Microsoft Security Response Center Blog Alerts

Subscribe to Microsoft Security Response Center Blog Alerts hírcsatorna Microsoft Security Response Center Blog Alerts
Frissítve: 1 óra 3 perc
2019. szeptember 16.

Calling all breakers & builders: BlueHat Seattle registration is open!

Exciting changes are coming to BlueHat Seattle 2019! If you’d like to attend this premier security conference, we have good news for you: registration for BlueHat Seattle is now open and we hope you register.   Wait, isn’t BlueHat invitation-only? It is…but if we haven’t sent you an invitation, we encourage you to request a seat. Visit our registration site and tell us a little bit about yourself. We’re reviewing all application requests and will send a confirmation if you are selected.   The BlueHat conference team is creating an engaging two-day agenda to provide a …

Calling all breakers & builders: BlueHat Seattle registration is open! Read More »

The post Calling all breakers & builders: BlueHat Seattle registration is open! appeared first on Microsoft Security Response Center.

2019. szeptember 11.

Attacking the VM Worker Process

In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. We then published “Fuzzing para-virtualized devices in Hyper-V”, which …

Attacking the VM Worker Process Read More »

The post Attacking the VM Worker Process appeared first on Microsoft Security Response Center.

2019. szeptember 11.

2019 年 9 月のセキュリティ更新プログラム (月例)

2019 年 9 月 11 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。

The post 2019 年 9 月のセキュリティ更新プログラム (月例) appeared first on Microsoft Security Response Center.

2019. szeptember 10.

September 2019 Security Updates

We have released the September security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

September 2019 Security Updates Read More »

The post September 2019 Security Updates appeared first on Microsoft Security Response Center.

2019. szeptember 4.

BlueHat Seattle 2019 Call for Papers is Now Open!

2019 has seen a phenomenal BlueHatIL in February followed by a wildly successful BlueHat Shanghai in May… now it’s time to come back home for BlueHat Seattle!  2 days of hands-on technical training (October 22-23, 2019)  2 days of conference talks from industry-leading security researchers and cyber defenders (October 24-25, 2019)  great creative spaces ready …

BlueHat Seattle 2019 Call for Papers is Now Open! Read More »

2019. szeptember 3.

Acquiring a VHD to Investigate

In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating and maintaining a VM image which can be distributed to multiple regions, allowing you to deploy this …

Acquiring a VHD to Investigate Read More »

2019. augusztus 30.

Scalable infrastructure for investigations and incident response

Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to the cloud and show one solution to overcome these challenges, using …

Scalable infrastructure for investigations and incident response Read More »

2019. augusztus 20.

Announcing the Microsoft Edge Insider Bounty

This week, we released the first Beta preview of the next version of Microsoft Edge. Alongside this, Microsoft is excited to announce the launch of the Microsoft Edge Insider Bounty Program. We welcome researchers to seek out and disclose any high impact vulnerabilities they may find in the next version of Microsoft Edge, based on …

Announcing the Microsoft Edge Insider Bounty Read More »

2019. augusztus 14.

2019 年 8 月のセキュリティ更新プログラム (月例)

2019 年 8 月 14 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。
2019. augusztus 13.

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction. The affected …

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) Read More »

2019. augusztus 13.

August 2019 Security Updates

We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

August 2019 Security Updates Read More »

2019. augusztus 9.

Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP)

Today Microsoft announced the MAPP program Top Vulnerability Contributors, Top Threat Indicator Submitters, and Top Zero-Day Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through cooperation and collaboration with industry leading partners. While all MAPP partners have made a significant …

Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP) Read More »

2019. augusztus 7.

Announcing 2019 MSRC Most Valuable Security Researchers

Earlier today we announced MSRC’s 2018-2019 Most Valuable Security Researchers at Black Hat. The following 75 researchers hail from all corners of the world and possess varied experience and skills, yet all of them have contributed to securing the Microsoft’s customers and the broader ecosystem. For over a decade, one of Microsoft’s partners in vulnerability …

Announcing 2019 MSRC Most Valuable Security Researchers Read More »

2019. augusztus 5.

Corporate IoT – a path to intrusion

Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable, maintained, and monitored by security teams, especially in large …

Corporate IoT – a path to intrusion Read More »

2019. augusztus 5.

Azure Security Lab: a new space for Azure research and collaboration

Azure is exceptionally secure.  To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000.  But we aren’t stopping there.   To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented individuals to come and do their worst …

Azure Security Lab: a new space for Azure research and collaboration Read More »

2019. július 30.

Recognizing Security Researchers in 2019

Who’s going to be on the Most Valuable Security Researcher list at Black Hat USA 2019? We’re not announcing the names—yet—but this is how we’ll determine who’s there. How do we define the Most Valuable Security Researchers?   The list at Black Hat will be the top tier of researchers based on not just the volume …

Recognizing Security Researchers in 2019 Read More »

2019. július 30.

Meet the MSRC at Black Hat 2019

We’re getting close to Black Hat, and we hope to see you there. Here’s where you can find members of the Microsoft Security Response Center if you’d like to say hello, ask a question about a report you made, discuss a recent blog article, or just show us pictures of your dog. Wednesday, August 7 …

Meet the MSRC at Black Hat 2019 Read More »

2019. július 29.

It’s Official – The Way We Recognize Our Security Researchers

We deeply appreciate the partnership of the many talented security researchers who report vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure. We pay bounties for research in key areas, and each year at Black Hat USA, we’ve recognized the most impactful researchers helping to protect the ecosystem. That’s not changing; we’re continuing to expand our bounty …

It’s Official – The Way We Recognize Our Security Researchers Read More »

2019. július 25.

Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP)

Today we announce the top organizational candidates for Vulnerability Top Contributors, Threat Indicator Top Submitters, and Zero-Day Top Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through cooperation and collaboration with industry leading partners. This bi-directional sharing program of threat …

Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP) Read More »

2019. július 22.

Why Rust for safe systems programming

In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represents the best alternative to C …

Why Rust for safe systems programming Read More »