Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2017/08/08 7:0 a.m.9 views

August 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
MSRC
MSRC
added 2017/07/11 7:0 a.m.9 views

2017 年 7 月のセキュリティ更新プログラム (月例)

2017 年 7 月 12 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2017/07/11 7:0 a.m.9 views

[IT 管理者向け] TLS 1.2 への移行を推奨しています

こんにちは、垣内由梨香です データを暗号化し安全にやり取りを行う Transport Layer Security TLS。TLS は利用しているが、詳細なバージョンまでは把握してない、そんな方も多いのではないでしょうか?暗号プロトコルは「使ってさえいれば安全」ではありません。現在の脅威に対応できるバージョンのみを利用しリスクを下げることが重要です。 マイクロソフトでは、より安全な TLS 1.2 へ移行していくことを推奨しています。 2020/9/7 追記 各製品、サービスにおける TLS 1.0/1.1 の廃止予定については、次の情報を参考にしてください。 TLS 1.0 and 1...

7.4AI score
Exploits0
MSRC
MSRC
added 2017/06/26 7:0 a.m.9 views

Microsoft Edge に関する報奨金プログラムの拡張

本記事は、Microsoft Security Response Center のブログ “Extending the Microsoft Edge Bounty Program” 2017 年 6 月 21 日 米...

0.7AI score
Exploits0
MSRC
MSRC
added 2017/06/22 7:0 a.m.9 views

進化したウイルス対策

本記事は、 Microsoft Malware Protection Center のブログ “Antivirus evolved” 2017 年 5 月 8 日 米国時間公開 を翻訳したも...

2.1AI score
Exploits0
MSRC
MSRC
added 2017/05/09 7:0 a.m.9 views

2017 年 5 月のセキュリティ更新プログラム (月例)

2017 年 5 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2017/05/09 7:0 a.m.9 views

May 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

2.6AI score
Exploits0
MSRC
MSRC
added 2017/04/21 7:0 a.m.9 views

Taking your feedback on the Security Update Guide

The Security Update Guide has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and...

6.8AI score
Exploits0
MSRC
MSRC
added 2017/03/01 8:0 a.m.9 views

Office 365 security researchers: Double your bounties March-May 2017

Microsoft strives to protect our customers and we’re constantly improving our security posture to meet their needs. We realize the desire of researchers and customers to security test our services to ensure they can trust us and our solutions. We also believe that if a researcher informs us of a...

2.5AI score
Exploits0
MSRC
MSRC
added 2016/10/11 7:0 a.m.9 views

October 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

6.7AI score
Exploits0
MSRC
MSRC
added 2016/08/09 7:0 a.m.9 views

August 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

6.7AI score
Exploits0
MSRC
MSRC
added 2016/07/12 7:0 a.m.9 views

July 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

6.7AI score
Exploits0
MSRC
MSRC
added 2016/04/29 7:0 a.m.9 views

Changes to Security Update Links

Updates have historically been published on both the Microsoft Download Center and the Microsoft Update Catalog and Security Bulletins linked directly to update packages on the Microsoft Download Center. Some updates will no longer be available from the Microsoft Download Center. Security bulleti...

6.9AI score
Exploits0
MSRC
MSRC
added 2015/11/18 8:0 a.m.9 views

BlueHat v15 Announces Schedule and Registration

As we inch closer to the 15th BlueHat Security Conference, we are happy to announce the lineup of speakers and topics for this event. This year will continue with a solid speaker and topic selection that engage engineers, executives, and invited guests to discuss and tackle some of the hardest...

6.9AI score
Exploits0
MSRC
MSRC
added 2015/10/13 7:0 a.m.9 views

October 2015 Security Update Release Summary

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...

6.7AI score
Exploits0
MSRC
MSRC
added 2015/08/11 7:0 a.m.9 views

August 2015 Security Update Release Summary

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...

6.7AI score
Exploits0
MSRC
MSRC
added 2015/06/09 7:0 a.m.9 views

June 2015 Updates

Today, as part of Update Tuesday, we released 8 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index XI, visit the Microsoft Bulletin Summary webpage. If you are...

6.7AI score
Exploits0
MSRC
MSRC
added 2015/01/08 8:0 a.m.9 views

Evolving Microsoft's Advance Notification Service in 2015

Our Advance Notification Service ANS was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved,...

6.7AI score
Exploits0
MSRC
MSRC
added 2014/12/04 8:0 a.m.9 views

Advance Notification Service for the December 2014 Security Bulletin Release

Today, we provide advance notificationfor the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer IE, Office and Exchange. As per our monthly process, we’ve scheduled...

7AI score
Exploits0
MSRC
MSRC
added 2014/10/14 7:0 a.m.9 views

October 2014 Updates

Today, as part of Update Tuesday, we released eight securityupdates – three rated Critical and five rated Important - to address 24 Common Vulnerabilities & Exposures CVEs in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer IE. We encourage you to apply all of these updates, but f...

