Security Research & Defense

Subscribe to Security Research & Defense feed Security Research & Defense
Updated: 13 hours 4 min ago

Customer Guidance for the Dopplepaymer Ransomware

Wed, 11/20/2019 - 18:43

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated and found no evidence to support these claims. In our investigations we found that the …

Customer Guidance for the Dopplepaymer Ransomware Read More »

The post Customer Guidance for the Dopplepaymer Ransomware appeared first on Microsoft Security Response Center.

Categories: Security News

BlueHat Seattle videos are online!

Wed, 11/13/2019 - 13:20

Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone. We are also happy …

BlueHat Seattle videos are online! Read More »

The post BlueHat Seattle videos are online! appeared first on Microsoft Security Response Center.

Categories: Security News

November 2019 security updates are available!

Tue, 11/12/2019 - 13:09

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

November 2019 security updates are available! Read More »

The post November 2019 security updates are available! appeared first on Microsoft Security Response Center.

Categories: Security News

Using Rust in Windows

Thu, 11/07/2019 - 11:11

This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in Microsoft. If you want to talk with …

Using Rust in Windows Read More »

The post Using Rust in Windows appeared first on Microsoft Security Response Center.

Categories: Security News

Vulnerability hunting with Semmle QL: DOM XSS

Wed, 11/06/2019 - 15:12

In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­ the …

Vulnerability hunting with Semmle QL: DOM XSS Read More »

The post Vulnerability hunting with Semmle QL: DOM XSS appeared first on Microsoft Security Response Center.

Categories: Security News

Time for day 2 of briefings at BlueHat Seattle!

Fri, 10/25/2019 - 11:33

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent (complete with toasted marshmallows). Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising correlations between vuln severity, age, and time to …

Time for day 2 of briefings at BlueHat Seattle! Read More »

The post Time for day 2 of briefings at BlueHat Seattle! appeared first on Microsoft Security Response Center.

Categories: Security News

Welcome to the second stage of BlueHat!

Thu, 10/24/2019 - 11:47

We’ve finished two incredible days of security trainings at the Living Computer Museum in Seattle. Now it’s time for the second part of BlueHat: the briefings at ShowBox SoDo. We’ve got a big day planned, so head on down. Please join us for breakfast (we have doughnuts! and bacon! and cereal!) when the doors open …

Welcome to the second stage of BlueHat! Read More »

The post Welcome to the second stage of BlueHat! appeared first on Microsoft Security Response Center.

Categories: Security News

Microsoft Identity Bounty Improvements

Wed, 10/23/2019 - 15:00

Sharing the latest updates to the Microsoft Identity Bounty Program

The post Microsoft Identity Bounty Improvements appeared first on Microsoft Security Response Center.

Categories: Security News

Introducing the ElectionGuard Bounty program

Fri, 10/18/2019 - 12:00

Announcing the new ElectionGuard Bounty program

The post Introducing the ElectionGuard Bounty program appeared first on Microsoft Security Response Center.

Categories: Security News

Announcing the Security Researcher Quarterly Leaderboard

Thu, 10/17/2019 - 13:32

Right before Black Hat USA 2019, we announced our new researcher recognition program, and at Black Hat we announced the top researchers from the previous twelve months. Since it’s easier to track your progress with regular updates than with just an annual report, we are excited to announce the MSRC Q3 2019 Security Researcher Leaderboard, …

Announcing the Security Researcher Quarterly Leaderboard Read More »

The post Announcing the Security Researcher Quarterly Leaderboard appeared first on Microsoft Security Response Center.

Categories: Security News

An intern’s experience with Rust

Wed, 10/16/2019 - 17:26

Over the course of my internship at the Microsoft Security Response Center (MSRC), I worked on the safe systems programming languages (SSPL) team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical network processing agent into Rust to eliminate …

An intern’s experience with Rust Read More »

The post An intern’s experience with Rust appeared first on Microsoft Security Response Center.

