Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2017/05/13 7:0 a.m.8 views

Customer Guidance for WannaCrypt attacks

Microsoft solution available to protect additional products Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painfu...

4.4AI score
Exploits0
MSRC
MSRC
added 2017/05/13 7:0 a.m.8 views

Customer Guidance for WannaCrypt attacks

Microsoft solution available to protect additional products Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painfu...

7AI score
Exploits0
MSRC
MSRC
added 2017/05/09 7:0 a.m.8 views

Coming together to address Encapsulated PostScript (EPS) attacks

Today’s security updates include three updates that exemplify how the security ecosystem can come together to help protect consumers and enterprises. We would like to thank FireEye and ESET for working with us. Customers that have the latest security updates installed are protected against the...

6.9AI score
Exploits0
MSRC
MSRC
added 2017/02/23 8:0 a.m.8 views

SHA-1 Collisions Research

Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm called “SHAttered”. This is a significant step toward understanding this type of security issue, a...

1.1AI score
Exploits0
MSRC
MSRC
added 2016/12/13 12:0 a.m.8 views

2016 年 12 月のセキュリティ情報 (月例) - MS16-144 ~ MS16-155

2016 年 12 月 14 日 日本時間、マイクロソフトは計 12 件 緊急 6 件、重要 6 件 の新規セキュリティ情報を公開し...

0.3AI score
Exploits0
MSRC
MSRC
added 2016/11/03 7:0 a.m.8 views

Moving Beyond EMET

EMET – Then and Now Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit EMET. Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the tim...

7.3AI score
Exploits0
MSRC
MSRC
added 2016/09/28 7:0 a.m.8 views

Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms

On August 4, 2016 we launched a bounty program that targets Remote Code Execution RCE vulnerabilities in Microsoft Edge on the Windows Insider Preview Slow WIP slow. Today, we will be making additions to this bounty program. Since security is a continuous effort and not a destination, we prioriti...

7.5AI score
Exploits0
MSRC
MSRC
added 2016/09/01 7:0 a.m.8 views

BlueHat v16 Schedule Announced

Over the summer we had overwhelming response to our BlueHat v16 call for papers. We would like to give a special thanks to all who submitted papers for consideration. The range of content and quality of content was exceptional. So with that, today we are happy to announce our schedule for the...

7AI score
Exploits0
MSRC
MSRC
added 2016/04/12 7:0 a.m.8 views

April 2016 Security Update Release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

6.7AI score
Exploits0
MSRC
MSRC
added 2015/10/14 7:0 a.m.8 views

Announcing BlueHat v15 Conference

We are happy to announce the 15th version of the Microsoft BlueHat Security Conference set for January 12-13, 2016. The annual security conference brings internal and external speakers to educate and engage Microsoft’s engineering community and their executives. Work is under way currently to set...

6.9AI score
Exploits0
MSRC
MSRC
added 2015/09/08 7:0 a.m.8 views

What makes a good Microsoft Defense Bounty submission?

One of Microsoft’s longstanding strategies toward improving software security continues to involve investing in defensive technologies that make it difficult and costly for attackers to exploit vulnerabilities. These solutions generally have a broad and long lasting impact on software security...

7.1AI score
Exploits0
MSRC
MSRC
added 2015/09/08 7:0 a.m.8 views

September 2015 Security Update Release Summary

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...

6.7AI score
Exploits0
MSRC
MSRC
added 2015/07/20 7:0 a.m.8 views

Out-of-band release for Security Bulletin MS15-078

Today, we released a security bulletin to provide an update for Microsoft Windows. Customers who have automatic updates enabled or apply the update, will be protected. We recommend customers apply the update as soon as possible, following the directions in the security bulletin. More information...

6.7AI score
Exploits0
MSRC
MSRC
added 2015/07/14 7:0 a.m.8 views

July 2015 Security Updates

Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month’s security updates and advisories visit...

7.2AI score
Exploits0
MSRC
MSRC
added 2015/04/14 7:0 a.m.8 views

April 2015 Updates

Today, as part of Update Tuesday, we released 11 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index XI, visit the Microsoft Bulletin Summary webpage. If you are...

6.7AI score
Exploits0
MSRC
MSRC
added 2015/03/05 8:0 a.m.8 views

Security Advisory 3046015 released

Today, we released Security Advisory 3046015 to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” Factoring attack on RSA-EXPORT Keys. Our investigation continues and we’ll take the necessary steps to protect our customers. MSRC Team...

7AI score
Exploits0
MSRC
MSRC
added 2014/12/09 8:0 a.m.8 views

December 2014 Updates

Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures CVEs in Microsoft Windows, Internet Explorer IE, Office and Exchange. We encourage you to apply all of these...

6.7AI score
Exploits0
MSRC
MSRC
added 2014/11/11 8:0 a.m.8 views

MS14-072: .NET Remoting Elevation of Privilege Vulnerability

Today Microsoft shipped MS14-072 to the .NET Framework to address an Elevation of Privilege EOP vulnerability in the .NET Remoting feature. This update fixes a specific issue in .NET Remoting that permitted specially crafted remote endpoints to take advantage of this vulnerability. What is .NET...

