1366 matches found
BlueHat Shanghai 2019 Call for Papers is Now Open!
We know security experts with diverse skills and experiences are found around the world. This year, the BlueHat Security Conference is coming to Shanghai! BlueHat Shanghai 2019 will take place on May 29-30 at W Shanghai - The Bund. We want to provide a venue for security researchers to come...
January 2019 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
2018 年 10 月のセキュリティ更新プログラム (月例)
2018 年 10 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
[セキュリティ基本対策 5 か条] 第 3 条 アカウントやパスワードを管理する
注: この内容は一般の方を対象とした記述にしています。 今日はセキュリティ基本対策 5 か条の第 3 条「アカウ...
Behind BlueHat: The Art
We are just one day away from the opening of BlueHat v18 and excitement is building. One of the questions that I have gotten more frequently the past couple years is about the artwork we use for BlueHat. So yes there is a theme. 😊 Starting in 2014, we introduced the Top Hat logo which the communi...
Behind BlueHat: The Art
We are just one day away from the opening of BlueHat v18 and excitement is building. One of the questions that I have gotten more frequently the past couple years is about the artwork we use for BlueHat. So yes there is a theme. 😊 Starting in 2014, we introduced the Top Hat logo which the communi...
August 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...
The Making of the Top 100 Researcher List
At Black Hat USA each year, we unveil the Top 100 Security Researcher list to reflect the amazing engagement we get from the community. During this period, we had several thousand researchers engage with the Microsoft Security Response Center MSRC. We appreciate all the partnership and coordinati...
July 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...
Draft of Microsoft Security Servicing Commitments for Windows
Updated September 10, 2018 The Servicing Criteria for Windows has transitioned to an official document and can be found at the link below. Microsoft thanks the members of the research community who provided feedback on the draft copy. Microsoft Security Servicing Criteria for Windows...
Mitigating speculative execution side channel hardware vulnerabilities
On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chanc...
Petya や WannaCrypt などのラピッド サイバー攻撃を緩和する方法
本記事は、Microsoft Secure ブログ “How to mitigate rapid cyberattacks such as Petya and WannaCrypt” 2018 年 2 月 21 日 米国時...
アップグレードの重要性: 2017 年のランサムウェア拡散時に高い効果を証明した Windows 10 の次世代型セキュリティ
本記事は、Microsoft Secure ブログ “A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017” 2018 年 1 月 10 日 米国時間公開...
Windows Defender Application Control の紹介
本記事は、Windows Security のブログ “Introducing Windows Defender Application Control” 2017 年 10 月 23 日 米国時間...
Windows Defender ATP の機械学習と Antimalware Scan Interface: スクリプトを悪用した「環境寄生型」攻撃の検出
本記事は、Microsoft Secure のブログ “Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’”...
2017 年 12 月のセキュリティ更新プログラム (月例)
2017 年 12 月 13 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
December 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
重要なポイントでランサムウェアを阻止: コントロールされたフォルダー アクセス機能でデータを保護する
本記事は、Windows Security のブログ “Stopping ransomware where it counts: Protecting your data with Controlled folder access” 2017 年 10 月 23 日 米...
2017 年 11 月のセキュリティ更新プログラム (月例)
================================================================= 2017 年 11 月 23 日追記 11 月の Windows の月例セキュリティ更新プログラムを適用後に以下の問題が発生することを確認し...
October 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
2017 年 9 月のセキュリティ更新プログラム (月例)
2017 年 9 月 13 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Outlook の脆弱性を修正するセキュリティ更新プログラムを定例外で公開
2017 年 7 月 28 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを定例外で公...
Eternal Synergy Exploit Analysis
Introduction Recently we announced a series of blog posts dissecting the exploits released by the ShadowBrokers in April 2017; specifically some of the less explored exploits. This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This one is particularly...
Update on Petya malware attacks
As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to investiga...
May 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
April 2017 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...