Categories: Security News

Designing a COM library for Rust

Tue, 10/08/2019 - 13:00

I interned with Microsoft as a Software Engineering Intern in the MSRC UK team in Cheltenham this past summer. I worked in the Safe Systems Programming Language (SSPL) group, which explores safe programming languages as a proactive measure against memory-safety related vulnerabilities. This blog post describes the project that I have been working on under …

Designing a COM library for Rust Read More »

The post Designing a COM library for Rust appeared first on Microsoft Security Response Center.

Categories: Security News

October 2019 security updates are available!

Tue, 10/08/2019 - 12:58

We have released the October security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

October 2019 security updates are available! Read More »

The post October 2019 security updates are available! appeared first on Microsoft Security Response Center.

Categories: Security News

[AD管理者向け] 2020 年 LDAP 署名と LDAP チャネルバインディングが有効化。確認を!

Wed, 10/02/2019 - 19:59

マイクロソフトでは、2020 年初頭に、Active Directory ドメイン環境内の LDAP 通信の安全性を向上するために、LDAP 署名、およびLDAP チャネルバインディング (LDAPS 利用時)を既定で有効化します。

The post [AD管理者向け] 2020 年 LDAP 署名と LDAP チャネルバインディングが有効化。確認を! appeared first on Microsoft Security Response Center.

Categories: Security News

Building the Azure IoT Edge Security Daemon in Rust

Mon, 09/30/2019 - 12:45

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as the implementation programming …

Building the Azure IoT Edge Security Daemon in Rust Read More »

The post Building the Azure IoT Edge Security Daemon in Rust appeared first on Microsoft Security Response Center.

Categories: Security News

MSRC is going to ROOTCON!

Mon, 09/23/2019 - 14:48

The Microsoft Security Response Center (MSRC) works with partners all over the world to protect Microsoft customers. This week we’re headed to the Philippines to meet security researchers and bounty hunters at ROOTCON 13! Planning on attending ROOTCON? If you want to learn more about how you can earn rewards for reporting vulnerabilities to Microsoft …

MSRC is going to ROOTCON! Read More »

The post MSRC is going to ROOTCON! appeared first on Microsoft Security Response Center.

Categories: Security News

Meet the BlueHat Content Advisory Board

Wed, 09/18/2019 - 18:54

We couldn’t do BlueHat without the Content Advisory Board, the brain trust reviewing submissions to the CFP. Representing both Microsoft and other parts of security community, the CAB applies their industry and speaker experience to create the BlueHat agenda that’s the right mix of topics and perspectives. We really appreciate the time these people take …

Meet the BlueHat Content Advisory Board Read More »

The post Meet the BlueHat Content Advisory Board appeared first on Microsoft Security Response Center.

Categories: Security News

Calling all breakers & builders: BlueHat Seattle registration is open!

Mon, 09/16/2019 - 17:00

Exciting changes are coming to BlueHat Seattle 2019! If you’d like to attend this premier security conference, we have good news for you: registration for BlueHat Seattle is now open and we hope you register.   Wait, isn’t BlueHat invitation-only? It is…but if we haven’t sent you an invitation, we encourage you to request a seat. Visit our registration site and tell us a little bit about yourself. We’re reviewing all application requests and will send a confirmation if you are selected.   The BlueHat conference team is creating an engaging two-day agenda to provide a …

Calling all breakers & builders: BlueHat Seattle registration is open! Read More »

The post Calling all breakers & builders: BlueHat Seattle registration is open! appeared first on Microsoft Security Response Center.

Categories: Security News

Attacking the VM Worker Process

Wed, 09/11/2019 - 14:50

In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. We then published “Fuzzing para-virtualized devices in Hyper-V”, which …

Attacking the VM Worker Process Read More »

The post Attacking the VM Worker Process appeared first on Microsoft Security Response Center.

Categories: Security News

2019 年 9 月のセキュリティ更新プログラム (月例)

Tue, 09/10/2019 - 19:34

2019 年 9 月 11 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。

The post 2019 年 9 月のセキュリティ更新プログラム (月例) appeared first on Microsoft Security Response Center.

Categories: Security News

Pages