Congratulations to the MSRC 2022 Most Valuable Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most...

Microsoft Office to publish symbols starting August 2022

We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve security and performance for customers and partners. Key...

Microsoft Office to publish symbols starting August 2022

We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve security and performance for customers and partners. Key...

Congratulations to the MSRC 2022 Most Valuable Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most...

Microsoft Office to publish symbols starting August 2022

We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve security and performance for customers and partners. Key...

Congratulations to the MSRC 2022 Most Valuable Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most...

Anatomy of a Cloud-Service Security Update

Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update is ensuring customers apply the protections promptly. We recently discussed the work that goes...

Anatomy of a Cloud-Service Security Update

Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update is ensuring customers apply the protections promptly. We recently discussed the work that goes...

クラウドサービスにおけるセキュリティ更新のアナトミー

本ブログは、Anatomy of a Cloud-Service Security Update の抄訳版です。最新の情報は原文を参照してください。 世界中のマイク...

Anatomy of a Cloud-Service Security Update

Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update is ensuring customers apply the protections promptly. We recently discussed the work that goes...

Congratulations to the Top MSRC 2022 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q2 Security Researcher Leaderboard are: Yuki Chen...

Congratulations to the Top MSRC 2022 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q2 Security Researcher Leaderboard are: Yuki Chen...

Congratulations to the Top MSRC 2022 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q2 Security Researcher Leaderboard are: Yuki Chen...

Azure Storage SDK でのクライアントサイド暗号化におけるパディング オラクル の脆弱性を軽減

本ブログは、Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability の抄訳版です。最新の情報は原文を参照してください。...

Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability

Summary: Google informed Microsoft under Coordinated Vulnerability Disclosure CVD of a padding oracle vulnerability that may affect customers using Azure Storage SDK for Python, .NET, Java client-side encryption CVE-2022-30187. To mitigate this vulnerability, we released a new General Availabilit...

Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability

Summary Summary Google informed Microsoft under Coordinated Vulnerability Disclosure CVD of a padding oracle vulnerability that may affect customers using Azure Storage SDK for Python, .NET, Java client-side encryption CVE-2022-30187. To mitigate this vulnerability, we released a new General...

Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability

Summary Google informed Microsoft under Coordinated Vulnerability Disclosure CVD of a padding oracle vulnerability that may affect customers using Azure Storage SDK for Python, .NET, Java client-side encryption CVE-2022-30187. To mitigate this vulnerability, we released a new General Availability...

All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity

The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this modern engineering marvel. Each day, approx. 100,000 vehicles travel over the bridge deck, which weighs a staggering 150,000 ton...

All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity

The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this modern engineering marvel. Each day, approx. 100,000 vehicles travel over the bridge deck, which weighs a staggering 150,000 ton...

All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity

The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this modern engineering marvel. Each day, approx. 100,000 vehicles travel over the bridge deck, which weighs a staggering 150,000 ton...

Microsoft Mitigates Azure Site Recovery Vulnerabilities

Summary: Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery ASR and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect all ASR on-premises customers using a VMware/Physical to Azure scenario and are fixed in the lates...

Microsoft Mitigates Azure Site Recovery Vulnerabilities

Summary Summary Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery ASR and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect all ASR on-premises customers using a VMware/Physical to Azure scenario and are fixed in th...

2022 年 7 月のセキュリティ更新プログラム (月例)

2022 年 7 月 12 日（米国時間）、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

Microsoft Mitigates Azure Site Recovery Vulnerabilities

Summary Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery ASR and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect all ASR on-premises customers using a VMware/Physical to Azure scenario and are fixed in the latest...

Azure Site Recovery の脆弱性を軽減

本ブログは、Microsoft Mitigates Azure Site Recovery Vulnerabilities の抄訳版です。最新の情報は原文を参照してください。 概要 概要 マ...

Service Fabric におけるLinux 上のコンテナ化されたワークロードからの特権昇格について

本ブログは、 Service Fabric Privilege Escalation from Containerized Workloads on Linux の抄訳版です。最新の情報は原文を参照してください。 協調的な脆弱性の公開...

Service Fabric Privilege Escalation from Containerized Workloads on Linux

Under Coordinated Vulnerability Disclosure CVD, cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric SF Linux clusters CVE-2022-30137. The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control...

Service Fabric Privilege Escalation from Containerized Workloads on Linux

Under Coordinated Vulnerability Disclosure CVD, cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric SF Linux clusters CVE-2022-30137. The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control...

Service Fabric Privilege Escalation from Containerized Workloads on Linux

Under Coordinated Vulnerability Disclosure CVD, cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric SF Linux clusters CVE-2022-30137. The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control...

A Man of Action: Meet Callum Carney

Hidden Talents: He was a competitive swimmer for many years. Instrument of Choice: His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life: The Office, World War Z, The Matrix, Breaking Bad, The Thick of It. Favorite non-profit:...

A Man of Action: Meet Callum Carney

Hidden Talents : He was a competitive swimmer for many years. Instrument of Choice : His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life : The Office, World War Z, The Matrix, Breaking Bad, The Thick of It...

A Man of Action: Meet Callum Carney

Hidden Talents : He was a competitive swimmer for many years. Instrument of Choice : His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life : The Office, World War Z, The Matrix, Breaking Bad, The Thick of It...

2022 年 6 月のセキュリティ更新プログラム (月例)

2022 年 6 月 14 日（米国時間）、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

UPDATE July 12, 2022: As part of the response by Microsoft, a defense in depth variant has been found and fixed in the Windows July cumulative updates. Microsoft recommends installing the July updates as soon as possible. Windows Version Link to KB article LInk to Catalog Windows 8.1, Windows...

CVE-2022-30190 マイクロソフト サポート診断ツールの脆弱性に関するガイダンス

本ブログは Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability の抄訳版です。最新の情報は原文を参照してください。 2022 年 7 月 12 日更新 : マイク...

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

UPDATE July 12, 2022: As part of the response by Microsoft, a defense in depth variant has been found and fixed in the Windows July cumulative updates. Microsoft recommends installing the July updates as soon as possible. Windows Version Link to KB article LInk to Catalog Windows 8.1, Windows...

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

UPDATE July 12, 2022: As part of the response by Microsoft, a defense in depth variant has been found and fixed in the Windows July cumulative updates. Microsoft recommends installing the July updates as soon as possible. Windows Version Link to KB article LInk to Catalog Windows 8.1, Windows...

New Research Paper: Pre-hijacking Attacks on Web User Accounts

In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researche...

New Research Paper: Pre-hijacking Attacks on Web User Accounts

In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researche...

New Research Paper: Pre-hijacking Attacks on Web User Accounts

In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researche...

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion: His two cats. They’re always by his side when he is working late. Origin of his Hacker name:...

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name...

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name...

セキュリティ更新プログラムのアナトミー

本ブログは、Anatomy of a Security Update の抄訳版です。最新の情報は原文を参照してください。 マイクロソフト セ...

Anatomy of a Security Update

The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provid...

Anatomy of a Security Update

The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provid...

Anatomy of a Security Update

The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provid...

2022 年 5 月のセキュリティ更新プログラム (月例)

2022 年 5 月 10 日（米国時間）、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)

Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity ODBC driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime...

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)

Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity ODBC driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime...