Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2021/11/11 10:47 p.m.17 views

BlueHat is Back!

After a short hiatus, BlueHat is coming back with a vengeance! And we’ve got big plans for the entire researcher community. But first, I must apologize. It’s been a while since you have heard from us. We didn’t have BlueHat 2020 or 2021, and we know that was disappointing. It was partly due to th...

6.9AI score
Exploits0
MSRC
MSRC
added 2021/08/09 7:0 a.m.17 views

Microsoft ファミリーセーフティで家族の安全を見守ろう

~家庭で利用する PC・タブレットの設定ガイド~ ご家庭で PC やタブレットの安全な使い方を話し合いながら設...

0.2AI score
Exploits0
MSRC
MSRC
added 2019/04/09 7:0 a.m.17 views

April 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Tags Security Advisory Securi...

6.7AI score
Exploits0
MSRC
MSRC
added 2019/01/08 8:0 a.m.17 views

2019 年 1 月のセキュリティ更新プログラム (月例)

2019/01/16 更新: 新たに定例外で公開した Team Foundation Server の脆弱性 CVE-2019-0646/CVE-2019-0647、...

4CVSS0.9AI score0.04611EPSS
Exploits0
MSRC
MSRC
added 2018/04/09 7:0 a.m.17 views

DLL の植え付けの脆弱性のトリアージ

本記事は、Security Research & Defense のブログ “Triaging a DLL planting vulnerability” 2018 年 4 月...

1.6AI score
Exploits0
MSRC
MSRC
added 2017/07/20 7:0 a.m.17 views

EnglishmansDentist Exploit Analysis

Introduction Introduction We are continuing our series of blog posts dissecting the exploits released by ShadowBrokers in April 2017. After the first two posts about the SMB exploits known as EternalChampion and EternalSynergy, we’ll move this time to analyze a different tool and we’ll focus on t...

3.4AI score
Exploits0
MSRC
MSRC
added 2026/02/13 12:0 a.m.16 views

Submit your research: BlueHat 2026 Call for Papers is open

The next BlueHat Conference will take placeMay 5 - 6, 2026, on Microsoft’s Redmond campus in Washington State, USA. TheCall for Papers CFP is now open and closes February 28, 2026...

5.5AI score
Exploits0
MSRC
MSRC
added 2024/10/23 7:0 a.m.16 views

Congratulations to the Top MSRC 2024 Q3 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q3 Security Researcher Leaderboard are wkai,...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/08/04 7:0 a.m.16 views

Microsoft mitigates Power Platform Custom Code information disclosure vulnerability

Summary On 30 March 2023, Tenable informed Microsoft under Coordinated Vulnerability Disclosure CVD of a security issue concerning Power Platform Custom Connectors using Custom Code. This feature allows customers to write code for custom connectors. This issue has been fully addressed for all...

7.5AI score
Exploits0
MSRC
MSRC
added 2023/06/08 7:0 a.m.16 views

Hey Yara, find some vulnerabilities

Intro Finding vulnerabilities in software is no easy task by itself. Doing this at cloud scale is very challenging to perform manually, and we use tools to help us identify patterns or vulnerability signatures. Yara is one of those tools. Yara is a very popular tool with Blue teams, malware...

7.4AI score
Exploits0
MSRC
MSRC
added 2023/05/17 7:0 a.m.16 views

Announcing The BlueHat Podcast: Listen and Subscribe Now!

Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference session recordings available to watch here. Since 2005, BlueHat has been where the security research community, an...

6.9AI score
Exploits0
MSRC
MSRC
added 2023/01/06 8:0 a.m.16 views

Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API

Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide SUG Common Vulnerability Reporting Framework CVRF API. CBL-Mariner is a Linux distribution built by Microsoft to power Azure’s cloud and edge products and services and i...

1.4AI score
Exploits0
MSRC
MSRC
added 2022/10/31 4:50 p.m.16 views

Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People

As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology...

2.8AI score
Exploits0
MSRC
MSRC
added 2022/10/24 7:0 a.m.16 views

Congratulations to the Top MSRC 2022 Q3 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zha...

6.8AI score
Exploits0
MSRC
MSRC
added 2022/09/01 7:0 a.m.16 views

Vulnerability Fixed in Azure Synapse Spark

Summary Summary Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of this effort, and our collaborative partnership is critical in a world where...

2.8AI score
Exploits0
MSRC
MSRC
added 2022/08/08 7:0 a.m.16 views

Congratulations to the MSRC 2022 Most Valuable Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most...

