1366 matches found
November 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
Standing behind “MSRC Listens”
Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...
Announcing the BlueHat v18 Schedule
Where did the summer go? This year the BlueHat Security Conference moved forward in the schedule to late September. Next year it will settle into a steady orbit of early October moving forward. With that change in schedule, it is hard to believe that it is time to reveal the schedule for BlueHat...
Microsoft launches Identity Bounty program
Modern security depends today on collaborative communication of identities and identity data within and across domains. A customer’s digital identity is often the key to accessing services and interacting across the internet. Microsoft has invested heavily in the security and privacy of both our...
June 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...
May 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...
BlueHat v18 Announced & Call for Papers Opens
We are back! Microsoft is excited to announce the next installment of the BlueHat Security Conference – BlueHat v18. We will be holding the event at Microsoft’s headquarter campus September 25-27, 2018. This year we are adding the option for workshops and networking on the first day prior to the...
Hyper-V Debugging Symbols Are Publicly Available
The security of Microsoft’s cloud services is a top priority for us. One of the technologies that is central to cloud security is Microsoft Hyper-V which we use to isolate tenants from one another in the cloud. Given the importance of this technology, Microsoft has made and continues to make...
Recognizing Q3 Top 5 Bounty Hunters
Throughout the year, security researchers submit some amazing work to us under the Microsoft Bug Bounty program. Starting this quarter, we want to give a shout out to and acknowledge the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft...
2018 年 3 月のセキュリティ更新プログラム (月例)
2018 年 3 月 14 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
ラピッド サイバー攻撃の一種、Petya の概要
本記事は、Microsoft Secure ブログ “Overview of Petya, a rapid cyberattack” 2018 年 2 月 5 日 米...
急速に広がるサイバー攻撃「ラピッド サイバー攻撃」の概要
本記事は、Microsoft Secure ブログ “Overview of rapid cyberattacks” 2018 年 1 月 23 日 米国...
Inside the MSRC– The Monthly Security Update Releases
For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...
February 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
ソーシャル エンジニアリングによって引き起こされる攻撃を途絶させる方法
本記事は、Microsoft Secure ブログ “How to disrupt attacks caused by social engineering” 2018 年 1 月 10 日 米国時間...
Windows Defender Application Guard で Microsoft Edge を最もセキュアなブラウザーに
本記事は、Windows Security のブログ “Making Microsoft Edge the most secure browser with Windows Defender Application Guard” 2017 年 10 月 23 日 米国時間...
サイバー レジリエンスに関するマイクロソフトの見解
本記事は、Ann Johnson Vice President、Enterprise Cybersecurity Group による Microsoft Secure Blog への投稿 “Microso...
September 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Windows Defender ATP でステルス性の高いクロスプロセス インジェクション手法を検出する: プロセス ハロウイングと AtomBombing
本記事は、Microsoft Malware Protection Center のブログ “Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing...
August 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Extending the Microsoft Edge Bounty Program
Over the past ten months we have paid out over $200,000 USD in bounties. This collaboration with the research community has resulted in significant improvements in Edge security and has allowed us to offer more proactive security for our customers. Keeping in line with our philosophy of protectin...
Extending the Microsoft Edge Bounty Program
Over the past ten months we have paid out over $200,000 USD in bounties. This collaboration with the research community has resulted in significant improvements in Edge security and has allowed us to offer more proactive security for our customers. Keeping in line with our philosophy of protectin...
Extending Microsoft Edge Bounty Program
Over the past 10 months, we’ve paid out more than $200,000 USD in bounties to researchers reporting vulnerabilities through the Microsoft Edge Bounty Program. Partnering with the research community has helped improve Microsoft Edge security, and to continue this collaboration, today were extendin...
セキュリティ更新プログラム ガイドに関するフィードバックをお待ちしています
本記事は、 MSRC Team のブログ “ Taking your feedback on the Security Update Guide” 2017 年 4 月 21 日 米国時間公開 を翻訳したものです。 2016 年...
Taking your feedback on the Security Update Guide
The Security Update Guide has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and...
Windows Defender ATP でクロスプロセス インジェクションを発見する
本記事は、Microsoft Malware Protection Center のブログ “Uncovering cross-process injection with Windows Defender ATP” 2017 年 3 月 8 日 米国時...
Microsoft BlueHat v17 Dates Announced - Update 4/3/2017
Update - The Call For Papers CFP for BlueHat v17 will be held from 6/1/2017 - 8/18/2017. We will be setting up a submissions portal for web based submissions of papers. The portal will be live on 6/1/2017. Please do not send submissions to [email protected]. Microsoft is pleased to announce...
Security Engineering Evolution in Office 2016 for Mac
Security is a critical component in all our products at Microsoft. An emphasis on strong security starts at the beginning of all our work, including threat modelling as part of the design process and the consideration of Apple’s own security recommendations for our products on Apple’s platforms. ...
