Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
Summary Summary Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP)...
2023 年 3 月のセキュリティ更新プログラム (月例)
2023 年 3 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
マイクロソフトは Outlook の 特権昇格の脆弱性を緩和します
本ブログは、Microsoft Mitigates Outlook Elevation of Privilege Vulnerability の抄訳版です。最新の情報は原文を参照してください。 Microsoft Threat Intelligence は
Azure Kubernetes Service (AKS) Threat Hunting
As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads...
Configuring host-level audit logging for AKS VMSS
This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service (AKS) Virtual Machine Scale Set (VMSS) using the Linux auditing subsystem, also known as auditd.
Warning The information provided below is...
First steps in CHERIoT Security Research
First steps in CHERIoT Security Research First steps in CHERIoT Security Research At Microsoft, we invest a lot of time researching and investigating possibilities in our journey to memory safety. Because the massive majority of existing codebases are written...
2023 年 2 月のセキュリティ更新プログラム (月例)
2023 年 2 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
新しい MSRCのブログサイト
2023 年 2 月 9 日 (米国時間) から MSRC のブログサイトが新しくなりました。 2023 年 2 月 9 日 (米国時間) 以降は https://msrc.microsoft.com/blog をご
New MSRC Blog Site
We are excited to announce the release of the new Microsoft Security Response Center (MSRC) blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content.
In addition to the new URL, we have...
BlueHat 2023: Connecting the security research community with Microsoft
We’re excited to welcome more than 400 members of the security research community from around the world to Redmond, Washington for BlueHat 2023. Hosted by the Microsoft Security Response Center (MSRC), BlueHat is where the security research community, and...
Microsoft の調査 – 検証済みの発行者確認を悪用する脅威アクターの同意フィッシング キャンペーンについて
本ブログは、Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process の抄訳版です。最新の情報は原文を参照してくださ
サイバーセキュリティ月間 2023
政府では、サイバーセキュリティに関する普及啓発強化のため、2 月 1 日から 3 月 18 日までを 「サイバーセキュ
Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process
Summary Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program (MCPP) (formerly known as Microsoft Partner Network (MPN)). The actor...
Congratulations to the Top MSRC 2022 Q4 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers.
The top three researchers of the 2022 Q4 Security Researcher Leaderboard are:...
Microsoft は、Azure クラウド サービスにおける 4 つの SSRF の脆弱性を解決しました。
本ブログは、Microsoft resolves four SSRF vulnerabilities in Azure cloud services の抄訳版です。最新の情報は原文を参照してください。 概要