7AI score
Exploits0
MSRC
MSRC
added 2022/04/21 7:0 a.m.16 views

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researche...

0.8AI score
Exploits0
MSRC
MSRC
added 2022/04/05 7:0 a.m.16 views

Randomizing the KUSER_SHARED_DATA Structure on Windows

Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization KASLR that increases the cost of exploitation, particularly for remote code execution exploits. Many kernel virtual address space VAS locations including kernel stacks, pools, system PTEs etc. are randomized. A...

3.6AI score
Exploits0
MSRC
MSRC
added 2022/03/30 6:22 p.m.16 views

Randomizing the KUSER_SHARED_DATA Structure on Windows

Opps, this post exists, but was actually published 4/5/2022. Were navigating you to the correct page now. If that doesnt work click the link below: Randomizing the KUSERSHAREDDATA Structure on Windows – Microsoft Security Response Center...

1.7AI score
Exploits0
MSRC
MSRC
added 2021/10/18 7:0 a.m.16 views

New High Impact Scenarios and Awards for the Azure Bounty Program

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/02/02 8:0 a.m.16 views

[サイバーセキュリティ月間2020] IT 管理者向け セキュリティ管理に役立つ情報公開のお知らせ

日本政府は、サイバーセキュリティに関する普及啓発強化のため、2 月 1 日から 3 月 18 日までを「サイバーセキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/12/10 8:0 a.m.16 views

2019 年 12 月のセキュリティ更新プログラム (月例)

2019 年 12 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/03/13 7:0 a.m.16 views

Call for Papers | Microsoft BlueHat Shanghai 2019

The Microsoft Security Response Center MSRC recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented...

2.1AI score
Exploits0
MSRC
MSRC
added 2019/01/28 8:0 a.m.16 views

Fuzzing para-virtualized devices in Hyper-V

Introduction Hyper-V is the backbone of Azure, running on its Hosts to provide efficient and fair sharing of resources, but also isolation. That’s why we, in the vulnerability research team for Windows, have been working in the background for years now helping secure Hyper-V. And why Microsoft...

7.6AI score
Exploits0
MSRC
MSRC
added 2018/10/16 7:0 a.m.16 views

2020 年 IE, Edge で TLS 1.0, 1.1 での接続無効化。確認を!

こんにちは、垣内ゆりかです。 マイクロソフトでは、Transport Layer Security TLS 1.0, 1.1 の利用を廃止し、より安全...

1AI score
Exploits0
MSRC
MSRC
added 2018/08/08 7:0 a.m.16 views

Microsoft’s Top 100 Security Researchers – Black Hat 2018 Edition

This morning we are excited to unveil the security researcher leaderboard at the Black Hat Security Conference. This list recognizes the top security researchers who have contributed research to the Microsoft products and services. If you are curious on how we build the list, check out our blog...

1.7AI score
Exploits0
MSRC
MSRC
added 2024/02/29 8:0 a.m.15 views

Faye’s Journey: From Security PM to Diversity Advocate at Microsoft

Faye, a veteran at Microsoft for 22 years, has had a career as varied as it is long. Her journey began in 2002 as the first desktop security Project Manager PM in Microsoft IT. From there, she transitioned into owning a deployment team that deployed to desktops and handled operations for Office’s...

7.3AI score
Exploits0
MSRC
MSRC
added 2024/02/20 8:0 a.m.15 views

An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career at Microsoft

Bruce’s story unfolds in Cincinnati, Ohio. As a young boy, he had an ambitious dream of one day becoming the President of the United States. This aspiration remained his guiding star until he began his professional career after college. His mother, amused by his...

7.3AI score
Exploits0
MSRC
MSRC
added 2024/02/15 8:0 a.m.15 views

New Security Advisory Tab Added to the Microsoft Security Update Guide

Today, we are adding a new Security Advisory tab to the Security Update Guide to meet our customers’ needs for a unified and authoritative source for the latest public information about Microsoft security updates and issues. We are continuously listening to feedback from users of the Security...

7AI score
Exploits0
MSRC
MSRC
added 2023/10/10 7:0 a.m.15 views

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service DDoS attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability CVE-2023-44487 impacts any internet exposed HTTP/2 endpoints. As an...

