Saturday, July 20, 2019

We Need a Safer Systems Programming Language

In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities...

Announcing the Microsoft Dynamics 365 Bounty program

One of Microsoft’s many security investments to protect customers is in the partnerships we build with the external security research community. We are excited to announce the launch of the Dynamics 365 Bounty program and welcome researchers to seek...

A proactive approach to more secure code

What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre (MSRC) has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as...

2019 年 7 月のセキュリティ更新プログラム (月例)

2019 年 7 月 10 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。

July 2019 Security Update Release

We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security...

日本セキュリティチーム ブログ移行のお知らせ

日本セキュリティチーム ブログが、新しいプラットフォームに移行してアドレスが変更になりました。旧アドレス ( をブラウザのお気に入りに登録や、RSS フィードの登録等で利用されている方は、お手数ですが、新たなアドレス ( へ変更をお願いします。

Inside the MSRC – Building your own security incident response process

This is the third and last in a series of posts that looks at how Microsoft responds to elevated threats to customers through the Microsoft Security Response Center’s (MSRC) Software and Services Incident Response Plan (SSIRP). Our previous posts...

Inside the MSRC – Anatomy of a SSIRP incident

This is the second in a series of blog posts that shares how the MSRC responds to elevated threats to customers through the Software and Services Incident Response Plan (SSIRP).   In our last blog post, we looked at...

Inside the MSRC – Customer-centric incident response

The Microsoft Security Response Center (MSRC) is an integral part of Microsoft’s Cyber Defense Operations Center (CDOC) that brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with...

Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)

This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution (RCE) vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Azure customers running VMs with Exim 4.92 are not...

2019 年 6 月のセキュリティ更新プログラム (月例)

2019 年 6 月 12 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。

June 2019 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.    More information about this month’s security updates can be found on the Security Update Guide.  

BlueHat Shanghai 2019: Amplifying the power of defensive partnerships around the world

Earlier this week BlueHat Shanghai brought together security researchers and hundreds of cybersecurity professionals from China and across Asia to explore the latest topics in cybersecurity research. Including presentations from Qihoo 360, Baidu, Alibaba and the Chinese Academy of...

A Reminder to Update Your Systems to Prevent a Worm

On May 14, Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. In our previous blog post on this...

Microsoft Launches a New Recognition Program for MAPP Partners

There are many dedicated people and organizations who contribute to the protection and security of our common customers. For years, Microsoft has recognized security researchers for helping protect the ecosystem. Now, we’re announcing the launch of a new program...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.