1366 matches found
2018 年 9 月のセキュリティ更新プログラム (月例)
2018 年 9 月 12 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
2018 年 8 月のセキュリティ更新プログラム (月例)
2018 年 8 月 15 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Announcing Changes to Microsoft’s Mitigation Bypass Bounty
Today we’re announcing a change to the Mitigation Bypass Bounty that removes Control Flow Guard CFG from the set of in-scope mitigations. In this blog, we’ll provide additional background and explain why we’re making this change. Mitigation Bypass Bounty Background Mitigation Bypass Bounty...
2018 年 5 月のセキュリティ更新プログラム (月例)
2018 年 5 月 9 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Triaging a DLL planting vulnerability
DLL planting aka binary planting/hijacking/preloading resurface every now and then, it is not always clear on how Microsoft will respond to the report. This blog post will try to clarify the parameters considered while triaging DLL planting issues. It is well known that when an application loads ...
Triaging a DLL planting vulnerability
DLL planting aka binary planting/hijacking/preloading resurface every now and then, it is not always clear on how Microsoft will respond to the report. This blog post will try to clarify the parameters considered while triaging DLL planting issues. It is well known that when an application loads ...
March 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
2018 年 1 月のセキュリティ更新プログラム (月例)
2018 年 1 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
November 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
October 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Microsoft Office に関する報奨金プログラムの延長
本記事は、Microsoft Security Response Center のブログ “Extending the Microsoft Office Bounty Program” 2017 年 9 月 15 日 米...
EMET II のさらに先へ - Windows Defender Exploit Guard
本記事は、Security Research & Defense のブログ "Moving Beyond EMET II – Windows Defender Exploit Guard" 2017 年 8 月 9 日 米国時間公開 を翻訳したもので...
EMET は Windows 10 Defender Exploitation Guard へ統合されます
こんにちは、垣内ゆりかです。 本ブログでも、たびたび取り上げてきました 脆弱性緩和ツール Enhanced Mitigation Experience Toolkit EMET 。 EMET は...
Announcing the BlueHat v17 Schedule
September is here! The dash from the close of the call for papers to now has been amazing. We had nearly two hundred submissions spanning the gamut of security topics and presenters. The result is a solid schedule that will challenge and educate all attendees. On behalf of the content advisory...
August 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
2017 年 7 月のセキュリティ更新プログラム (月例)
2017 年 7 月 12 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
[IT 管理者向け] TLS 1.2 への移行を推奨しています
こんにちは、垣内由梨香です データを暗号化し安全にやり取りを行う Transport Layer Security TLS。TLS は利用しているが、詳細なバージョンまでは把握してない、そんな方も多いのではないでしょうか?暗号プロトコルは「使ってさえいれば安全」ではありません。現在の脅威に対応できるバージョンのみを利用しリスクを下げることが重要です。 マイクロソフトでは、より安全な TLS 1.2 へ移行していくことを推奨しています。 2020/9/7 追記 各製品、サービスにおける TLS 1.0/1.1 の廃止予定については、次の情報を参考にしてください。 TLS 1.0 and 1...
Microsoft Edge に関する報奨金プログラムの拡張
本記事は、Microsoft Security Response Center のブログ “Extending the Microsoft Edge Bounty Program” 2017 年 6 月 21 日 米...
進化したウイルス対策
本記事は、 Microsoft Malware Protection Center のブログ “Antivirus evolved” 2017 年 5 月 8 日 米国時間公開 を翻訳したも...
2017 年 5 月のセキュリティ更新プログラム (月例)
2017 年 5 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
May 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Taking your feedback on the Security Update Guide
The Security Update Guide has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and...
2017 年 4 月のセキュリティ更新プログラム (月例)
2017 年 4 月 12 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Office 365 security researchers: Double your bounties March-May 2017
Microsoft strives to protect our customers and we’re constantly improving our security posture to meet their needs. We realize the desire of researchers and customers to security test our services to ensure they can trust us and our solutions. We also believe that if a researcher informs us of a...
Adobe Flash Player security vulnerability release
Today, we released an Adobe Flash Player security update to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about these updates can be found on the Security Update Guide. MSRC team...
BlueHat v16 Keynote announced
Microsoft is excited to announce David Kennedy, CEO of TrustedSec and Binary Defense Systems, as the BlueHat v16 keynote speaker. David is a well-known speaker from the community, a published author, and the founder of the DerbyCon Security Conference. His keynote, entitled “The Security Monty...
