Congratulations to the Top MSRC 2022 Q3 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zha...

Investigation Regarding Misconfigured Microsoft Storage Location

October 28, 2022 update:Added a Customer FAQ section. Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data correspondin...

Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk

Summary Microsoft was recently made aware of a Cross-Site Scripting XSS vulnerability CVE-2022-35829, that under limited circumstances, affects older versions of Service Fabric Explorer SFX. The current default SFX web client SFXv2 is not vulnerable to this attack. However, customers can manually...

Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk

Summary Summary Microsoft was recently made aware of a Cross-Site Scripting XSS vulnerability CVE-2022-35829, that under limited circumstances, affects older versions of Service Fabric Explorer SFX. The current default SFX web client SFXv2 is not vulnerable to this attack. However, customers can...

潜在的な Service Fabric Explorer (SFX) v1 Web クライアント リスクに関する認識とガイダンス

本ブログは、Awareness and guidance related to potential Service Fabric Explorer SFX v1 web client riskの抄訳版です。最新の情報は原文を参照し...

Microsoft Storage Location における構成の誤りに関する調査

本ブログは、Investigation Regarding Misconfigured Microsoft Storage Locationの抄訳版です。最新の情報は原文を参照し...

Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk

Summary Microsoft was recently made aware of a Cross-Site Scripting XSS vulnerability CVE-2022-35829, that under limited circumstances, affects older versions of Service Fabric Explorer SFX. The current default SFX web client SFXv2 is not vulnerable to this attack. However, customers can manually...

Investigation Regarding Misconfigured Microsoft Storage Location

October 28, 2022 update: Added a Customer FAQ section. Summary Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data...

Investigation Regarding Misconfigured Microsoft Storage Location

October 28, 2022 update: Added a Customer FAQ section. Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data correspondi...

セキュリティ更新プログラムの通知・配信の改善 – 新しい配信方法について

本ブログは、Improvements in Security Update Notifications Delivery – And a New Delivery Method の抄訳版です。最新の情報は原文を参照してく...

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you...

BlueHat 2023 Call for Papers is Now Open!

For nearly 20 years, BlueHat has been where the security research community, and Microsoft security professionals come together as peers, to share, debate, challenge, learn, and exchange ideas in the interest of creating a safer and more secure world for all. We are extremely excited to announce...

BlueHat 2023 Call for Papers is Now Open!

For nearly 20 years, BlueHat has been where the security research community, and Microsoft security professionals come together as peers, to share, debate, challenge, learn, and exchange ideas in the interest of creating a safer and more secure world for all. We are extremely excited to announce...

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies ...

BlueHat 2023 Call for Papers is Now Open!

For nearly 20 years, BlueHat has been where the security research community, and Microsoft security professionals come together as peers, to share, debate, challenge, learn, and exchange ideas in the interest of creating a safer and more secure world for all. We are extremely excited to announce...

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you...

Improvements in Security Update Notifications Delivery – And a New Delivery Method

At MSRC, we are passionate about ensuring our customers have a positive experience when they use the Microsoft Security Update Guide SUG. A big part of improving that experience is ensuring that customers have timely and easily accessible notifications. As such we have two important announcements...

Improvements in Security Update Notifications Delivery - And a New Delivery Method

At MSRC, we are passionate about ensuring our customers have a positive experience when they use the Microsoft Security Update Guide SUG. A big part of improving that experience is ensuring that customers have timely and easily accessible notifications. As such we have two important announcements...

Improvements in Security Update Notifications Delivery - And a New Delivery Method

At MSRC, we are passionate about ensuring our customers have a positive experience when they use the Microsoft Security Update Guide SUG. A big part of improving that experience is ensuring that customers have timely and easily accessible notifications. As such we have two important announcements...

2022 年 10 月 のセキュリティ更新プログラム (月例)

2022 年 10 月 11 日 米国時間 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

November 8, 2022 update - Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082. We recommend that customers protect their organizations by applying the updates immediately to affected systems. The options described in the Mitigations section are no longer recommended. For mor...

Microsoft Exchange サーバーのゼロデイ脆弱性報告に関するお客様向けガイダンス

本ブログは、Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Serverの抄訳版です。最新の情報は原文を参照してくだ...

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

November 8, 2022 update - Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082. We recommend that customers protect their organizations by applying the updates immediately to affected systems. The options described in the Mitigations section are no longer recommended. For mor...