マイクロソフト報奨金プログラムの拡張 – Windows 用の Office Insider ビルドに関する報奨金プログラム
本記事は、Microsoft Security Response Center のブログ “Announcing the new Bug Bounty Program for Office Insider Builds on Windows”...
March 2017 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Security bulletins were also...
Office 365 のセキュリティ研究者の皆さまへ: 2017 年 3 月 ~ 5 月は報奨金が 2 倍になります
本記事は、Microsoft Security Response Center のブログ “Office 365 security researchers: Double your bounties March-May 2017” 2017 年 3 月 1 日 米国時間...
Office 365 security researchers: Double your bounties March-May 2017
Microsoft strives to protect our customers and we’re constantly improving our security posture to meet their needs. We realize the desire of researchers and customers to security test our services to ensure they can trust us and our solutions. We also believe that if a researcher informs us of a...
January 2017 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
December 2016 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
September 2016 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
June 2016 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
March 2016 Security Update Release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates can be found in the Security TechNet Library...
February 2016 Security Update Release Summary
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
Enhanced Mitigation Experience Toolkit (EMET) version 5.5 is now available
The Enhanced Mitigation Experience Toolkit EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives. It does this by anticipating, diverting, terminating, blocking, or otherwise invalidating the most...
Triaging the exploitability of IE/EDGE crashes
Introduction Both Internet Explorer IE and Edge have seen significant changes in order to help protect customers from security threats. This work has featured a number of mitigations that together have not only rendered classes of vulnerabilities not-exploitable, but also dramatically raised the...
Security Bulletin MS14-068 released
Today, we released an out-of-band security update to address a vulnerability in Kerberos which could allow Elevation of Privilege. This update is for all supported versions of Windows Server and includes a defense-in-depth update for all supported versions of Windows. We strongly encourage...
Assessing Risk for the November 2014 Security Updates
Today we released fourteen security bulletins addressing 33 unique CVE’s. Four bulletins have a maximum severity rating of Critical, eight have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. This table is designed to help you prioritize the deployment ...
August 2014 Security Updates
Today, as part of Update Tuesday, we released nine securityupdates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures CVEs in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer IE. We encourage you to apply all of these updates, but...
General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0
Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit EMET 5.0. EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might u...
Driving a Collectively Stronger Security Community with Microsoft Interflow
Today, Microsoft is pleased to announce the private preview of Microsoft Interflow, a security and threat information exchange platform for analysts and researchers working in cybersecurity. Interflow uses industry specifications to create an automated, machine-readable feed of threat and securit...
Microsoft releases Security Advisory 2974294
Today, we released Security Advisory 2974294 to inform global customers about an update for the Microsoft Malware Protection Engine. This update addresses a privately disclosed issue and fixes a vulnerability that could allow a denial of service if the Microsoft Malware Protection Engine scans a...
Theoretical Thinking and the June 2014 Bulletin Release
As security professionals, we are trained to think in worst-case scenarios. We run through the land of the theoretical, chasing “what if” scenarios as though they are lightning bugs to be gathered and stashed in a glass jar. Most of time, this type of thinking is absolutely the correct thing for...
MS14-025: An Update for Group Policy Preferences
Today, we released an update to address a vulnerability in Group Policy Preferences MS14-025. Group Policy Preferences was an addition made to Group Policy to extend its capabilities. Among other things, Group Policy Preferences allows an administrator to configure: Local administrator accounts...
The April 2014 Security Updates
T. S. Elliot once said, “What we call the beginning is often the end. And to make an end is to make a beginning. The end is where we start from.” So as we put one season to bed, let’s start another by looking at the April security updates. Today, we release four bulletins to address 11 CVEs in...
Advance Notification Service for the January 2014 Security Bulletin Release
Today we provide advance notification for the release of four bulletins for January 2014. All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described i...
Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the December 2013 Security Bulletin Webcast Questions & Answers page. We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin MS13-096, Security Advisory 2915720 and Security Advisory 2905247. We also wanted to note a ne...
Assessing risk for the December 2013 security updates
Today we released eleven security bulletins addressing 24 CVE’s. Five bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...