October 2016 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
August 2016 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
July 2016 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
Microsoft Bounty Program expansion - .NET Core and ASP.NET RC2 Beta Bounty
Today I have another exciting expansion of the Microsoft Bounty Program. Please visit https://aka.ms/BugBounty to find out more. As we approach release for .NET Core and ASP.NET, we would like to get even more feedback from the security research community. We are offering a bounty on the .NET Cor...
Changes to Security Update Links
Updates have historically been published on both the Microsoft Download Center and the Microsoft Update Catalog and Security Bulletins linked directly to update packages on the Microsoft Download Center. Some updates will no longer be available from the Microsoft Download Center. Security bulleti...
BlueHat v15 Announces Schedule and Registration
As we inch closer to the 15th BlueHat Security Conference, we are happy to announce the lineup of speakers and topics for this event. This year will continue with a solid speaker and topic selection that engage engineers, executives, and invited guests to discuss and tackle some of the hardest...
October 2015 Security Update Release Summary
Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...
August 2015 Security Update Release Summary
Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...
June 2015 Updates
Today, as part of Update Tuesday, we released 8 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index XI, visit the Microsoft Bulletin Summary webpage. If you are...
Evolving Microsoft's Advance Notification Service in 2015
Our Advance Notification Service ANS was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved,...
Advance Notification Service for the December 2014 Security Bulletin Release
Today, we provide advance notificationfor the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer IE, Office and Exchange. As per our monthly process, we’ve scheduled...
October 2014 Updates
Today, as part of Update Tuesday, we released eight securityupdates – three rated Critical and five rated Important - to address 24 Common Vulnerabilities & Exposures CVEs in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer IE. We encourage you to apply all of these updates, but f...
Assessing risk for the August 2014 security updates
Today we released nine security bulletins addressing 37 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other seven have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your...
Announcing EMET 5.0
Today, we are excited to announce the general availability of the Enhanced Mitigation Experience Toolkit EMET 5.0. As many of you already know, EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping detect and block exploitation...
Meet myBulletins: an online security bulletin customization service
Microsoft is committed to promoting a safer, more trusted Internet and providing monthly security updates is one of the ways our customers keep their devices and connections to the Internet more secure. Packaging updates together into a monthly bulletin cycle stems from customer feedback and offe...
May 2014 Security Bulletin Webcast and Q&A
Today we published the May 2014 Security Bulletin Webcast Questions & Answers page. We answered 17 questions in total, with the majority focusing on the update for SharePoint MS14-022, Group Policy MS14-025 and Internet Explorer MS14-029. Here is the video replay: We invite you to join us for the...
The May 2014 Security Updates
Today, we released eight security bulletins – two rated Critical and six rated Important – to address 13 Common Vulnerability & Exposures CVEs in .NET Framework, Office, SharePoint, Internet Explorer, and Windows. We encourage you to apply all of these updates, but for those who need to prioritiz...
Assessing risk for the May 2014 security updates
Today we released eight security bulletins addressing 13 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. The table is designed to help you prioritize the deployment of updates appropriately for your environmen...
Protection strategies for the Security Advisory 2963983 IE 0day
We’ve received a number of customer inquiries about the workaround steps documented in Security Advisory 2963983 published on Saturday evening. We hope this blog post answers those questions. Steps you can take to stay safe The security advisory lists several options customers can take to stay...
April 2014 Security Bulletin Webcast and Q&A
Today we published the April 2013 Security Bulletin Webcast Questions & Answers page. We answered 13 questions in total, with the majority focusing on the update for Internet Explorer MS14-018 and the Windows 8.1 Update KB2919355. Two questions that were not answered on air have been included on...
Advance Notification Service for the April 2014 Security Bulletin Release
Today we provide advance notification for the release of four bulletins, two rated Critical and two rated Important in severity. These updates address issues in Microsoft Windows, Office and Internet Explorer. The update provided through MS14-017 fully addresses the Microsoft Word issue first...
March 2014 Security Bulletin Webcast and Q&A
Today we published the March 2014 Security Bulletin Webcast Questions & Answers page. We answered eight questions in total, with the majority focusing on the updates for Windows MS14-016 and Internet Explorer MS14-012. One question that was not answered on air has been included on the Q&A page...
Announcing EMET 5.0 Technical Preview
Today, we are thrilled to announce a preview release of the next version of the Enhanced Mitigation Experience Toolkit, better known as EMET. You can download EMET 5.0 Technical Preview here. This Technical Preview introduces new features and enhancements that we expect to be key components of th...
Assessing risk for the January 2014 security updates
Today we released four security bulletins addressing six CVE’s. All four bulletins have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin...