1366 matches found
February 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
ソーシャル エンジニアリングによって引き起こされる攻撃を途絶させる方法
本記事は、Microsoft Secure ブログ “How to disrupt attacks caused by social engineering” 2018 年 1 月 10 日 米国時間...
Windows Defender Application Guard で Microsoft Edge を最もセキュアなブラウザーに
本記事は、Windows Security のブログ “Making Microsoft Edge the most secure browser with Windows Defender Application Guard” 2017 年 10 月 23 日 米国時間...
September 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
September 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Windows Defender ATP でステルス性の高いクロスプロセス インジェクション手法を検出する: プロセス ハロウイングと AtomBombing
本記事は、Microsoft Malware Protection Center のブログ “Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing...
August 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Extending the Microsoft Edge Bounty Program
Over the past ten months we have paid out over $200,000 USD in bounties. This collaboration with the research community has resulted in significant improvements in Edge security and has allowed us to offer more proactive security for our customers. Keeping in line with our philosophy of protectin...
Extending the Microsoft Edge Bounty Program
Over the past ten months we have paid out over $200,000 USD in bounties. This collaboration with the research community has resulted in significant improvements in Edge security and has allowed us to offer more proactive security for our customers. Keeping in line with our philosophy of protectin...
Extending Microsoft Edge Bounty Program
Over the past 10 months, we’ve paid out more than $200,000 USD in bounties to researchers reporting vulnerabilities through the Microsoft Edge Bounty Program. Partnering with the research community has helped improve Microsoft Edge security, and to continue this collaboration, today were extendin...
セキュリティ更新プログラム ガイドに関するフィードバックをお待ちしています
本記事は、 MSRC Team のブログ “ Taking your feedback on the Security Update Guide” 2017 年 4 月 21 日 米国時間公開 を翻訳したものです。 2016 年...
Taking your feedback on the Security Update Guide
The Security Update Guide has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and...
Windows Defender ATP でクロスプロセス インジェクションを発見する
本記事は、Microsoft Malware Protection Center のブログ “Uncovering cross-process injection with Windows Defender ATP” 2017 年 3 月 8 日 米国時...
Microsoft BlueHat v17 Dates Announced - Update 4/3/2017
Update - The Call For Papers CFP for BlueHat v17 will be held from 6/1/2017 - 8/18/2017. We will be setting up a submissions portal for web based submissions of papers. The portal will be live on 6/1/2017. Please do not send submissions to [email protected]. Microsoft is pleased to announce...
Security Engineering Evolution in Office 2016 for Mac
Security is a critical component in all our products at Microsoft. An emphasis on strong security starts at the beginning of all our work, including threat modelling as part of the design process and the consideration of Apple’s own security recommendations for our products on Apple’s platforms. ...
Announcing a Microsoft .NET Core and ASP.NET Core Bug Bounty
It’s our pleasure to announce another exciting expansion of the Microsoft Bounty Programs. Today, we will be adding .NET Core and ASP.NET Core to our suite of ongoing bounty programs. We are offering a bounty on the Windows and Linux versions of .NET Core and ASP.NET Core starting on September 1,...
December 2015 Security Update Release Summary
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty
Today, I have another exciting expansion of the Microsoft Bounty Programs to announce. Please visit https://aka.ms/bugbounty to find out more. I’ll be discussing this new bounty in my talk at SyScan360 on October 21, 2015. We are delighted to offer a bounty for the .NET Core and ASP.NET Beta whic...
Enhanced Mitigation Experience Toolkit (EMET) version 5.5 Beta is now available
Enhanced Mitigation Experience Toolkit EMET version 5.5 Beta is now available The Enhanced Mitigation Experience Toolkit EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives. It does this by...
Advances in Scripting Security and Protection in Windows 10 and PowerShell V5
In the last several releases of Windows, we’ve been working hard to make the platform much more powerful for administrators, developers, and power users alike. PowerShell is an incredibly useful and powerful language for managing Windows domains. Unfortunately, attackers can take advantage of the...
May 2015 Updates
Today, as part of Update Tuesday, we released 13 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including a detailed view of the Exploitability Index XI, visit the Microsoft Bulletin Summary webpage. If you are n...
March 2015 Updates
Today, as part of Update Tuesday, we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer. We encourage customers to apply all of these updates. For more information about this month’s security updates, includi...
A Call for Better Coordinated Vulnerability Disclosure
For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere. Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices and...
Assessing Risk for the October 2014 Security Updates
Today we released eight security bulletins addressing 24 unique CVE’s. Three bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment...
BlueHat v14 is almost here
It’s that time of year and BlueHat v14 is almost upon us. As always, BlueHat is an opportunity for us to bring the brightest minds in security together, both internal and external, to discuss and tackle some of the hardest problems facing the industry today. Through this conference, our engineeri...
Assessing risk for the September 2014 security updates
Today we released four security bulletins addressing 42 unique CVE’s. One bulletin has a maximum severity rating of Critical and the other three have maximum severity Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment. Bulletin Mo...
