Microsoft Support & Discussions

For the last 20 years, the Microsoft Security Response Center has been an integral part of Microsoft’s commitment to customer security. We are often called on to talk about the work we do and how customers can apply the lessons we have learned over that period to better their security posture. Continue reading...

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch them simultaneously, otherwise we bear the risk of these being exploited in the wild. In this post, I’d like to explain the automation we use in variant finding. For the past year or so, we’ve been augmenting our manual code review processes with Semmle, a third-party static analysis environment. It compiles code to a relational database (the snapshot database – a combination of…

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team Continue reading...

In January 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown). In this blog post, we will provide a technical analysis of a new speculative execution side channel vulnerability known as L1 Terminal Fault (L1TF) which has been assigned CVE-2018-3615 (for SGX), CVE-2018-3620 (for operating systems and SMM), and CVE-2018-3646 (for virtualization). Continue reading...

This morning we are excited to unveil the security researcher leaderboard at the Black Hat Security Conference. This list recognizes the top security researchers who have contributed research to the Microsoft products and services. If you are curious on how we build the list, check out our blog from last week on The Making of the Top 100 Researcher List. Continue reading...

Where did the summer go? This year the BlueHat Security Conference moved forward in the schedule to late September. Next year it will settle into a steady orbit of early October moving forward. With that change in schedule, it is hard to believe that it is time to reveal the schedule for BlueHat v18. Continue reading...

At Black Hat USA each year, we unveil the Top 100 Security Researcher list to reflect the amazing engagement we get from the community. During this period, we had several thousand researchers engage with the Microsoft Security Response Center (MSRC). We appreciate all the partnership and coordination that goes on throughout the year. Continue reading...

We have tabulated the results from April-June 2018. The Top 5 Bounty Hunters for Q4 are now in. As with our list from Q3, we want to recognize both the leaders in payouts and in number of successful submissions. We appreciate the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft’s products and services over our fourth quarter. Continue reading...

Modern security depends today on collaborative communication of identities and identity data within and across domains. A customer’s digital identity is often the key to accessing services and interacting across the internet. Microsoft has invested heavily in the security and privacy of both our consumer (Microsoft Account) and enterprise (Azure Active Directory) identity solutions. Continue reading...

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Continue reading...

Today we’re announcing a change to the Mitigation Bypass Bounty that removes Control Flow Guard (CFG) from the set of in-scope mitigations. In this blog, we’ll provide additional background and explain why we’re making this change. Mitigation Bypass Bounty Background Mitigation Bypass Bounty Background Microsoft started the Mitigation Bypass Bounty in 2013 with the goal of helping us improve key defense-in-depth mitigation technologies by learning about bypasses. Continue reading...

Updated September 10, 2018 The Servicing Criteria for Windows has transitioned to an official document and can be found at the link below. Microsoft thanks the members of the research community who provided feedback on the draft copy. Microsoft Security Servicing Criteria for Windows Continue reading...

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team Continue reading...

In January, 2018, Microsoft published an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown). In this blog post, we will provide a technical analysis of an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (SSB) which has been assigned CVE-2018-3639. Continue reading...

2018 年 5 月 9 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし Continue reading...

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team Continue reading...

We are back! Microsoft is excited to announce the next installment of the BlueHat Security Conference – BlueHat v18. We will be holding the event at Microsoft’s headquarter campus September 25-27, 2018. This year we are adding the option for workshops and networking on the first day prior to the content beginning. Continue reading...

The security of Microsoft’s cloud services is a top priority for us. One of the technologies that is central to cloud security is Microsoft Hyper-V which we use to isolate tenants from one another in the cloud. Given the importance of this technology, Microsoft has made and continues to make significant investment in the security of Hyper-V and the powerful security features that it enables, such as Virtualization-Based Security (VBS). Continue reading...

Throughout the year, security researchers submit some amazing work to us under the Microsoft Bug Bounty program. Starting this quarter, we want to give a shout out to and acknowledge the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft’s products and services over our third quarter (January-March 2018). Continue reading...

本記事は、Microsoft Secure のブログ “How artificial intelligence stopped an Emotet outbreak” (2018 年 2 月 14 日 米国時間公開) Continue reading...

本記事は、Microsoft Secure のブログ “Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign” (2018 年 Continue reading...

2018 年 4 月 11 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし Continue reading...

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found in the Security Update Guide. Continue reading...

本記事は、Security Research & Defense のブログ “Triaging a DLL planting vulnerability” (2018 年 4 月 Continue reading...

DLL planting (aka binary planting/hijacking/preloading) resurface every now and then, it is not always clear on how Microsoft will respond to the report. This blog post will try to clarify the parameters considered while triaging DLL planting issues. It is well known that when an application loads a DLL without specifying a fully qualified path, Windows attempts to locate the DLL by searching a well-defined set of directories in an order known as DLL search order. Continue reading...