1365 matches found
マイクロソフト脆弱性報告窓口 ガイド (日本語)
マイクロソフトでは、より安全・安心な製品・サービスを提供するため、脆弱性報告窓口および報告者に対する...
2021 年 6 月のセキュリティ更新プログラム (月例)
2021 年 6 月 9 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
2021 年 4 月のセキュリティ更新プログラム (月例)
2021 年 4 月 14 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021
Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously blogged our strong recommendation that customers...
A new experience for reporting copyright or trademark infringement on Microsoft Services
The Notice of Copyright or Trademark Infringement Portal has helped protect Microsofts users and customers from intellectual property infringement across online services like Microsoft Azure, Office, Outlook, Skype, Stream, Microsoft News, Sway, Hotmail, NuGet, and Yammer. Microsofts response to...
Customer Guidance on Recent Nation-State Cyber Attacks
Note: we are updating as the investigation continues. Revision history listed at the bottom. This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activit...
新しいセキュリティ更新プログラム ガイド (Security Update Guide) を使ってみよう
新しいバージョンのセキュリティ更新プログラムについては下記の関連ブログもご覧ください。 「新しいセキュ...
新しいセキュリティ更新プログラム ガイドでの脆弱性情報の詳細
新しいバージョンのセキュリティ更新プログラムについては下記の関連ブログもご覧ください。 「新しいセキュ...
[IT 管理者向け] DNS レコードを管理してサブドメイン テイクオーバーを防ぐ
みなさんは、「サブドメイン テイクオーバー」というセキュリティの問題をご存じですか? サブドメイン テイク...
Microsoft Digital Defense Report でサイバーセキュリティの動向を知る
2020 年 9 月マイクロソフトは、昨年のサイバーセキュリティの動向を網羅した「Microsoft Digital Defense Repo...
Security Analysis of CHERI ISA
Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI Capability Hardware Enhanced RISC Instructions, which provides memory protection features against many exploited...
Microsoft Joins Open Source Security Foundation
Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...
Updates to the Windows Insider Preview Bounty Program
Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to encourage and reward vulnerability research focused on the highest impact to customer security. The...
Top MSRC 2020 Q2 Security Researchers Announced – Congratulations!
We are excited to announce the top contributing researchers for the 2020 Second Quarter Q2! Congratulations to all the researchers who continue to rock the leaderboard, and a big thank you to everyone for your contribution to securing our customers and the ecosystem. The top three researchers of...
2020 年 5 月のセキュリティ更新プログラム (月例)
2020 年 5 月 13 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...
[サイバーセキュリティ月間2020] マイクロソフトセキュリティ関連の問い合わせ先の紹介
セキュリティ管理をしている時やセキュリティのインシデントを調査している時など、マイクロソフトのどこに...
[サイバーセキュリティ月間2020] マイクロソフト セキュリティパッチのきほん③
マイクロソフトでは、セキュリティ更新プログラムの適用を、よりシンプルに、より効率よくすることで、更新...
January 2020 security updates are available!
We have released the January security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...
BlueHat Seattle videos are online!
Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone...
September 2019 Security Updates
We have released the September security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...
Acquiring a VHD to Investigate
In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating and maintaining a VM image which can be...
BlueHat Seattle 2019 Call for Papers is Now Open!
2019 has seen a phenomenal BlueHatIL in February followed by a wildly successful BlueHat Shanghai in May… now it’s time to come back home for BlueHat Seattle! 2 days of hands-on technical training October 22-23, 2019 2 days of conference talks from industry-leading security researchers and cyber...
Scalable infrastructure for investigations and incident response
Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to th...
Meet the MSRC at Black Hat 2019
We’re getting close to Black Hat, and we hope to see you there. Here’s where you can find members of the Microsoft Security Response Center if you’d like to say hello, ask a question about a report you made, discuss a recent blog article, or just show us pictures of your dog...
Why Rust for safe systems programming
In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represen...