August 2014 Security Bulletin Webcast and Q&A
Today, we published the August 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered ten questions on air, with the majority focusing on the update for Internet Explorer. Here is the video replay: We are aware of some issues related to the recent...
Advance Notification Service for the August 2014 Security Bulletin Release
Today, we provide advance notification for the release of nine Security Bulletins. Two of these are rated Critical, and the remaining seven are rated Important in severity. These Updates are for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows, and Internet Explorer. As per our usual...
Security Advisory 2982792 released, Certificate Trust List updated
Today, we are updating the Certificate Trust List CTL for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. Wit...
Load Library Safely
Dynamically loading libraries in an application can lead to vulnerabilities if not secured properly. In this blog post we talk about loading a library using LoadLibraryEx API and make use of options to make it safe. Know the defaults: The library file name passed to LoadLibrary / LoadLibraryEx ca...
Advance Notification Service for the May 2014 Security Bulletin Release
Today we provide Advance Notification Service ANS for the release of eight bulletins, two rated Critical and six rated Important in severity. These updates will address vulnerabilities for .NET Framework, Office, Internet Explorer, and Windows. As we do every month, we’ve scheduled the security...
Out-of-Band Release to Address Microsoft Security Advisory 2963983
At approximately 10 a.m. PDT, we will release an out-of-band security update to address the issue affecting Internet Explorer IE that was first discussed in Security Advisory 2963983. This update is fully tested and ready for release for all affected versions of the browser. The majority of...
Security Update Released to Address Recent Internet Explorer Vulnerability
Today, we released a security update to address the Internet Explorer IE vulnerability first described in Security Advisory 2963983. This security update addresses every version of Internet Explorer. While we’ve seen only a limited number of targeted attacks, customers are advised to install this...
More Details about Security Advisory 2963983 IE 0day
Today we released Security Advisory 2963983 regarding a potential vulnerability in Internet Explorer reported by FireEye and currently under investigation. We are working closely with FireEye to investigate this report of a vulnerability which was found used in very limited targeted attack: - the...
Assessing risk for the April 2014 security updates
Today we released four security bulletins addressing 11 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...
Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview
I’m here at the Moscone Center, San Francisco, California, attending the annual RSA Conference USA 2014. There’s a great crowd here and many valuable discussions. Our Microsoft Security Response Center MSRC engineering teams have been working hard on the next version of EMET, which helps customer...
Microsoft Releases Security Advisory 2934088
Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users...
Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release
Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be...
Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A
Today we’re publishing the January 2014 Security Bulletin Webcast Questions & Answers page. We answered 16 questions in total, with the majority of questions focusing on the Dynamics AX bulletin MS14-004, the update for Microsoft Word MS14-001 and the re-release of the Windows 7 and Windows Serve...
Security Advisory 2868725: Recommendation to disable RC4
In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations. Microsoft recommends TLS1.2 with AES-GCM as a more secur...
Bounty Evolution: $100,000 for New Mitigation Bypass Techniques Wanted Dead or Alive
Those who know me personally or follow me on Twitter are familiar with my obsession with karaoke. I do it as often as I can rope people into going with me, never forcing anyone to sing, though invariably everyone does – or at least sings from the sidelines to the songs they know...
Software Defense: mitigating heap corruption vulnerabilities
Heap corruption vulnerabilities are the most common type of vulnerability that Microsoft addresses through security updates today. These vulnerabilities typically occur as a result of programming mistakes that make it possible to write beyond the bounds of a heap buffer a spatial issue or to plac...
Assessing risk for the October 2013 security updates
Today we released eight security bulletins addressing 25 CVE’s. Four bulletins have a maximum severity rating of Critical while the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...
The October 2013 security updates
This month we release eight bulletins – four Critical and four Important - which address 25 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080,...
An update on the bounty programs
Back in June of this year, we announced three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview. This past Friday, we provided some...
Bounty News Update: Bountiful Harvest
Fall is a season traditionally associated with a harvest after planting the seeds and tending the crops. Today I’m proud to announce the names of six very smart people who have helped us make our products more secure by participating in our new bounty programs. When we launched our bounty program...
August 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the August 2013 Security Bulletin Webcast Questions & Answers page. We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Exchange Server MS13-061 and Windows Kernel MS13-063. There were 3 additional questions...
The story of MS13-002: How incorrectly casting fat pointers can make your code explode
C++ supports developers in object-orientated programming and removes from the developer the responsibility of dealing with many object-oriented programming OOP paradigm problems. But these problems do not magically disappear. Rather it is the compiler that aims to provide a solution to many of th...
A new policy for store apps and the July 2013 security updates
There are those I’ve met who think my life is something akin to the classic comedy Groundhog Day. No, I don’t wake up to the musical stylings of Sonny and Cher each morning, but month after month after month, the second Tuesday rolls around and I’m involved in releasing security updates...
New Bounty Programs – One Week In
Two weeks ago, Microsoft made an important evolutionary step in our work with the security community when we announced our first-ever bounty programs for security issues. One week ago, the Windows 8.1 Preview and Internet Explorer 11 Preview became available for download, and the doors officially...