1366 matches found
Customer Guidance for WannaCrypt attacks
Microsoft solution available to protect additional products Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painfu...
Customer Guidance for WannaCrypt attacks
Microsoft solution available to protect additional products Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painfu...
Coming together to address Encapsulated PostScript (EPS) attacks
Today’s security updates include three updates that exemplify how the security ecosystem can come together to help protect consumers and enterprises. We would like to thank FireEye and ESET for working with us. Customers that have the latest security updates installed are protected against the...
SHA-1 Collisions Research
Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm called “SHAttered”. This is a significant step toward understanding this type of security issue, a...
2016 年 12 月のセキュリティ情報 (月例) - MS16-144 ~ MS16-155
2016 年 12 月 14 日 日本時間、マイクロソフトは計 12 件 緊急 6 件、重要 6 件 の新規セキュリティ情報を公開し...
Moving Beyond EMET
EMET – Then and Now Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit EMET. Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the tim...
Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms
On August 4, 2016 we launched a bounty program that targets Remote Code Execution RCE vulnerabilities in Microsoft Edge on the Windows Insider Preview Slow WIP slow. Today, we will be making additions to this bounty program. Since security is a continuous effort and not a destination, we prioriti...
BlueHat v16 Schedule Announced
Over the summer we had overwhelming response to our BlueHat v16 call for papers. We would like to give a special thanks to all who submitted papers for consideration. The range of content and quality of content was exceptional. So with that, today we are happy to announce our schedule for the...
April 2016 Security Update Release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
Announcing BlueHat v15 Conference
We are happy to announce the 15th version of the Microsoft BlueHat Security Conference set for January 12-13, 2016. The annual security conference brings internal and external speakers to educate and engage Microsoft’s engineering community and their executives. Work is under way currently to set...
What makes a good Microsoft Defense Bounty submission?
One of Microsoft’s longstanding strategies toward improving software security continues to involve investing in defensive technologies that make it difficult and costly for attackers to exploit vulnerabilities. These solutions generally have a broad and long lasting impact on software security...
September 2015 Security Update Release Summary
Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...
Out-of-band release for Security Bulletin MS15-078
Today, we released a security bulletin to provide an update for Microsoft Windows. Customers who have automatic updates enabled or apply the update, will be protected. We recommend customers apply the update as soon as possible, following the directions in the security bulletin. More information...
July 2015 Security Updates
Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month’s security updates and advisories visit...
April 2015 Updates
Today, as part of Update Tuesday, we released 11 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index XI, visit the Microsoft Bulletin Summary webpage. If you are...
Security Advisory 3046015 released
Today, we released Security Advisory 3046015 to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” Factoring attack on RSA-EXPORT Keys. Our investigation continues and we’ll take the necessary steps to protect our customers. MSRC Team...
December 2014 Updates
Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures CVEs in Microsoft Windows, Internet Explorer IE, Office and Exchange. We encourage you to apply all of these...
MS14-072: .NET Remoting Elevation of Privilege Vulnerability
Today Microsoft shipped MS14-072 to the .NET Framework to address an Elevation of Privilege EOP vulnerability in the .NET Remoting feature. This update fixes a specific issue in .NET Remoting that permitted specially crafted remote endpoints to take advantage of this vulnerability. What is .NET...
Security Advisory 3009008 updated
Today, we announced the availability of SSL 3.0 fallback warnings in Internet Explorer IE 11. For more information please visit the IE blog. We have also published an update on the status of the changes we have made to our Azure offerings in response to the SSL 3.0 vulnerability. For more...
Security Advisory 3010060 released
Today, we released Security Advisory 3010060to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains a...
July 2014 Security Bulletin Release
Many around the globe have been following the 2014 FIFA World Cup Brazil™ closely. Regardless of which country you are supporting, many folks have been impressed by the defensive display put on by keeper Tim Howard in a loss against Belgium. It was a great performance highlighting a strong defens...
Advance Notification Service for the July 2014 Security Bulletin Release
Today, we provide advance notification for the release of six Security Bulletins. Two of these are rated Critical, three are rated as Important, and one is rated Moderate in severity. These Updates are for Microsoft Windows and Internet Explorer. This month we will also premier the new format for...
Microsoft Releases Security Advisory 2953095
Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Te...
When ASLR makes the difference
We wrote several times in this blog about the importance of enabling Address Space Layout Randomization mitigation ASLR in modern software because it’s a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation. ...
Advance Notification Service for the March 2014 Security Bulletin Release
Today we provide advance notification for the release of five bulletins for March 2014, two rated Critical and thee rated Important in severity. These updates address issues in Microsoft Windows, Internet Explorer and Silverlight. The update provided in MS14-012 fully addresses the issue first...
Omphaloskepsis and the December 2013 Security Update Release
There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast...