7.2AI score
Exploits0
MSRC
MSRC
added 2014/08/12 7:0 a.m.9 views

Assessing risk for the August 2014 security updates

Today we released nine security bulletins addressing 37 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other seven have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your...

7AI score
Exploits0
MSRC
MSRC
added 2014/07/31 7:0 a.m.9 views

Announcing EMET 5.0

Today, we are excited to announce the general availability of the Enhanced Mitigation Experience Toolkit EMET 5.0. As many of you already know, EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping detect and block exploitation...

7.2AI score
Exploits0
MSRC
MSRC
added 2014/05/28 7:0 a.m.9 views

Meet myBulletins: an online security bulletin customization service

Microsoft is committed to promoting a safer, more trusted Internet and providing monthly security updates is one of the ways our customers keep their devices and connections to the Internet more secure. Packaging updates together into a monthly bulletin cycle stems from customer feedback and offe...

6.9AI score
Exploits0
MSRC
MSRC
added 2014/05/13 7:0 a.m.9 views

The May 2014 Security Updates

Today, we released eight security bulletins – two rated Critical and six rated Important – to address 13 Common Vulnerability & Exposures CVEs in .NET Framework, Office, SharePoint, Internet Explorer, and Windows. We encourage you to apply all of these updates, but for those who need to prioritiz...

7.3AI score
Exploits0
MSRC
MSRC
added 2014/05/13 7:0 a.m.9 views

Assessing risk for the May 2014 security updates

Today we released eight security bulletins addressing 13 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. The table is designed to help you prioritize the deployment of updates appropriately for your environmen...

7AI score
Exploits0
MSRC
MSRC
added 2014/04/30 7:0 a.m.9 views

Protection strategies for the Security Advisory 2963983 IE 0day

We’ve received a number of customer inquiries about the workaround steps documented in Security Advisory 2963983 published on Saturday evening. We hope this blog post answers those questions. Steps you can take to stay safe The security advisory lists several options customers can take to stay...

6.8AI score
Exploits0
MSRC
MSRC
added 2014/03/17 7:0 a.m.9 views

March 2014 Security Bulletin Webcast and Q&A

Today we published the March 2014 Security Bulletin Webcast Questions & Answers page. We answered eight questions in total, with the majority focusing on the updates for Windows MS14-016 and Internet Explorer MS14-012. One question that was not answered on air has been included on the Q&A page...

7.3AI score
Exploits0
MSRC
MSRC
added 2014/02/25 8:0 a.m.9 views

Announcing EMET 5.0 Technical Preview

Today, we are thrilled to announce a preview release of the next version of the Enhanced Mitigation Experience Toolkit, better known as EMET. You can download EMET 5.0 Technical Preview here. This Technical Preview introduces new features and enhancements that we expect to be key components of th...

6.9AI score
Exploits0
MSRC
MSRC
added 2014/02/11 8:0 a.m.9 views

Assessing risk for the February 2014 security updates

Today we released seven security bulletins addressing 31 unique CVE’s. Four bulletins have a maximum severity rating of Critical while the other three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for you...

7AI score
Exploits0
MSRC
MSRC
added 2014/01/14 8:0 a.m.9 views

Assessing risk for the January 2014 security updates

Today we released four security bulletins addressing six CVE’s. All four bulletins have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin...

7.2AI score
Exploits0
MSRC
MSRC
added 2013/12/11 8:0 a.m.9 views

Software defense: mitigating common exploitation techniques

In our previous posts in this series, we described various mitigation improvements that attempt to prevent the exploitation of specific classes of memory safety vulnerabilities such as those that involve stack corruption, heap corruption, and unsafe list management and reference count...

7.3AI score
Exploits0
MSRC
MSRC
added 2013/12/09 8:0 a.m.9 views

Security Advisory 2916652 released, Certificate Trust List updated

Microsoft is updating the Certificate Trust List CTL for all supported releases of Microsoft Windows to remove the trust of a mis-issued third-party digital certificate, which could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this action...

6.7AI score
Exploits0
MSRC
MSRC
added 2013/09/27 7:0 a.m.9 views

Software Defense Series: Exploit mitigation and vulnerability detection

Software Defense is a broad topic requiring a multipronged approach including: - the processes and tooling associated with secure development that we try and encapsulate within the Microsoft SDL, - core OS countermeasures that make exploitation of a given vulnerability more difficult for an...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/09/10 7:0 a.m.9 views

Lovely tokens and the September 2013 security updates

Helen Hunt Jackson famously wrote, “By all lovely tokens September is here, with summer’s best of weather and autumn’s best of cheer.” I share Helen’s clear adoration for this time of year. As a sports fan, there are so many “lovely tokens” to enjoy. The baseball pennant race is heating up, colle...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/09/10 7:0 a.m.9 views

Assessing risk for the September 2013 security updates

Today we released thirteen security bulletins addressing 47 CVE’s. Four bulletins have a maximum severity rating of Critical while the other ten have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...

