1365 matches found
Expanding the Microsoft Researcher Recognition Program
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are expanding the program to recognize more...
Expanding the Microsoft Researcher Recognition Program
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are expanding the program to recognize more...
Congratulations to the Top MSRC 2021 Q4 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q4 Security Researcher Leaderboard are: rezer0dai...
Expanding the Microsoft Researcher Recognition Program
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are expanding the program to recognize more...
Congratulations to the Top MSRC 2021 Q4 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q4 Security Researcher Leaderboard are: rezer0dai...
An Armful of CHERIs
Today, Arm announced that the first silicon supporting the Morello prototype architecture, a research project led by Arm, Microsoft, University of Cambridge and others, is now available on a limited run of demonstration boards, which are being shipped from today to industry partners for testing...
An Armful of CHERIs
Today, Arm announced that the first silicon supporting the Morello prototype architecture, a research project led by Arm, Microsoft, University of Cambridge and others, is now available on a limited run of demonstration boards, which are being shipped from today to industry partners for testing...
An Armful of CHERIs
Today, Arm announced that the first silicon supporting the Morello prototype architecture, a research project led by Arm, Microsoft, University of Cambridge and others, is now available on a limited run of demonstration boards, which are being shipped from today to industry partners for testing...
Coming Soon: New Security Update Guide Notification System
Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we have been working to make signing up for and receiving Security Update Guide notifications easier. We are...
2022 年 1 月のセキュリティ更新プログラム (月例)
2022 年 1 月 11 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...
Coming Soon: New Security Update Guide Notification System
Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we have been working to make signing up for and receiving Security Update Guide notifications easier. We are...
Coming Soon: New Security Update Guide Notification System
Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we have been working to make signing up for and receiving Security Update Guide notifications easier. We are...
Azure App Service Linux source repository exposure
MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...
Azure App Service Linux source repository exposure
MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...
Azure App Service Linux source repository exposure
MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...
Researcher Spotlight: Dr. Nestori Syynimaa’s Constant Mission Protecting Identities
"When you find the things I find, they really matter. They affect everybody’s security.” Currently streaming: The Expanse and Lost in Space on Netflix Currently listening to: Amorphis, Architects, and Killswitch Engage Currently running: 130 kilometers or 80 miles a month Currently playing:...
[IT 管理者むけ] Active Directoryのセキュリティ強化への対応をご確認ください
2021 年 11 月以降のセキュリティ更新プログラムには、脆弱性を解決するために、Active Directory における 4 件のセ...
Researcher Spotlight: Dr. Nestori Syynimaa’s Constant Mission Protecting Identities
"When you find the things I find, they really matter. They affect everybody’s security.” Currently streaming : The Expanse and Lost in Space on Netflix Currently listening to : Amorphis, Architects, and Killswitch Engage Currently running : 130 kilometers or 80 miles a month Currently playing :...
2021 年 12 月のセキュリティ更新プログラム (月例)
2021 年 12 月 14 日(米国時間)に、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セ...
Researcher Spotlight: Dr. Nestori Syynimaa’s Constant Mission Protecting Identities
"When you find the things I find, they really matter. They affect everybody’s security.” Currently streaming : The Expanse and Lost in Space on Netflix Currently listening to : Amorphis, Architects, and Killswitch Engage Currently running : 130 kilometers or 80 miles a month Currently playing :...
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
Published on: 2021 Dec 11, updated 2022 Apr 6. SUMMARY SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j a logging tool used in many Java-based applications disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outsid...
CVE-2021-44228 Apache Log4j 2 に対するマイクロソフトの対応
本ブログは、Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 の抄訳版です。最新の情報は、元記事を参照してください。...
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
Published on: 2021 Dec 11, updated 2022 Apr 6. SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j a logging tool used in many Java-based applications disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outside of the...
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
Published on: 2021 Dec 11, updated 2021 Dec 18. SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j a logging tool used in many Java-based applications disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outside of th...
セキュリティ更新プログラム リリース スケジュール (2022 年)
2022 年のセキュリティ更新プログラムの公開予定日は下記のとおりです。更新プログラムの評価、テスト、適用の...
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentials property of an Azure Active Directory Azure AD Application and/or Service Principal, and prevent reading of private key data...
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentialsproperty of an Azure Active Directory Azure AD Applicationand/or Service Principal, and prevent reading of private key data...
アプリケーションおよびサービス プリンシパル API での Azure Active Directory (AD) keyCredential プロパティの情報漏えいに関するガイダンス
本ブログは、“Guidance for Azure Active Directory AD keyCredential property Information Disclosure in Application and Service Principal APIs” の抄訳版です。最新の情報は、原本...
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentialsproperty of an Azure Active Directory Azure AD Applicationand/or Service Principal, and prevent reading of private key data...
BlueHat is Back!
After a short hiatus, BlueHat is coming back with a vengeance! And we’ve got big plans for the entire researcher community. But first, I must apologize. It’s been a while since you have heard from us. We didn’t have BlueHat 2020 or 2021, and we know that was disappointing. It was partly due to th...
BlueHat is Back!
After a short hiatus, BlueHat is coming back with a vengeance! And we’ve got big plans for the entire researcher community. But first, I must apologize. It’s been a while since you have heard from us. We didn’t have BlueHat 2020 or 2021, and we know that was disappointing. It was partly due to th...
BlueHat is Back!
After a short hiatus, BlueHat is coming back with a vengeance! And we’ve got big plans for the entire researcher community. But first, I must apologize. It’s been a while since you have heard from us. We didn’t have BlueHat 2020 or 2021, and we know that was disappointing. It was partly due to th...
2021 年 11 月のセキュリティ更新プログラム (月例)
2021 年 11 月 10 日 日本時間、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...
We’re Excited to Announce the Launch of Comms Hub!
We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs case managers, attach additional files, track case and bug bounty status all in the Researcher...
We’re Excited to Announce the Launch of Comms Hub!
We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs case managers, attach additional files, track case and bug bounty status all in the Researcher...
We’re Excited to Announce the Launch of Comms Hub!
We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs case managers, attach additional files, track case and bug bounty status all in the Researcher...
Microsoft のバグハンティング:脆弱性発見者へのインタビューとMSRCについて ~ CODE BLUE Open Talkより
より安全で安心な製品やサービスを提供するために、マイクロソフトでは、マイクロソフトの製品やサービスに...
New High Impact Scenarios and Awards for the Azure Bounty Program
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...
New High Impact Scenarios and Awards for the Azure Bounty Program
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...
New High Impact Scenarios and Awards for the Azure Bounty Program
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...
Congratulations to the Top MSRC 2021 Q3 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 8...
Congratulations to the Top MSRC 2021 Q3 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 8...
Congratulations to the Top MSRC 2021 Q3 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 8...
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program
Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope ...
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program
Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope ...
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program
Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope ...
2021 年 10 月のセキュリティ更新プログラム (月例)
2021 年 10 月 13 日 日本時間、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...
セキュリティイベント CODE BLUE でお会いしましょう
より安全で安心な製品やサービスを提供するために、マイクロソフトでは、マイクロソフトの製品やサービスに...
Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions
Last updated on October 5, 2021: See revision history located at the end of the post for changes. On September 14, 2021, Microsoft released fixes for three Elevation of Privilege EoP vulnerabilities and one unauthenticated Remote Code Execution RCE vulnerability in the Open Management...
Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions
Last updated on October 5, 2021: See revision history located at the end of the post for changes. On September 14, 2021, Microsoft released fixes for three Elevation of Privilege EoP vulnerabilities and one unauthenticated Remote Code Execution RCE vulnerability in the Open Management...