Msrc - Page 24 of Msrc Vulnerabilities List

MSRC•added 2016/12/13 12:0 a.m.•7 views

December 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

3.3AI score

MSRC•added 2016/11/24 12:0 a.m.•17 views

SHA-1 ウェブサーバー証明書は警告！ウェブサイト管理者は影響の最終確認を

こんにちは、村木ゆりかです。以前よりマイクロソフトセキュリティアドバイザリ 2880823、そして、このブログでもご案内しているとおり、証明書に利用されているハッシュアルゴリズム SHA-1 の安全性の低下に伴い、利用廃止が進められています。マイクロソフトでは、2017 年 2 月 14 日米国時間 2017 年中旬 2017 日 5 月 9 日米国時間より、SHA-1 の TLS サーバー証明書を利用するウェブサイトを、Microsoft Edge および Internet Explorer 11...

0.6AI score

MSRC•added 2016/11/08 8:0 a.m.•5 views

Furthering our commitment to security updates

Microsoft is committed to delivering comprehensive security updates to our customers. Information about the security updates we release are currently made available on the Microsoft Security Bulletin website. However, our customers have asked for better access to update information, as well as...

MSRC•added 2016/11/08 8:0 a.m.•10 views

November 2016 security update release

MSRC•added 2016/11/03 7:0 a.m.•7 views

Moving Beyond EMET

EMET – Then and Now Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit EMET. Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the tim...

7.3AI score

MSRC•added 2016/11/01 7:0 a.m.•5 views

BlueHat v16 Keynote announced

Microsoft is excited to announce David Kennedy, CEO of TrustedSec and Binary Defense Systems, as the BlueHat v16 keynote speaker. David is a well-known speaker from the community, a published author, and the founder of the DerbyCon Security Conference. His keynote, entitled “The Security Monty...

MSRC•added 2016/10/11 7:0 a.m.•8 views

October 2016 security update release

MSRC•added 2016/09/28 7:0 a.m.•10 views

BlueHat IL 2017 Announced

Microsoft is thrilled to announce BlueHat IL 2017. This will mark the first time BlueHat is held in Tel Aviv and it will take place on January 24-25, 2017. Given its location, Israel further serves as a harness which draws in researchers from across Europe, Asia and the Middle East...

MSRC•added 2016/09/28 7:0 a.m.•7 views

Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms

On August 4, 2016 we launched a bounty program that targets Remote Code Execution RCE vulnerabilities in Microsoft Edge on the Windows Insider Preview Slow WIP slow. Today, we will be making additions to this bounty program. Since security is a continuous effort and not a destination, we prioriti...

7.5AI score

MSRC•added 2016/09/28 7:0 a.m.•10 views

Security Engineering Evolution in Office 2016 for Mac

Security is a critical component in all our products at Microsoft. An emphasis on strong security starts at the beginning of all our work, including threat modelling as part of the design process and the consideration of Apple’s own security recommendations for our products on Apple’s platforms. ...

MSRC•added 2016/09/13 7:0 a.m.•6 views

September 2016 security update release

MSRC•added 2016/09/01 7:0 a.m.•10 views

Announcing a Microsoft .NET Core and ASP.NET Core Bug Bounty

It’s our pleasure to announce another exciting expansion of the Microsoft Bounty Programs. Today, we will be adding .NET Core and ASP.NET Core to our suite of ongoing bounty programs. We are offering a bounty on the Windows and Linux versions of .NET Core and ASP.NET Core starting on September 1,...

MSRC•added 2016/09/01 7:0 a.m.•6 views

BlueHat v16 Schedule Announced

Over the summer we had overwhelming response to our BlueHat v16 call for papers. We would like to give a special thanks to all who submitted papers for consideration. The range of content and quality of content was exceptional. So with that, today we are happy to announce our schedule for the...

MSRC•added 2016/08/09 7:0 a.m.•7 views

August 2016 security update release

MSRC•added 2016/08/04 7:0 a.m.•5 views

Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty

I’m very happy to announce another addition to the Microsoft Bounty Programs. Microsoft will be hosting a bounty for Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview builds. This bounty continues our partnership with the security research community in working to...