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

November 8, 2022 update - Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082. We recommend that customers protect their organizations by applying the updates immediately to affected systems. The options described in the Mitigations section are no longer recommended. For mor...

Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance

Summary Today, Microsoft released new versions of the Azure Key Vault libraries and Azure Identity libraries as part of the Azure Software Development Kit SDK that includes defense-in-depth feature improvements. We also published best practice guidance to help protect applications and services th...

Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance

Summary Summary Today, Microsoft released new versions of the Azure Key Vault libraries and Azure Identity libraries as part of the Azure Software Development Kit SDK that includes defense-in-depth feature improvements. We also published best practice guidance to help protect applications and...

Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance

Summary Today, Microsoft released new versions of the Azure Key Vault libraries and Azure Identity libraries as part of the Azure Software Development Kit SDK that includes defense-in-depth feature improvements. We also published best practice guidance to help protect applications and services th...

Azure Identity SDK と Azure Key Vault SDKに関する多層防御のためのアップデートとベストプラクティスの実装ガイダンス

本ブログは、Defense-in-Depth Updates for Azure Identity SDK and Azure Key Vault SDK plus Best Practice Implementation Guidance の抄訳版です。最新の情報は...

2022 年 9 月のセキュリティ更新プログラム (月例)

2022 年 9 月 13 日 米国時間、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

好奇心旺盛、革新的、創造的、コミュニティ主導型:Cyb3rWard0g、ロベルトロドリケスに会う

本ブログは、Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez の抄訳版です。最新の情報は原文を参照してください。 大きく...

Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez

When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru Previous Job roles: Mopped floors for McDonalds, packed boxes at an Avon warehouse, Manager at Olive Garden, Beer taster/server and then...

Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez

When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru Previous Job roles : Mopped floors for McDonalds, packed boxes at an Avon warehouse, Manager at Olive Garden, Beer taster/server and then...

Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez

When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru Previous Job roles : Mopped floors for McDonalds, packed boxes at an Avon warehouse, Manager at Olive Garden, Beer taster/server and then...

What’s the smallest variety of CHERI?

The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to scale the key ideas from CHERI down to tiny cores on the scale of the cheapest...

What’s the smallest variety of CHERI?

The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to scale the key ideas from CHERI down to tiny cores on the scale of the cheapest...

What’s the smallest variety of CHERI?

The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to scale the key ideas from CHERI down to tiny cores on the scale of the cheapest...

Vulnerability Fixed in Azure Synapse Spark

Summary: Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of this effort, and our collaborative partnership is critical in a world where cybersecurit...

Vulnerability Fixed in Azure Synapse Spark

Summary Summary Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of this effort, and our collaborative partnership is critical in a world where...

Vulnerability Fixed in Azure Synapse Spark

Summary Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of this effort, and our collaborative partnership is critical in a world where cybersecurity...

Azure Synapse Spark で修正された脆弱性について

本ブログは、Vulnerability Fixed in Azure Synapse Spark の抄訳版です。最新の情報は原文を参照してください。 概...

1年間のバグ報奨金プログラム レビュー: 報奨金 $13.7M

本ブログは、Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards の抄訳版です。最新の情報は原文を参照してください。 Microsoft...

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the...

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the...

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the...

Microsoft Office、2022年8月からシンボルを公開

本ブログは、Microsoft Office to publish symbols starting August 2022 の抄訳版です。最新の情報は原文を参照してください。 Microsoft Office が...

セキュリティ更新プログラム ガイドの通知システム : 今すぐプロファイルを作成しましょう

本ブログは、Security Update Guide Notification System News: Create your profile now の抄訳版です。最新の情報は原文を参照してください。 セキ...

Security Update Guide Notification System News: Create your profile now

Sharing information through the Security Update Guide SUG is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers to receive email notifications about new Microsoft product...

2022 年 8 月のセキュリティ更新プログラム (月例)

2022 年 8 月 9 日（米国時間）、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

Security Update Guide Notification System News: Create your profile now

Sharing information through the Security Update Guide SUG is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers to receive email notifications about new Microsoft product...

Security Update Guide Notification System News: Create your profile now

Sharing information through the Security Update Guide SUG is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers to receive email notifications about new Microsoft product...