1366 matches found
Announcing the Microsoft Identity Research Project Grant
We are excited to announce the Microsoft Identity Research Project Grant a new opportunity in partnership with the security community to help protect Microsoft customers. This project grant awards up to $75,000 USD for approved research proposals that improve the security of the Microsoft Identit...
December 2019 security updates are available
We have released the December security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...
Using Rust in Windows
This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in...
Introducing the ElectionGuard Bounty program
Today we are launching the ElectionGuard Bounty program. In May 2019, we announced the release of ElectionGuard, a free open-source SDK to make voting more secure, transparent, and accessible. ElectionGuard enables end-to-end verification of elections, open results to third-party organizations fo...
Announcing the Security Researcher Quarterly Leaderboard
Right before Black Hat USA 2019, we announced our new researcher recognition program, and at Black Hat we announced the top researchers from the previous twelve months. Since it’s easier to track your progress with regular updates than with just an annual report, we are excited to...
Announcing the Security Researcher Quarterly Leaderboard
Right before Black Hat USA 2019, we announced our new researcher recognition program, and at Black Hat we announced the top researchers from the previous twelve months. Since it’s easier to track your progress with regular updates than with just an annual report, we are excited to...
An intern's experience with Rust
Over the course of my internship at the Microsoft Security Response Center MSRC, I worked on the safe systems programming languages SSPL team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical...
October 2019 security updates are available!
We have released the October security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...
[AD管理者向け] 2020 年 LDAP 署名と LDAP チャネルバインディングが有効化。確認を!
こんにちは、セキュリティ レスポンスチームの垣内ゆりかです。 2019 年 8 月に公開したセキュリティ アドバイザリ...
Calling all breakers & builders: BlueHat Seattle registration is open!
@TODO: Exciting changes are coming to BlueHat Seattle 2019! If you’d like to attend this premier security conference, we have good news for you: registration for BlueHat Seattle is now open and we hope you register. Wait, isnt BlueHat invitation-only? It is…but if we haven’t sent you an invitatio...
2019 年 9 月のセキュリティ更新プログラム (月例)
2019 年 9 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Announcing the Microsoft Edge Insider Bounty
This week, we released the first Beta preview of the next version of Microsoft Edge. Alongside this, Microsoft is excited to announce the launch of the Microsoft Edge Insider Bounty Program. We welcome researchers to seek out and disclose any high impact vulnerabilities they may find in the next...
2019 年 8 月のセキュリティ更新プログラム (月例)
2019 年 8 月 14 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
August 2019 Security Updates
We have released the August security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windo...
Corporate IoT - a path to intrusion
Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable,...
Meet the MSRC at Black Hat 2019
We’re getting close to Black Hat, and we hope to see you there. Here’s where you can find members of the Microsoft Security Response Center if you’d like to say hello, ask a question about a report you made, discuss a recent blog article, or just show us pictures of your dog...
It’s Official – The Way We Recognize Our Security Researchers
We deeply appreciate the partnership of the many talented security researchers who report vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure. We pay bounties for research in key areas, and each year at Black Hat USA, we’ve recognized the most impactful researchers helping t...
Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP)
Today we announce the top organizational candidates for Vulnerability Top Contributors, Threat Indicator Top Submitters, and Zero-Day Top Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through...
A proactive approach to more secure code
What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre MSRC has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019...
Microsoft Launches a New Recognition Program for MAPP Partners
There are many dedicated people and organizations who contribute to the protection and security of our common customers. For years, Microsoft has recognized security researchers for helping protect the ecosystem. Now, we’re announcing the launch of a new program to better recognize and thank...
Microsoft Launches a New Recognition Program for MAPP Partners
There are many dedicated people and organizations who contribute to the protection and security of our common customers. For years, Microsoft has recognized security researchers for helping protect the ecosystem. Now, we’re announcing the launch of a new program to better recognize and thank...
Time travel debugging: It’s a blast! (from the past)
The Microsoft Security Response Center MSRC works to assess vulnerabilities that are externally reported to us as quickly as possible, but time can be lost if we have to confirm details of the repro steps or environment with the researcher to reproduce the vulnerability. Microsoft has made our...