7.5AI score

MSRC•added 2016/07/12 7:0 a.m.•8 views

July 2016 security update release

MSRC•added 2016/06/14 7:0 a.m.•6 views

June 2016 security update release

MSRC•added 2016/06/07 7:0 a.m.•8 views

Microsoft Bounty Program expansion - .NET Core and ASP.NET RC2 Beta Bounty

Today I have another exciting expansion of the Microsoft Bounty Program. Please visit https://aka.ms/BugBounty to find out more. As we approach release for .NET Core and ASP.NET, we would like to get even more feedback from the security research community. We are offering a bounty on the .NET Cor...

MSRC•added 2016/06/01 7:0 a.m.•8 views

BlueHat v16 Announced

Microsoft is pleased to announce our sixteenth BlueHat Security Conference set for November 3-4, 2016 at the Microsoft Conference Center here in Redmond. BlueHat is a unique opportunity for Microsoft engineers and the security community to come together learn about the current threat landscape an...

MSRC•added 2016/05/10 7:0 a.m.•12 views

May 2016 security update release

MSRC•added 2016/04/29 7:0 a.m.•12 views

Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty

Microsoft is pleased to announce another expansion of the Microsoft Bounty Programs. Today we begin a bounty for the Nano Server installation option of Windows Server 2016Technical Preview 5. Please visit https://aka.ms/BugBounty to find more details. Nano Server is a remotely administered,...

MSRC•added 2016/04/29 7:0 a.m.•8 views

Changes to Security Update Links

Updates have historically been published on both the Microsoft Download Center and the Microsoft Update Catalog and Security Bulletins linked directly to update packages on the Microsoft Download Center. Some updates will no longer be available from the Microsoft Download Center. Security bulleti...

MSRC•added 2016/04/12 7:0 a.m.•5 views

April 2016 Security Update Release

MSRC•added 2016/03/17 7:0 a.m.•6 views

Microsoft Bounty Programs Announce Expansion - Bounty for Microsoft OneDrive

At Microsoft, we continue to add new properties to our security bug bounty programs to help keep our customer’s secure. Today, I’m pleased to announce the addition of Microsoft OneDrive to the Microsoft Online Services Bug Bounty Program. This addition further incentivizes security researchers to...

MSRC•added 2016/03/09 8:0 a.m.•7 views

March 2016 Security Update Release

MSRC•added 2016/02/09 8:0 a.m.•6 views

February 2016 Security Update Release Summary

MSRC•added 2016/02/02 8:0 a.m.•7 views

Enhanced Mitigation Experience Toolkit (EMET) version 5.5 is now available

The Enhanced Mitigation Experience Toolkit EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives. It does this by anticipating, diverting, terminating, blocking, or otherwise invalidating the most...

MSRC•added 2016/01/12 8:0 a.m.•12 views

January 2016 Security Update Release Summary

MSRC•added 2016/01/12 8:0 a.m.•7 views

Triaging the exploitability of IE/EDGE crashes

Introduction Both Internet Explorer IE and Edge have seen significant changes in order to help protect customers from security threats. This work has featured a number of mitigations that together have not only rendered classes of vulnerabilities not-exploitable, but also dramatically raised the...

7.4AI score

MSRC•added 2015/12/08 8:0 a.m.•10 views

December 2015 Security Update Release Summary

MSRC•added 2015/11/18 8:0 a.m.•8 views

BlueHat v15 Announces Schedule and Registration

As we inch closer to the 15th BlueHat Security Conference, we are happy to announce the lineup of speakers and topics for this event. This year will continue with a solid speaker and topic selection that engage engineers, executives, and invited guests to discuss and tackle some of the hardest...

MSRC•added 2015/11/10 8:0 a.m.•10 views

November 2015 Security Update Release Summary

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...

MSRC•added 2015/10/20 7:0 a.m.•10 views

Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty

Today, I have another exciting expansion of the Microsoft Bounty Programs to announce. Please visit https://aka.ms/bugbounty to find out more. I’ll be discussing this new bounty in my talk at SyScan360 on October 21, 2015. We are delighted to offer a bounty for the .NET Core and ASP.NET Beta whic...

MSRC•added 2015/10/20 7:0 a.m.•5 views

EMET: To be, or not to be, A Server-Based Protection Mechanism

Hi Folks – Platforms PFE Dan Cuomo here to discuss a common question seen in the field: “My customer is deploying EMET and would like to know if it is supported on Server Operating Systems.” On the surface there is a simple answer to this question, however with a little poking, a little prodding,...

