available!

We have released the January security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

6.7AI score
Exploits0
MSRC
MSRC
added 2019/11/13 8:0 a.m.10 views

BlueHat Seattle videos are online!

Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone...

2.1AI score
Exploits0
MSRC
MSRC
added 2019/09/16 7:0 a.m.10 views

Calling all breakers & builders: BlueHat Seattle registration is open!

@TODO: Exciting changes are coming to BlueHat Seattle 2019! If you’d like to attend this premier security conference, we have good news for you: registration for BlueHat Seattle is now open and we hope you register. Wait, isnt BlueHat invitation-only? It is…but if we haven’t sent you an invitatio...

2.3AI score
Exploits0
MSRC
MSRC
added 2019/09/10 7:0 a.m.10 views

September 2019 Security Updates

We have released the September security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

3.6AI score
Exploits0
MSRC
MSRC
added 2019/09/03 7:0 a.m.10 views

BlueHat Seattle 2019 Call for Papers is Now Open!

2019 has seen a phenomenal BlueHatIL in February followed by a wildly successful BlueHat Shanghai in May… now it’s time to come back home for BlueHat Seattle! 2 days of hands-on technical training October 22-23, 2019 2 days of conference talks from industry-leading security researchers and cyber...

6.9AI score
Exploits0
MSRC
MSRC
added 2019/09/03 7:0 a.m.10 views

Acquiring a VHD to Investigate

In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating and maintaining a VM image which can be...

6.9AI score
Exploits0
MSRC
MSRC
added 2019/08/30 7:0 a.m.10 views

Scalable infrastructure for investigations and incident response

Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to th...

1.9AI score
Exploits0
MSRC
MSRC
added 2019/08/05 7:0 a.m.10 views

Corporate IoT - a path to intrusion

Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable,...

6.9AI score
Exploits0
MSRC
MSRC
added 2019/07/29 7:0 a.m.10 views

Meet the MSRC at Black Hat 2019

We’re getting close to Black Hat, and we hope to see you there. Here’s where you can find members of the Microsoft Security Response Center if you’d like to say hello, ask a question about a report you made, discuss a recent blog article, or just show us pictures of your dog...

1.5AI score
Exploits0
MSRC
MSRC
added 2019/05/31 7:0 a.m.10 views

BlueHat Shanghai 2019: Amplifying the power of defensive partnerships around the world

Earlier this week BlueHat Shanghai brought together security researchers and hundreds of cybersecurity professionals from China and across Asia to explore the latest topics in cybersecurity research. Including presentations from Qihoo 360, Baidu, Alibaba and the Chinese Academy of Sciences, BlueH...

7AI score
Exploits0
MSRC
MSRC
added 2019/03/19 7:0 a.m.10 views

Vulnerability hunting with Semmle QL, part 2

The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center MSRC are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware...

2.8AI score
Exploits0
MSRC
MSRC
added 2019/03/14 7:0 a.m.10 views

Local privilege escalation via the Windows I/O Manager: a variant finding collaboration

The Microsoft Security Response Center MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services to help make our customers and the global online community more secure. We appreciate the excellent vulnerability research reported to us regularly from the...

3.4AI score
Exploits0
MSRC
MSRC
added 2019/03/01 8:0 a.m.10 views

セキュリティ インテリジェンス レポート (SIR) 第 24 版公開

2019 年 2 月 28 日 米国時間、マイクロソフトは「マイクロソフト セキュリティ インテリジェンス レポート SIR 第 24...

0.5AI score
Exploits0
MSRC
MSRC
added 2019/02/12 8:0 a.m.10 views

February 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

3.1AI score
Exploits0
MSRC
MSRC
added 2019/01/23 8:0 a.m.10 views

Microsoft’s Cyber Defense Operations Center shares best practices

Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state o...

6.6AI score
Exploits0
MSRC
MSRC
added 2018/12/11 8:0 a.m.10 views

December 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

3AI score
Exploits0
MSRC
MSRC
added 2018/12/10 8:0 a.m.10 views

First Steps in Hyper-V Research

Microsoft has put a lot of effort in Hyper-V security. Hyper-V, and the whole virtualization stack, runs at the core of many of our products: cloud computing, Windows Defender Application Guard, and technology built on top of Virtualization Based Security VBS. Because Hyper-V is critical to so mu...

7AI score
Exploits0
MSRC
MSRC
added 2018/11/13 8:0 a.m.10 views

November 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

6.7AI score
Exploits0
MSRC
MSRC
added 2018/10/25 7:0 a.m.10 views

更新プログラムが正しくインストールされたかを確認する方法 – Windows 10 の場合

本ブログ記事は初級レベルから中級レベルのコンピューター ユーザーを対象にしています。 Windows 8.1 をお使いのお客...

1.8AI score
Exploits0
MSRC
MSRC
added 2018/10/23 7:0 a.m.10 views

セキュリティ更新プログラム リリース スケジュール (2019 年)

2018 年のリリース スケジュールは「セキュリティ更新プログラム リリース スケジュール 2018 年」をご覧ください。...

0.3AI score
Exploits0
MSRC
MSRC
added 2018/10/02 7:0 a.m.10 views

Standing behind “MSRC Listens”

Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...

1.7AI score
Exploits0
MSRC
MSRC
added 2018/08/30 7:0 a.m.10 views

2018 年 10 月 Office 365 で TLS 1.0, 1.1 での接続無効化。 最終確認を!

こんにちは、垣内ゆりかです。 マイクロソフトでは、Transport Layer Security TLS 1.0, 1.1 の利用を廃止し、より安全...

0.9AI score
Exploits0
MSRC
MSRC
added 2018/08/02 7:0 a.m.10 views

Announcing the BlueHat v18 Schedule

Where did the summer go? This year the BlueHat Security Conference moved forward in the schedule to late September. Next year it will settle into a steady orbit of early October moving forward. With that change in schedule, it is hard to believe that it is time to reveal the schedule for BlueHat...

0.4AI score
Exploits0
MSRC
MSRC
added 2018/07/17 7:0 a.m.10 views

Microsoft launches Identity Bounty program

Modern security depends today on collaborative communication of identities and identity data within and across domains. A customer’s digital identity is often the key to accessing services and interacting across the internet. Microsoft has invested heavily in the security and privacy of both our...

1.9AI score
Exploits0
Total number of security vulnerabilities1366