6.8AI score
Exploits0
MSRC
MSRC
added 2014/10/29 7:0 a.m.8 views

Security Advisory 3009008 updated

Today, we announced the availability of SSL 3.0 fallback warnings in Internet Explorer IE 11. For more information please visit the IE blog. We have also published an update on the status of the changes we have made to our Azure offerings in response to the SSL 3.0 vulnerability. For more...

6.7AI score
Exploits0
MSRC
MSRC
added 2014/10/21 7:0 a.m.8 views

Security Advisory 3010060 released

Today, we released Security Advisory 3010060to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains a...

7.6AI score
Exploits0
MSRC
MSRC
added 2014/07/08 7:0 a.m.8 views

July 2014 Security Bulletin Release

Many around the globe have been following the 2014 FIFA World Cup Brazil™ closely. Regardless of which country you are supporting, many folks have been impressed by the defensive display put on by keeper Tim Howard in a loss against Belgium. It was a great performance highlighting a strong defens...

7AI score
Exploits0
MSRC
MSRC
added 2014/07/03 7:0 a.m.8 views

Advance Notification Service for the July 2014 Security Bulletin Release

Today, we provide advance notification for the release of six Security Bulletins. Two of these are rated Critical, three are rated as Important, and one is rated Moderate in severity. These Updates are for Microsoft Windows and Internet Explorer. This month we will also premier the new format for...

7AI score
Exploits0
MSRC
MSRC
added 2014/03/24 7:0 a.m.8 views

Microsoft Releases Security Advisory 2953095

Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Te...

7.5AI score
Exploits0
MSRC
MSRC
added 2014/03/12 7:0 a.m.8 views

When ASLR makes the difference

We wrote several times in this blog about the importance of enabling Address Space Layout Randomization mitigation ASLR in modern software because it’s a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation. ...

6.9AI score
Exploits0
MSRC
MSRC
added 2014/03/06 8:0 a.m.8 views

Advance Notification Service for the March 2014 Security Bulletin Release

Today we provide advance notification for the release of five bulletins for March 2014, two rated Critical and thee rated Important in severity. These updates address issues in Microsoft Windows, Internet Explorer and Silverlight. The update provided in MS14-012 fully addresses the issue first...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/12/10 8:0 a.m.8 views

Omphaloskepsis and the December 2013 Security Update Release

There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/12/10 8:0 a.m.8 views

MS13-098: Update to enhance the security of Authenticode

Today we released MS13-098, a security update that strengthens the Authenticode code-signing technology against attempts to modify a signed binary without invalidating the signature. This update addresses a specific instance of malicious binary modification that could allow a modified binary to...

6.8AI score
Exploits0
MSRC
MSRC
added 2013/12/09 8:0 a.m.8 views

MS13-106: Farewell to another ASLR bypass

Today we released MS13-106 which resolves a security feature bypass that can allow attackers to circumvent Address Space Layout Randomization ASLR using a specific DLL library HXDS.DLL provided as part of Microsoft Office 2007 and 2010. The existence of an ASLR bypass does not directly enable the...

7.2AI score
Exploits0
MSRC
MSRC
added 2013/12/06 8:0 a.m.8 views

BlueHat v13 is Coming

This week, starting Thursday, we’ll be hosting our 13th edition of BlueHat. I’m always so impressed with the level of knowledge we attract to each BlueHat, and while the event is invite-only, we’ll be sharing glimpses into the event via this blog and the hashtag BlueHat. For each of the past six...

7AI score
Exploits0
MSRC
MSRC
added 2013/11/27 8:0 a.m.8 views

Microsoft Releases Security Advisory 2914486

Today we released Security Advisory 2914486 regarding a local elevation of privilege EoP issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program MAPP found this...

7.7AI score
Exploits0
MSRC
MSRC
added 2013/10/14 7:0 a.m.8 views

10 years of Update Tuesdays

On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update. We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear a...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/10/01 7:0 a.m.8 views

Software Defense: mitigating stack corruption vulnerabilties

Introduction One of the oldest forms of memory safety exploitation is that of stack corruption vulnerabilities, with several early high-profile exploits being of this type. It seems fitting therefore to kick off this Software Defense series by looking at the status of software defense today with...

7.4AI score
Exploits0
MSRC
MSRC
added 2013/09/13 7:0 a.m.8 views

September 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the September 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on Office bulletins, especially SharePoint Server MS13-067. We received multiple Office related questions that were very similar in nature, so the questions have been...

7.2AI score
Exploits0
MSRC
MSRC
added 2013/09/10 7:0 a.m.8 views

MS13-068: A difficult-to-exploit double free in Outlook

MS13-068 addresses a memory corruption vulnerability accessible by simply previewing a message in the Outlook Preview Pane. As such, we’ve rated this security vulnerability as Critical and we encourage customers to deploy the security update. However, in this case, we believe this particular...