2019 年 5 月のセキュリティ更新プログラム (月例)
2019 年 5 月 15 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
May 2019 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
April 2019 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Tags Security Advisory Securi...
Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards
In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...
March 2019 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
February 2019 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
Announcing the Microsoft Azure DevOps Bounty program
The Microsoft Security Response Center MSRC is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities i...
First Steps in Hyper-V Research
Microsoft has put a lot of effort in Hyper-V security. Hyper-V, and the whole virtualization stack, runs at the core of many of our products: cloud computing, Windows Defender Application Guard, and technology built on top of Virtualization Based Security VBS. Because Hyper-V is critical to so mu...
BlueHat v18 Content Now Available
Last month we wrapped up another great BlueHat event. As an organizer, it is great to hear that the content is so strong that we have participants have to make hard choices on what to attend. BlueHat is about the community we build and the experiences we share. To further support that we are maki...
Windows Update の利用手順 - Windows 10 の場合
本ブログ記事は初級レベルから中級レベルのコンピューター ユーザーを対象にしています。 Windows 8.1 をお使いのお客...
Windows Update の利用手順 – Windows 7 の場合
本ブログ記事は初級レベルから中級レベルのコンピューター ユーザーを対象にしています。 Windows 10 をお使いのお客...
[セキュリティ基本対策 5 か条] 第 4 条 暗号化を行う
注: この内容は一般の方を対象とした記述にしています。 今日はセキュリティ基本対策 5 か条の第 4 条「暗号化...
Standing behind “MSRC Listens”
Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...
Standing behind “MSRC Listens”
Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...
Announcing Changes to Microsoft’s Mitigation Bypass Bounty
Today we’re announcing a change to the Mitigation Bypass Bounty that removes Control Flow Guard CFG from the set of in-scope mitigations. In this blog, we’ll provide additional background and explain why we’re making this change. Mitigation Bypass Bounty Background Mitigation Bypass Bounty...
May 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...
Triaging a DLL planting vulnerability
DLL planting aka binary planting/hijacking/preloading resurface every now and then, it is not always clear on how Microsoft will respond to the report. This blog post will try to clarify the parameters considered while triaging DLL planting issues. It is well known that when an application loads ...
Triaging a DLL planting vulnerability
DLL planting aka binary planting/hijacking/preloading resurface every now and then, it is not always clear on how Microsoft will respond to the report. This blog post will try to clarify the parameters considered while triaging DLL planting issues. It is well known that when an application loads ...
March 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
急速に広がるサイバー攻撃「ラピッド サイバー攻撃」の概要
本記事は、Microsoft Secure ブログ “Overview of rapid cyberattacks” 2018 年 1 月 23 日 米国...
Inside the MSRC– The Monthly Security Update Releases
For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...
2018 年 1 月のセキュリティ更新プログラム (月例)
2018 年 1 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
October 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
サイバー レジリエンスに関するマイクロソフトの見解
本記事は、Ann Johnson Vice President、Enterprise Cybersecurity Group による Microsoft Secure Blog への投稿 “Microso...
Microsoft Office に関する報奨金プログラムの延長
本記事は、Microsoft Security Response Center のブログ “Extending the Microsoft Office Bounty Program” 2017 年 9 月 15 日 米...
EMET II のさらに先へ - Windows Defender Exploit Guard
本記事は、Security Research & Defense のブログ "Moving Beyond EMET II – Windows Defender Exploit Guard" 2017 年 8 月 9 日 米国時間公開 を翻訳したもので...
EMET は Windows 10 Defender Exploitation Guard へ統合されます
こんにちは、垣内ゆりかです。 本ブログでも、たびたび取り上げてきました 脆弱性緩和ツール Enhanced Mitigation Experience Toolkit EMET 。 EMET は...
Announcing the BlueHat v17 Schedule
September is here! The dash from the close of the call for papers to now has been amazing. We had nearly two hundred submissions spanning the gamut of security topics and presenters. The result is a solid schedule that will challenge and educate all attendees. On behalf of the content advisory...