Announcing a Microsoft .NET Core and ASP.NET Core Bug Bounty
It’s our pleasure to announce another exciting expansion of the Microsoft Bounty Programs. Today, we will be adding .NET Core and ASP.NET Core to our suite of ongoing bounty programs. We are offering a bounty on the Windows and Linux versions of .NET Core and ASP.NET Core starting on September 1,...
December 2015 Security Update Release Summary
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty
Today, I have another exciting expansion of the Microsoft Bounty Programs to announce. Please visit https://aka.ms/bugbounty to find out more. I’ll be discussing this new bounty in my talk at SyScan360 on October 21, 2015. We are delighted to offer a bounty for the .NET Core and ASP.NET Beta whic...
Enhanced Mitigation Experience Toolkit (EMET) version 5.5 Beta is now available
Enhanced Mitigation Experience Toolkit EMET version 5.5 Beta is now available The Enhanced Mitigation Experience Toolkit EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives. It does this by...
Advances in Scripting Security and Protection in Windows 10 and PowerShell V5
In the last several releases of Windows, we’ve been working hard to make the platform much more powerful for administrators, developers, and power users alike. PowerShell is an incredibly useful and powerful language for managing Windows domains. Unfortunately, attackers can take advantage of the...
May 2015 Updates
Today, as part of Update Tuesday, we released 13 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including a detailed view of the Exploitability Index XI, visit the Microsoft Bulletin Summary webpage. If you are n...
A Call for Better Coordinated Vulnerability Disclosure
For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere. Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices and...
Assessing Risk for the October 2014 Security Updates
Today we released eight security bulletins addressing 24 unique CVE’s. Three bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment...
BlueHat v14 is almost here
It’s that time of year and BlueHat v14 is almost upon us. As always, BlueHat is an opportunity for us to bring the brightest minds in security together, both internal and external, to discuss and tackle some of the hardest problems facing the industry today. Through this conference, our engineeri...
Assessing risk for the September 2014 security updates
Today we released four security bulletins addressing 42 unique CVE’s. One bulletin has a maximum severity rating of Critical and the other three have maximum severity Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment. Bulletin Mo...
August 2014 Security Bulletin Webcast and Q&A
Today, we published the August 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered ten questions on air, with the majority focusing on the update for Internet Explorer. Here is the video replay: We are aware of some issues related to the recent...
Advance Notification Service for the August 2014 Security Bulletin Release
Today, we provide advance notification for the release of nine Security Bulletins. Two of these are rated Critical, and the remaining seven are rated Important in severity. These Updates are for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows, and Internet Explorer. As per our usual...
Security Advisory 2982792 released, Certificate Trust List updated
Today, we are updating the Certificate Trust List CTL for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. Wit...
Load Library Safely
Dynamically loading libraries in an application can lead to vulnerabilities if not secured properly. In this blog post we talk about loading a library using LoadLibraryEx API and make use of options to make it safe. Know the defaults: The library file name passed to LoadLibrary / LoadLibraryEx ca...
Advance Notification Service for the May 2014 Security Bulletin Release
Today we provide Advance Notification Service ANS for the release of eight bulletins, two rated Critical and six rated Important in severity. These updates will address vulnerabilities for .NET Framework, Office, Internet Explorer, and Windows. As we do every month, we’ve scheduled the security...
Out-of-Band Release to Address Microsoft Security Advisory 2963983
At approximately 10 a.m. PDT, we will release an out-of-band security update to address the issue affecting Internet Explorer IE that was first discussed in Security Advisory 2963983. This update is fully tested and ready for release for all affected versions of the browser. The majority of...
Security Update Released to Address Recent Internet Explorer Vulnerability
Today, we released a security update to address the Internet Explorer IE vulnerability first described in Security Advisory 2963983. This security update addresses every version of Internet Explorer. While we’ve seen only a limited number of targeted attacks, customers are advised to install this...
More Details about Security Advisory 2963983 IE 0day
Today we released Security Advisory 2963983 regarding a potential vulnerability in Internet Explorer reported by FireEye and currently under investigation. We are working closely with FireEye to investigate this report of a vulnerability which was found used in very limited targeted attack: - the...
Assessing risk for the April 2014 security updates
Today we released four security bulletins addressing 11 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...
Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview
I’m here at the Moscone Center, San Francisco, California, attending the annual RSA Conference USA 2014. There’s a great crowd here and many valuable discussions. Our Microsoft Security Response Center MSRC engineering teams have been working hard on the next version of EMET, which helps customer...
Microsoft Releases Security Advisory 2934088
Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users...
Assessing risk for the February 2014 security updates
Today we released seven security bulletins addressing 31 unique CVE’s. Four bulletins have a maximum severity rating of Critical while the other three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for you...