7.5CVSS7.6AI score0.99999EPSS
Exploits19
MSRC
MSRC
added 2023/07/20 7:0 a.m.15 views

Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form

Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends acros...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/06/16 7:0 a.m.15 views

Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks

Summary Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359. Thes...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/06/13 7:0 a.m.15 views

2023 年 6 月のセキュリティ更新プログラム (月例)

2023 年 6 月 13 日 米国時間 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

7.1AI score
Exploits0
MSRC
MSRC
added 2023/04/18 7:0 a.m.15 views

Microsoft Vulnerability Severity Classification for Online Services Publication

The Microsoft Security Response Center MSRC is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provi...

6.8AI score
Exploits0
MSRC
MSRC
added 2023/04/13 7:0 a.m.15 views

Congratulations to the Top MSRC 2023 Q1 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q1 Security Researcher Leaderboard are: Kai Lu...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/01/31 8:0 a.m.15 views

Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process

Summary Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program MCPP formerly known as Microsoft Partner Network MPN. The actor used fraudule...

2.6AI score
Exploits0
MSRC
MSRC
added 2023/01/31 8:0 a.m.15 views

Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process

Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program MCPP formerly known as Microsoft Partner Network MPN. The actor used fraudulent partn...

7.1AI score
Exploits0
MSRC
MSRC
added 2023/01/17 8:0 a.m.15 views

Microsoft resolves four SSRF vulnerabilities in Azure cloud services

Summary Microsoft recently fixed a set of Server-Side Request Forgery SSRF vulnerabilities in four Azure services Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins reported by Orca Security. These SSRF vulnerabilities were determined to be low risk as they do...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/01/09 8:0 a.m.15 views

セキュリティ更新プログラムガイドの改善 – ホットパッチ更新プログラムの記載

本ブログは、Security Update Guide Improvement – Representing Hotpatch Updatesの抄訳版です。最新の情報は原文を参照してくださ...

0.9AI score
Exploits0
MSRC
MSRC
added 2022/07/28 7:0 a.m.15 views

クラウドサービスにおけるセキュリティ更新のアナトミー

本ブログは、Anatomy of a Cloud-Service Security Update の抄訳版です。最新の情報は原文を参照してください。 世界中のマイク...

1.3AI score
Exploits0
MSRC
MSRC
added 2022/07/13 2:35 p.m.15 views

All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity

The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this modern engineering marvel. Each day, approx. 100,000 vehicles travel over the bridge deck, which weighs a staggering 150,000 ton...

1.8AI score
Exploits0
MSRC
MSRC
added 2022/04/14 7:0 a.m.15 views

Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs

We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potentia...

7.2AI score
Exploits0
MSRC
MSRC
added 2022/04/12 7:0 a.m.15 views

2022 年 4 月のセキュリティ更新プログラム (月例)

2022 年 4 月 12 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/08/05 7:0 a.m.15 views

2021 年 MSRC 最優秀セキュリティ研究者の表彰

本記事は「Congratulations to the MSRC 2021 Most Valuable Security Researchers!」の日本語抄訳です。 MSRC...

2.4AI score
Exploits0
MSRC
MSRC
added 2021/07/19 7:0 a.m.15 views

Introducing Bounty Awards for Teams Mobile Applications Security Research

We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to seek out and disclose any high impact security vulnerabilities they may find in Teams mobile...

1.3AI score
Exploits0
MSRC
MSRC
added 2021/02/18 8:0 a.m.15 views

Microsoft Internal Solorigate Investigation - Final Update

We believe the Solorigate incident is an opportunity to work with the community, to share information, strengthen defenses and respond to attacks. We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidenc...

2.3AI score
Exploits0
MSRC
MSRC
added 2021/01/11 8:0 a.m.15 views

Building Faster AMD64 Memset Routines

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memor...

4.4AI score
Exploits0
MSRC
MSRC
added 2020/08/17 7:0 a.m.15 views

Control Flow Guard for Clang/LLVM and Rust

As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard CFG support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? What is Control Flow Guard? CFG is a platform security technology designed to...

1.8AI score
Exploits0
MSRC
MSRC
added 2020/05/13 7:0 a.m.15 views

Solving Uninitialized Stack Memory on Windows

This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path. This blog post will be broken down into a few parts that folks can jump to: Uninitialized Memory Background Potential Solutions to Uninitialize...

3.9AI score
Exploits0
MSRC
MSRC
added 2019/11/06 8:0 a.m.15 views

Vulnerability hunting with Semmle QL: DOM XSS

In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­...

1.3AI score
Exploits0
Total number of security vulnerabilities1366