Microsoft Security Center Center News

Subscribe to Microsoft Security Center Center News feed
Recent content on Microsoft Security Response Center
Updated: 54 min 16 sec ago

Announcing The BlueHat Podcast: Listen and Subscribe Now!

Wed, 05/17/2023 - 07:00
Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here). Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to debate, discuss, share, challenge, celebrate and learn.
Categories: Microsoft

2023 年 5 月のセキュリティ更新プログラム (月例)

Tue, 05/09/2023 - 07:00
2023 年 5 月 9 日 (米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
Categories: Microsoft

CVE-2023-24932 に関連するセキュア ブート マネージャーの変更に関するガイダンス

Tue, 05/09/2023 - 07:00
本ブログは、Guidance related to Secure Boot Manager changes associated with CVE-2023-24932 の抄訳版です。最新の情報は原文を参照してください。 概要
Categories: Microsoft

Guidance related to Secure Boot Manager changes associated with CVE-2023-24932

Tue, 05/09/2023 - 07:00
Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this vulnerability. This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware Interface (UEFI) level while Secure Boot is enabled.
Categories: Microsoft

マイクロソフトのオンラインサービスにおける、脆弱性の深刻度分類の公開

Tue, 04/18/2023 - 07:00
本ブログは、Microsoft Vulnerability Severity Classification for Online Services Publication の抄訳版です。最新の情報は原文を参照してください。 マイク
Categories: Microsoft

Microsoft Vulnerability Severity Classification for Online Services Publication

Tue, 04/18/2023 - 07:00
The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provide additional information about our approach to online services and web applications.
Categories: Microsoft

Congratulations to the Top MSRC 2023 Q1 Security Researchers!

Thu, 04/13/2023 - 07:00
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q1 Security Researcher Leaderboard are: Kai Lu (@K3vinLuSec), Yuki Chen, and wh1tc & Edwardzpeng! Check out the full list of researchers recognized this quarter here.
Categories: Microsoft

2023 年 4 月のセキュリティ更新プログラム (月例)

Tue, 04/11/2023 - 07:00
2023 年 4 月 11 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
Categories: Microsoft

Azure Storage Keys、Azure Functions、Azure Role Based Access に関するベスト プラクティス

Tue, 04/11/2023 - 07:00
本ブログは、Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access の抄訳版です。最新の情報は原文を参照してください。 概要 概
Categories: Microsoft

Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access

Tue, 04/11/2023 - 07:00
Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with various security best practices. This is particularly important in deploying Azure Functions and in provisioning Azure Role Based Access Control as customers are responsible for configuring and managing applications, identity, and data.
Categories: Microsoft

Azure ADを使用するマルチテナント アプリケーションの承認に関する構成ミスの可能性に関するガイダンス

Thu, 03/30/2023 - 07:00
本ブログは、Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD の抄訳版です。最新の情報は原文を参照してください
Categories: Microsoft

Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD

Wed, 03/29/2023 - 07:00
Summary Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of our internal applications. The misconfiguration allowed external parties read and write access to the impacted applications. Microsoft immediately corrected the misconfiguration and added additional authorization checks to address the issue and confirmed that no unintended access had occurred.
Categories: Microsoft

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

Tue, 03/14/2023 - 13:00
Summary Summary Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure.
Categories: Microsoft

2023 年 3 月のセキュリティ更新プログラム (月例)

Tue, 03/14/2023 - 07:00
2023 年 3 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
Categories: Microsoft

マイクロソフトは Outlook の 特権昇格の脆弱性を緩和します

Tue, 03/14/2023 - 07:00
本ブログは、Microsoft Mitigates Outlook Elevation of Privilege Vulnerability の抄訳版です。最新の情報は原文を参照してください。 Microsoft Threat Intelligence は
Categories: Microsoft

Azure Kubernetes Service (AKS) Threat Hunting

Wed, 03/01/2023 - 00:00
As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also extended to adversaries. As adversaries leverage Kubernetes to run their workloads, their understanding of how these platforms work and can be exploited increases.
Categories: Microsoft

Configuring host-level audit logging for AKS VMSS

Wed, 03/01/2023 - 00:00
This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service (AKS) Virtual Machine Scale Set (VMSS) using the Linux auditing subsystem, also known as auditd. Warning The information provided below is accurate as of the release date of this blog post (2023-03) and guidance may change in future.
Categories: Microsoft

First steps in CHERIoT Security Research

Tue, 02/28/2023 - 00:00
First steps in CHERIoT Security Research First steps in CHERIoT Security Research At Microsoft, we invest a lot of time researching and investigating possibilities in our journey to memory safety. Because the massive majority of existing codebases are written in unsafe programming languages, the task of protecting legacy code is very important.
Categories: Microsoft