BlueHat Shanghai 2019: Amplifying the power of defensive partnerships around the world
Earlier this week BlueHat Shanghai brought together security researchers and hundreds of cybersecurity professionals from China and across Asia to explore the latest topics in cybersecurity research. Including presentations from Qihoo 360, Baidu, Alibaba and the Chinese Academy of Sciences, BlueH...
Vulnerability hunting with Semmle QL, part 2
The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center MSRC are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware...
Local privilege escalation via the Windows I/O Manager: a variant finding collaboration
The Microsoft Security Response Center MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services to help make our customers and the global online community more secure. We appreciate the excellent vulnerability research reported to us regularly from the...
セキュリティ インテリジェンス レポート (SIR) 第 24 版公開
2019 年 2 月 28 日 米国時間、マイクロソフトは「マイクロソフト セキュリティ インテリジェンス レポート SIR 第 24...
February 2019 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
Microsoft’s Cyber Defense Operations Center shares best practices
Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state o...
December 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
First Steps in Hyper-V Research
Microsoft has put a lot of effort in Hyper-V security. Hyper-V, and the whole virtualization stack, runs at the core of many of our products: cloud computing, Windows Defender Application Guard, and technology built on top of Virtualization Based Security VBS. Because Hyper-V is critical to so mu...
November 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
更新プログラムが正しくインストールされたかを確認する方法 – Windows 10 の場合
本ブログ記事は初級レベルから中級レベルのコンピューター ユーザーを対象にしています。 Windows 8.1 をお使いのお客...
セキュリティ更新プログラム リリース スケジュール (2019 年)
2018 年のリリース スケジュールは「セキュリティ更新プログラム リリース スケジュール 2018 年」をご覧ください。...
2018 年 10 月 Office 365 で TLS 1.0, 1.1 での接続無効化。 最終確認を!
こんにちは、垣内ゆりかです。 マイクロソフトでは、Transport Layer Security TLS 1.0, 1.1 の利用を廃止し、より安全...
Announcing the BlueHat v18 Schedule
Where did the summer go? This year the BlueHat Security Conference moved forward in the schedule to late September. Next year it will settle into a steady orbit of early October moving forward. With that change in schedule, it is hard to believe that it is time to reveal the schedule for BlueHat...
Microsoft launches Identity Bounty program
Modern security depends today on collaborative communication of identities and identity data within and across domains. A customer’s digital identity is often the key to accessing services and interacting across the internet. Microsoft has invested heavily in the security and privacy of both our...
2018 年 7 月のセキュリティ更新プログラム (月例)
2018 年 7 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
June 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...
BlueHat v18 Announced & Call for Papers Opens
We are back! Microsoft is excited to announce the next installment of the BlueHat Security Conference – BlueHat v18. We will be holding the event at Microsoft’s headquarter campus September 25-27, 2018. This year we are adding the option for workshops and networking on the first day prior to the...
Hyper-V Debugging Symbols Are Publicly Available
The security of Microsoft’s cloud services is a top priority for us. One of the technologies that is central to cloud security is Microsoft Hyper-V which we use to isolate tenants from one another in the cloud. Given the importance of this technology, Microsoft has made and continues to make...
Recognizing Q3 Top 5 Bounty Hunters
Throughout the year, security researchers submit some amazing work to us under the Microsoft Bug Bounty program. Starting this quarter, we want to give a shout out to and acknowledge the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft...
2018 年 3 月のセキュリティ更新プログラム (月例)
2018 年 3 月 14 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
ラピッド サイバー攻撃の一種、Petya の概要
本記事は、Microsoft Secure ブログ “Overview of Petya, a rapid cyberattack” 2018 年 2 月 5 日 米...
February 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
ソーシャル エンジニアリングによって引き起こされる攻撃を途絶させる方法
本記事は、Microsoft Secure ブログ “How to disrupt attacks caused by social engineering” 2018 年 1 月 10 日 米国時間...
Windows Defender Application Guard で Microsoft Edge を最もセキュアなブラウザーに
本記事は、Windows Security のブログ “Making Microsoft Edge the most secure browser with Windows Defender Application Guard” 2017 年 10 月 23 日 米国時間...