MSRC•added 2015/10/15 7:0 a.m.•10 views

Enhanced Mitigation Experience Toolkit (EMET) version 5.5 Beta is now available

Enhanced Mitigation Experience Toolkit EMET version 5.5 Beta is now available The Enhanced Mitigation Experience Toolkit EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives. It does this by...

MSRC•added 2015/10/14 7:0 a.m.•8 views

Announcing BlueHat v15 Conference

We are happy to announce the 15th version of the Microsoft BlueHat Security Conference set for January 12-13, 2016. The annual security conference brings internal and external speakers to educate and engage Microsoft’s engineering community and their executives. Work is under way currently to set...

MSRC•added 2015/10/13 7:0 a.m.•8 views

October 2015 Security Update Release Summary

MSRC•added 2015/09/08 7:0 a.m.•7 views

What makes a good Microsoft Defense Bounty submission?

One of Microsoft’s longstanding strategies toward improving software security continues to involve investing in defensive technologies that make it difficult and costly for attackers to exploit vulnerabilities. These solutions generally have a broad and long lasting impact on software security...

7.1AI score

MSRC•added 2015/09/08 7:0 a.m.•7 views

September 2015 Security Update Release Summary

MSRC•added 2015/08/18 7:0 a.m.•6 views

Security Update Solution Further Protects Customer Devices

On Tuesday, August 18, 2015, Microsoft released a security update solution to address a vulnerability. The update is for all supported versions of Internet Explorer. We recommend customers to apply this update as soon as possible by following the directions on the TechNet.com/Security website, in...

6.6AI score

MSRC•added 2015/08/11 7:0 a.m.•8 views

August 2015 Security Update Release Summary

MSRC•added 2015/08/11 7:0 a.m.•31 views

Defending against CVE-2015-1769: a logical issue exploited via a malicious USB stick

Introduction Today Microsoft released update MS15-085 to address CVE-2015-1769, an important severity security issue in Mount Manager. It affects both client and server versions, from Windows Vista to Windows 10. The goal of this blog post is to provide information on the detection guidance to he...

7.2CVSS6.1AI score0.57398EPSS

Exploits1

MSRC•added 2015/08/05 7:0 a.m.•9 views

Microsoft Bounty Programs Expansion - Bounty for Defense, Authentication Bonus, and RemoteApp

I am very pleased to be releasing additional expansions of the Microsoft Bounty Programs. Please stop by the Microsoft Networking Lounge at Black Hat, August 5-6, to learn more about these programs; or, visit https://aka.ms/BugBounty. We are raising the Bounty for Defense maximum from $50,000 USD...

MSRC•added 2015/07/20 7:0 a.m.•8 views

Out-of-band release for Security Bulletin MS15-078

Today, we released a security bulletin to provide an update for Microsoft Windows. Customers who have automatic updates enabled or apply the update, will be protected. We recommend customers apply the update as soon as possible, following the directions in the security bulletin. More information...

MSRC•added 2015/07/14 7:0 a.m.•7 views

July 2015 Security Updates

Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month’s security updates and advisories visit...

7.2AI score

MSRC•added 2015/06/10 7:0 a.m.•9 views

Advances in Scripting Security and Protection in Windows 10 and PowerShell V5

In the last several releases of Windows, we’ve been working hard to make the platform much more powerful for administrators, developers, and power users alike. PowerShell is an incredibly useful and powerful language for managing Windows domains. Unfortunately, attackers can take advantage of the...

MSRC•added 2015/06/09 7:0 a.m.•7 views

June 2015 Updates

Today, as part of Update Tuesday, we released 8 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index XI, visit the Microsoft Bulletin Summary webpage. If you are...

MSRC•added 2015/05/12 7:0 a.m.•9 views

May 2015 Updates

Today, as part of Update Tuesday, we released 13 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including a detailed view of the Exploitability Index XI, visit the Microsoft Bulletin Summary webpage. If you are n...

MSRC•added 2015/04/22 7:0 a.m.•11 views

Microsoft Bounty Programs Expansion – Azure and Project Spartan

Update 2/22/17: Removed Guest-to-Host DoS non-distributed, from a single guest from Hyper-V escape bounty list. I am excited to announce significant expansions to the Microsoft Bounty Programs. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updati...

7.2AI score