MS13-098: Update to enhance the security of Authenticode
Today we released MS13-098, a security update that strengthens the Authenticode code-signing technology against attempts to modify a signed binary without invalidating the signature. This update addresses a specific instance of malicious binary modification that could allow a modified binary to...
MS13-106: Farewell to another ASLR bypass
Today we released MS13-106 which resolves a security feature bypass that can allow attackers to circumvent Address Space Layout Randomization ASLR using a specific DLL library HXDS.DLL provided as part of Microsoft Office 2007 and 2010. The existence of an ASLR bypass does not directly enable the...
BlueHat v13 is Coming
This week, starting Thursday, we’ll be hosting our 13th edition of BlueHat. I’m always so impressed with the level of knowledge we attract to each BlueHat, and while the event is invite-only, we’ll be sharing glimpses into the event via this blog and the hashtag BlueHat. For each of the past six...
Microsoft Releases Security Advisory 2914486
Today we released Security Advisory 2914486 regarding a local elevation of privilege EoP issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program MAPP found this...
10 years of Update Tuesdays
On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update. We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear a...
Software Defense: mitigating stack corruption vulnerabilties
Introduction One of the oldest forms of memory safety exploitation is that of stack corruption vulnerabilities, with several early high-profile exploits being of this type. It seems fitting therefore to kick off this Software Defense series by looking at the status of software defense today with...
September 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the September 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on Office bulletins, especially SharePoint Server MS13-067. We received multiple Office related questions that were very similar in nature, so the questions have been...
MS13-068: A difficult-to-exploit double free in Outlook
MS13-068 addresses a memory corruption vulnerability accessible by simply previewing a message in the Outlook Preview Pane. As such, we’ve rated this security vulnerability as Critical and we encourage customers to deploy the security update. However, in this case, we believe this particular...
Leaving Las Vegas and the August 2013 security updates
Two weeks ago I, along with 7,500 of my closest friends, attended the Black Hat security conference in Las Vegas, NV. I can’t speak for everyone, but I certainly had a great – if not exhausting – time while there. While there were a lot of great talks, a personal highlight for me each year is the...
Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063
Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...
Are you prepared for the BlueHat Challenge?
Today we are kicking off a new challenge so you can showcase your security prowess and, if we can, help you build some more. Our BlueHat Challenge is a series of computer security questions, which increase in difficulty as you progress. Only the rare and talented engineer will be able to finish t...
Preparing for Live Pwnage: Mitigation Bypass Bounty Machine Specs for Black Hat
With about one week to go before we all gather at Black Hat in Las Vegas, we’re getting inquiries about precisely how the promised Live Mitigation Bypass Bounty judging at Black Hat will work. For most of the world, it works best when you get a good spot at the Microsoft booth 301 around noon eac...
Announcing the Microsoft Bounty Programs
Over the years, weve put a lot of work into helping secure the computing ecosystem and limiting the number of issues in our products. The security researcher community is critical to these efforts, as they help us find vulnerabilities in our software that we may have missed. Now were taking it ev...
Microsoft is sponsoring the Cyber Security Challenge UK
The global adoption of computing continues to draw attackers toward ever-richer targets. The latest data from the Microsoft Security Intelligence Report shows that although industry-wide vulnerability disclosures are down and computer defenses are improved, exploit activity has actually increased...
Assessing risk for the June 2013 security updates
Today we released five security bulletins addressing 23 CVE’s. One bulletin has a maximum severity rating of Critical, and four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin...
From first report to MVR: Harun’s path in cloud security research
Harun’s relationship with technology began early, driven by curiosity rather than obligation. While still in high school, he taught himself Pascal and C simply because he wanted to understand how things worked. Those languages never became central to his professional career, but they shaped how h...
Congratulations to the top MSRC 2025 Q3 security researchers!
Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...
.NET Bounty Program now offers up to $40,000 in awards
We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impactin...
Announcing the CVRF API 3.0 upgrade
At the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common Vulnerability Reporting CVRF API. This update...
A Ride on the Wild Side with Hacking Heavyweight Sick Codes
Beverage of Choice: Krating Daeng Thai Red Bull Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies Present & Past: Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently...
Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance
Summary Today, Microsoft released new versions of the Azure Key Vault libraries and Azure Identity libraries as part of the Azure Software Development Kit SDK that includes defense-in-depth feature improvements. We also published best practice guidance to help protect applications and services th...
Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez
When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru Previous Job roles : Mopped floors for McDonalds, packed boxes at an Avon warehouse, Manager at Olive Garden, Beer taster/server and then...
Azure Synapse Spark で修正された脆弱性について
本ブログは、Vulnerability Fixed in Azure Synapse Spark の抄訳版です。最新の情報は原文を参照してください。 概...
Vulnerability Fixed in Azure Synapse Spark
Summary Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of this effort, and our collaborative partnership is critical in a world where cybersecurity...