Security Research & Defense

Subscribe to Security Research & Defense feed Security Research & Defense
Updated: 10 hours 28 min ago

2019 年 8 月のセキュリティ更新プログラム (月例)

Tue, 08/13/2019 - 19:05
2019 年 8 月 14 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。
Categories: Security News

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Tue, 08/13/2019 - 13:07
Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction. The affected …

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) Read More »

Categories: Security News

August 2019 Security Updates

Tue, 08/13/2019 - 13:05
We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

August 2019 Security Updates Read More »

Categories: Security News

Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP)

Thu, 08/08/2019 - 23:45
Today Microsoft announced the MAPP program Top Vulnerability Contributors, Top Threat Indicator Submitters, and Top Zero-Day Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through cooperation and collaboration with industry leading partners. While all MAPP partners have made a significant …

Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP) Read More »

Categories: Security News

Announcing 2019 MSRC Most Valuable Security Researchers

Wed, 08/07/2019 - 14:30
Earlier today we announced MSRC’s 2018-2019 Most Valuable Security Researchers at Black Hat. The following 75 researchers hail from all corners of the world and possess varied experience and skills, yet all of them have contributed to securing the Microsoft’s customers and the broader ecosystem. For over a decade, one of Microsoft’s partners in vulnerability …

Announcing 2019 MSRC Most Valuable Security Researchers Read More »

Categories: Security News

Corporate IoT – a path to intrusion

Mon, 08/05/2019 - 12:27
Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable, maintained, and monitored by security teams, especially in large …

Corporate IoT – a path to intrusion Read More »

Categories: Security News

Azure Security Lab: a new space for Azure research and collaboration

Mon, 08/05/2019 - 12:05
Azure is exceptionally secure.  To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000.  But we aren’t stopping there.   To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented individuals to come and do their worst …

Azure Security Lab: a new space for Azure research and collaboration Read More »

Categories: Security News

Recognizing Security Researchers in 2019

Tue, 07/30/2019 - 17:29
Who’s going to be on the Most Valuable Security Researcher list at Black Hat USA 2019? We’re not announcing the names—yet—but this is how we’ll determine who’s there. How do we define the Most Valuable Security Researchers?   The list at Black Hat will be the top tier of researchers based on not just the volume …

Recognizing Security Researchers in 2019 Read More »

Categories: Security News

Meet the MSRC at Black Hat 2019

Mon, 07/29/2019 - 19:58
We’re getting close to Black Hat, and we hope to see you there. Here’s where you can find members of the Microsoft Security Response Center if you’d like to say hello, ask a question about a report you made, discuss a recent blog article, or just show us pictures of your dog. Wednesday, August 7 …

Meet the MSRC at Black Hat 2019 Read More »

Categories: Security News

It’s Official – The Way We Recognize Our Security Researchers

Mon, 07/29/2019 - 15:34
We deeply appreciate the partnership of the many talented security researchers who report vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure. We pay bounties for research in key areas, and each year at Black Hat USA, we’ve recognized the most impactful researchers helping to protect the ecosystem. That’s not changing; we’re continuing to expand our bounty …

It’s Official – The Way We Recognize Our Security Researchers Read More »

Categories: Security News

Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP)

Thu, 07/25/2019 - 17:51
Today we announce the top organizational candidates for Vulnerability Top Contributors, Threat Indicator Top Submitters, and Zero-Day Top Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through cooperation and collaboration with industry leading partners. This bi-directional sharing program of threat …

Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP) Read More »

Categories: Security News

Why Rust for safe systems programming

Mon, 07/22/2019 - 15:19
In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represents the best alternative to C …

Why Rust for safe systems programming Read More »

Categories: Security News

We Need a Safer Systems Programming Language

Thu, 07/18/2019 - 15:57
In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities assigned a CVE for over a decade. We feel that using memory-safe languages will mitigate this …

We Need a Safer Systems Programming Language Read More »

Categories: Security News

Announcing the Microsoft Dynamics 365 Bounty program

Wed, 07/17/2019 - 16:49
One of Microsoft’s many security investments to protect customers is in the partnerships we build with the external security research community. We are excited to announce the launch of the Dynamics 365 Bounty program and welcome researchers to seek out and disclose any high impact vulnerabilities they may find in Dynamics 365. Rewards up to …

Announcing the Microsoft Dynamics 365 Bounty program Read More »

Categories: Security News

A proactive approach to more secure code

Tue, 07/16/2019 - 16:49
What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre (MSRC) has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019 presentation at BlueHat IL, the majority of vulnerabilities fixed and …

A proactive approach to more secure code Read More »

Categories: Security News

2019 年 7 月のセキュリティ更新プログラム (月例)

Tue, 07/09/2019 - 19:46
2019 年 7 月 10 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。
Categories: Security News

July 2019 Security Update Release

Tue, 07/09/2019 - 13:00
We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide.
Categories: Security News

日本セキュリティチーム ブログ移行のお知らせ

Tue, 07/09/2019 - 00:18
日本セキュリティチーム ブログが、新しいプラットフォームに移行してアドレスが変更になりました。旧アドレス (https://blogs.technet.microsoft.com/jpsecurity/) をブラウザのお気に入りに登録や、RSS フィードの登録等で利用されている方は、お手数ですが、新たなアドレス (https://aka.ms/jpsecurity) へ変更をお願いします。
Categories: Security News

Inside the MSRC – Building your own security incident response process

Mon, 07/01/2019 - 20:05
This is the third and last in a series of posts that looks at how Microsoft responds to elevated threats to customers through the Microsoft Security Response Center’s (MSRC) Software and Services Incident Response Plan (SSIRP). Our previous posts discussed how Microsoft protects customers against elevated threats and the anatomy of a SSIRP incident. In …

Inside the MSRC – Building your own security incident response process Read More »

Categories: Security News

Inside the MSRC – Anatomy of a SSIRP incident

Thu, 06/27/2019 - 13:08
This is the second in a series of blog posts that shares how the MSRC responds to elevated threats to customers through the Software and Services Incident Response Plan (SSIRP).   In our last blog post, we looked at the history of the Microsoft Security Response Center and SSIRP, and how Microsoft takes a holistic …

Inside the MSRC – Anatomy of a SSIRP incident Read More »

Categories: Security News

Pages