7AI score
Exploits0
MSRC
MSRC
added 2013/08/13 7:0 a.m.9 views

Cryptographic Improvements in Microsoft Windows

You might remember that in June 2013 we released Security Advisory 2854544 announcing additional options for enterprise customers to manage their digital certificate handling configuration on the Windows platform. The particular functionality announced in Security Advisory 2854544 was first built...

7AI score
Exploits0
MSRC
MSRC
added 2013/07/17 7:0 a.m.9 views

Attention Bounty Hunters – The Ramp Up to Black Hat

We’re three weeks into our new world of bounties for Microsoft products now, and as the clock ticks down on one program, we’re prepping for some live excitement with one of the others. First, the Internet Explorer 11 Preview Bounty is entering its final 10 days; the bounty period for that program...

7AI score
Exploits0
MSRC
MSRC
added 2013/07/12 7:0 a.m.9 views

July 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the July 2013 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 10 questions covering all updates. All questions are included on the Q&A page. We invite our customers to join us for the next scheduled webcast on Wednesday, August 14th at 11...

7AI score
Exploits0
MSRC
MSRC
added 2013/07/10 7:0 a.m.9 views

Filling A Gap In the Vulnerability Market – First Bounty Notification

When Microsoft decided to offer not one but three new bounties, paying outside researchers directly for security research on some of our latest products, we put a lot of thought into developing those bounty programs. We developed a customized set of programs designed to create a win-win between t...

7AI score
Exploits0
MSRC
MSRC
added 2013/07/10 7:0 a.m.9 views

Running in the wild, not for so long

Over the weekend we received a report from our partners about a possible unpatched Internet Explorer vulnerability being exploited in the wild. The exploit code uses a memory corruption bug triggered from a webpage but it deeply leverages a Flash SWF file in order to achieve reliable exploitation...

7.5AI score
Exploits0
MSRC
MSRC
added 2013/07/09 7:0 a.m.9 views

Assessing risk for the July 2013 security updates

Today we released seven security bulletins addressing 34 CVE’s. Six bulletins have a maximum severity rating of Critical, and one has a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulleti...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/06/11 7:0 a.m.9 views

Improved cryptography infrastructure and the June 2013 bulletins

It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year- and I’ve dealt with some interesting issues during my tenure - but our goal o...

6.8AI score
Exploits0
MSRC
MSRC
added 2013/06/06 7:0 a.m.9 views

Advanced Notification Service for the June 2013 Security Bulletin Release

Today we’re providing Advance Notification of five bulletins for release on Tuesday, June 11, 2013. This release brings one Critical- and four Important-class bulletins. The Critical-rated bulletin addresses issues in Internet Explorer, and the Important-rated bulletins address issues in Microsof...

7AI score
Exploits0
MSRC
MSRC
added 2026/03/04 12:0 a.m.8 views

The research never stops: Zhiniang Peng’s security research story

Some security researchers discover hacking early. Others discover it accidentally. For Zhiniang Peng, it started with curiosity and cybersecurity magazines...

5.9AI score
Exploits0
MSRC
MSRC
added 2026/02/09 12:0 a.m.8 views

Fixing the script: Journey to reduce XSS exposure

Cross‑site scripting XSS remains one of the most frequently reported web vulnerabilities—not because developers are unaware of it, but because many deployed mitigations address symptoms rather than root causes. Across vulnerability reports and incident response investigations, both within Microso...

5.5AI score
Exploits0
MSRC
MSRC
added 2026/02/09 12:0 a.m.8 views

How Asem Eleraky went from a shared family PC to finding critical vulnerabilities

In the world of vulnerability research, origin stories are rarely linear. For Asem Eleraky, the path to becoming a Microsoft MVR began not in a SOC lab or a university classroom, but with a single family PC and a short daily window to explore his growing interest in cybersecurity...

5.5AI score
Exploits0
MSRC
MSRC
added 2025/07/31 7:0 a.m.8 views

.NET Bounty Program now offers up to $40,000 in awards

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impactin...

7.5AI score
Exploits0
MSRC
MSRC
added 2023/05/17 7:0 a.m.8 views

Announcing The BlueHat Podcast: Listen and Subscribe Now!

Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference session recordings available to watch here. Since 2005, BlueHat has been where the security research community, an...

6.9AI score
Exploits0
MSRC
MSRC
added 2023/01/26 8:0 a.m.8 views

Congratulations to the Top MSRC 2022 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q4 Security Researcher Leaderboard are:...

6.8AI score
Exploits0
MSRC
MSRC
added 2022/12/29 8:0 a.m.8 views

Security Update Guide Improvement – Representing Hotpatch Updates

Today we are updating the way Microsoft Security Update Guide SUG represents the Windows Hotpatch feature to make it easier for users to identify the hotpatch and security updates. Hotpatching was introduced a year ago as a new way to install updates on supported Windows Server Azure Edition...

6.8AI score
Exploits0
Total number of security vulnerabilities1366