Microsoft Support & Discussions

In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represents the best alternative to C … Why Rust for safe systems programming Read More » Continue reading...

In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities assigned a CVE for over a decade. We feel that using memory-safe languages will mitigate this … We Need a Safer Systems Programming Language Read More » Continue reading...

One of Microsoft’s many security investments to protect customers is in the partnerships we build with the external security research community. We are excited to announce the launch of the Dynamics 365 Bounty program and welcome researchers to seek out and disclose any high impact vulnerabilities they may find in Dynamics 365. Rewards up to … Announcing the Microsoft Dynamics 365 Bounty program Read More » Continue reading...

What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre (MSRC) has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019 presentation at BlueHat IL, the majority of vulnerabilities fixed and … A proactive approach to more secure code Read More » Continue reading...

2019 年 7 月 10 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。 Continue reading...

We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. Continue reading...

日本セキュリティチーム ブログが、新しいプラットフォームに移行してアドレスが変更になりました。旧アドレス (日本のセキュリティチーム – (Japan Security Team)) をブラウザのお気に入りに登録や、RSS フィードの登録等で利用されている方は、お手数ですが、新たなアドレス (Japan Security Team – Microsoft Security Response Center) へ変更をお願いします。 Continue reading...

This blog post was authored by Jeff Woolsey, Principal PM Manager, Windows Server. This month, SQL Server 2008 and 2008 R2 reached their end of support. On January 14, 2020, Windows Server 2008 and 2008 R2 will also reach their end of support. These important dates provide an opportunity for businesses outside of the obvious deadline, and were here to help. Here is a list of resources to help you get ready: For the latest information about your options, visit the Windows Server 2008/R2 end of support site to learn about upgrading on-premises, migrating to Azure, or taking advantage of Extended Security Updates for your server environment. Download the Migration Gu…

This is the third and last in a series of posts that looks at how Microsoft responds to elevated threats to customers through the Microsoft Security Response Center’s (MSRC) Software and Services Incident Response Plan (SSIRP). Our previous posts discussed how Microsoft protects customers against elevated threats and the anatomy of a SSIRP incident. In … Inside the MSRC – Building your own security incident response process Read More » Continue reading...

This is the second in a series of blog posts that shares how the MSRC responds to elevated threats to customers through the Software and Services Incident Response Plan (SSIRP). In our last blog post, we looked at the history of the Microsoft Security Response Center and SSIRP, and how Microsoft takes a holistic … Inside the MSRC – Anatomy of a SSIRP incident Read More » Continue reading...

The Microsoft Security Response Center (MSRC) is an integral part of Microsoft’s Cyber Defense Operations Center (CDOC) that brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with dedicated teams 24×7, the CDOC has direct access to thousands of security professionals, data scientists, and … Inside the MSRC – Customer-centric incident response Read More » Continue reading...

This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution (RCE) vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Microsoft Azure infrastructure and Services are not affected; only customer’s Linux IaaS instances running a vulnerable version of Exim are affected.  Azure customers running VMs with Exim 4.92 are not … Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149) Read More » Continue reading...

2019 年 6 月 12 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。 Continue reading...

The Microsoft Security Response Center (MSRC) works to assess vulnerabilities that are externally reported to us as quickly as possible, but time can be lost if we have to confirm details of the repro steps or environment with the researcher to reproduce the vulnerability. Microsoft has made our “Time Travel Debugging” (TTD) tool publicly available … Time travel debugging: It’s a blast! (from the past) Read More » Continue reading...

This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution (RCE) vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Azure customers running VMs with Exim 4.92 are not affected by this vulnerability. Azure has controls in place to help limit the spread of this worm from work we’ve already done to combat SPAM, but customers using the vulnerable software would still be susceptible to infection. Customers using Azure virtual machines (VMs) are responsible for updating the operating systems running on their VMs. As this vulnerability is being actively exploited by worm activity, …

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Continue reading...