7.4AI score
Exploits0
MSRC
MSRC
added 2013/08/13 7:0 a.m.8 views

Leaving Las Vegas and the August 2013 security updates

Two weeks ago I, along with 7,500 of my closest friends, attended the Black Hat security conference in Las Vegas, NV. I can’t speak for everyone, but I certainly had a great – if not exhausting – time while there. While there were a lot of great talks, a personal highlight for me each year is the...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/08/12 7:0 a.m.8 views

Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063

Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...

7.1AI score
Exploits0
MSRC
MSRC
added 2013/07/31 7:0 a.m.8 views

Are you prepared for the BlueHat Challenge?

Today we are kicking off a new challenge so you can showcase your security prowess and, if we can, help you build some more. Our BlueHat Challenge is a series of computer security questions, which increase in difficulty as you progress. Only the rare and talented engineer will be able to finish t...

6.8AI score
Exploits0
MSRC
MSRC
added 2013/07/24 7:0 a.m.8 views

Preparing for Live Pwnage: Mitigation Bypass Bounty Machine Specs for Black Hat

With about one week to go before we all gather at Black Hat in Las Vegas, we’re getting inquiries about precisely how the promised Live Mitigation Bypass Bounty judging at Black Hat will work. For most of the world, it works best when you get a good spot at the Microsoft booth 301 around noon eac...

6.8AI score
Exploits0
MSRC
MSRC
added 2013/06/19 7:0 a.m.8 views

Announcing the Microsoft Bounty Programs

Over the years, weve put a lot of work into helping secure the computing ecosystem and limiting the number of issues in our products. The security researcher community is critical to these efforts, as they help us find vulnerabilities in our software that we may have missed. Now were taking it ev...

7.1AI score
Exploits0
MSRC
MSRC
added 2013/06/17 7:0 a.m.8 views

Microsoft is sponsoring the Cyber Security Challenge UK

The global adoption of computing continues to draw attackers toward ever-richer targets. The latest data from the Microsoft Security Intelligence Report shows that although industry-wide vulnerability disclosures are down and computer defenses are improved, exploit activity has actually increased...

6.8AI score
Exploits0
MSRC
MSRC
added 2013/06/11 7:0 a.m.8 views

Assessing risk for the June 2013 security updates

Today we released five security bulletins addressing 23 CVE’s. One bulletin has a maximum severity rating of Critical, and four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin...

6.9AI score
Exploits0
MSRC
MSRC
added 2026/04/22 12:0 a.m.7 views

From first report to MVR: Harun’s path in cloud security research

Harun’s relationship with technology began early, driven by curiosity rather than obligation. While still in high school, he taught himself Pascal and C simply because he wanted to understand how things worked. Those languages never became central to his professional career, but they shaped how h...

5.7AI score
Exploits0
MSRC
MSRC
added 2025/10/16 12:0 a.m.7 views

Congratulations to the top MSRC 2025 Q3 security researchers!

Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...

7AI score
Exploits0
MSRC
MSRC
added 2025/07/31 7:0 a.m.7 views

.NET Bounty Program now offers up to $40,000 in awards

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impactin...

7.5AI score
Exploits0
MSRC
MSRC
added 2024/07/11 7:0 a.m.7 views

Announcing the CVRF API 3.0 upgrade

At the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common Vulnerability Reporting CVRF API. This update...

7.3AI score
Exploits0
MSRC
MSRC
added 2022/11/29 8:0 a.m.7 views

A Ride on the Wild Side with Hacking Heavyweight Sick Codes

Beverage of Choice: Krating Daeng Thai Red Bull Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies Present & Past: Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently...

7.2AI score
Exploits0
MSRC
MSRC
added 2022/09/20 7:0 a.m.7 views

Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance

Summary Today, Microsoft released new versions of the Azure Key Vault libraries and Azure Identity libraries as part of the Azure Software Development Kit SDK that includes defense-in-depth feature improvements. We also published best practice guidance to help protect applications and services th...

7.3AI score
Exploits0
MSRC
MSRC
added 2022/09/07 7:0 a.m.7 views

Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez

When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru Previous Job roles : Mopped floors for McDonalds, packed boxes at an Avon warehouse, Manager at Olive Garden, Beer taster/server and then...

6.9AI score
Exploits0
MSRC
MSRC
added 2022/09/01 7:0 a.m.7 views

Azure Synapse Spark で修正された脆弱性について

本ブログは、Vulnerability Fixed in Azure Synapse Spark の抄訳版です。最新の情報は原文を参照してください。 概...

1.3AI score
Exploits0
MSRC
MSRC
added 2022/09/01 7:0 a.m.7 views

Vulnerability Fixed in Azure Synapse Spark

Summary Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of this effort, and our collaborative partnership is critical in a world where cybersecurity...

7.2AI score
Exploits0
Total number of security vulnerabilities1366