Microsoft Support & Discussions

2017 年 8 月 9 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし Continue reading...

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found in the Security Update Guide. Continue reading...

Security researchers play an essential role in Microsoft’s security strategy and are key to community-based defense. To show our appreciation for their hard work and partnership, each year at BlackHat North America, the Microsoft Security Response Center highlights contributions of these researchers through the list of “Top 100” security researchers reporting to Microsoft. Continue reading...

本記事は、Microsoft Security Response Center のブログ “Announcing the Windows Bounty Program” (2017 年 7 月 26 日 米 Continue reading...

2017 年 7 月 28 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを定例外で公 Continue reading...

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit and leverage vulnerabilities. We built in mitigations and defenses such as DEP, ASLR, CFG, CIG, ACG, Device Guard, and Credential Guard to harden our systems and we continue adding defenses such as Windows Defender Application Guard to significantly increase protection to harden entry points while ensuring the customer experience is seamless. Continue reading...

Introduction Introduction We are continuing our series of blog posts dissecting the exploits released by ShadowBrokers in April 2017. After the first two posts about the SMB exploits known as EternalChampion and EternalSynergy, we’ll move this time to analyze a different tool and we’ll focus on the exploit named EnglishmansDentist designed to target Exchange Server 2003. Continue reading...

Introduction Introduction Recently we announced a series of blog posts dissecting the exploits released by the ShadowBrokers in April 2017; specifically some of the less explored exploits. This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This one is particularly interesting because many of the exploitation steps are purely packet-based, as opposed to local shellcode execution. Continue reading...

こんにちは、垣内由梨香です データを暗号化し安全にやり取りを行う Transport Layer Security (TLS)。TLS は利用しているが、詳細なバージョンまでは把握してない、そんな方も多いのではないでしょうか？暗号プロトコルは「使ってさえいれば安全」ではありません。現在の脅威に対応できるバージョンのみを利用しリスクを下げることが重要です。 マイクロソフトでは、より安全な TLS 1.2 へ移行していくことを推奨しています。 ** [2020/9/7 追記] 各製品、サービスにおける TLS 1.0/1.1 の廃止予定については、次の情報を参考にしてください。 TLS 1.0 and 1.1 deprecation TLS 1.0 and 1.1 deprecation Continue reading...

2017 年 7 月 12 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし Continue reading...

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found on the Security Update Guide. Continue reading...

本記事は、MMPC のブログ “Windows 10 platform resilience against the Petya ransomware attack” (2017 年 6 月 29 日 米国時間公開) の一 Continue reading...

Recently, a group named the ShadowBrokers published several remote server exploits targeting various protocols on older versions of Windows. In this post we are going to look at the EternalChampion exploit in detail to see what vulnerabilities it exploited, how it exploited them, and how the latest mitigations in Windows 10 break the exploit as-written. Continue reading...

本記事は、Microsoft Security Response Center のブログ “Update on Petya malware attacks” (2017 年 6 月 28 日 米国時間公 Continue reading...

As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to investigate and analyze, enabling our Malware Protection team to release signatures to detect and protect against the malware. Continue reading...

本記事は、Microsoft Security Response Center のブログ “Extending the Microsoft Edge Bounty Program” (2017 年 6 月 21 日 米 Continue reading...

本記事は、 Microsoft Malware Protection Center のブログ “Antivirus evolved” (2017 年 5 月 8 日 米国時間公開) を翻訳したも Continue reading...

Over the past ten months we have paid out over $200,000 USD in bounties. This collaboration with the research community has resulted in significant improvements in Edge security and has allowed us to offer more proactive security for our customers. Keeping in line with our philosophy of protecting customers and proactively partnering with researchers, today we are changing the Edge on Windows Insider Preview (WIP) bounty program from a time bound to a sustained bounty program. Continue reading...

Is this thing still on? It’s been a while since we’ve posted to this blog and we think it’s time to start posting deep technical content about Security Research & Defense (SRD) again. For readers who are new or may have forgotten, this blog is the home of the MSRC Vulnerabilities & Mitigations engineering team. Continue reading...

2017 年 6 月 14 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし Continue reading...

Microsoft releases additional updates for older platforms to protect against potential nation-state activity Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures. Some of the releases today are new, and some are for older platforms under custom support agreements, that we are making publicly available today. Continue reading...

Calling security professionals and enthusiasts throughout the world. Microsoft is pleased to open the Call for Papers for our BlueHat v17 Security Conference. Potential speakers have from June 1st through August 18th to submit abstract proposals for this unique opportunity. As in past events, we are looking for individuals to challenge the thinking and actions we do in security as well as join the community discussion on the current threat landscape that is impacting our customers. Continue reading...

本記事は、Microsoft Digital Crimes Unit の Courtney Gregoire による投稿 “The fight against tech support scams” (2017 年 5 月 18 日 米国時間公開) を翻訳したも Continue reading...

Over the past 10 months, we’ve paid out more than $200,000 USD in bounties to researchers reporting vulnerabilities through the Microsoft Edge Bounty Program. Partnering with the research community has helped improve Microsoft Edge security, and to continue this collaboration, today we’re extending the end date of the Edge on Windows Insider Preview (WIP) bounty program to June 30, 2017. Continue reading...

** Microsoft solution available to protect additional products ** Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. Continue reading...