December 2019 security updates are available
We have released the December security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security...
Customer Guidance for the Dopplepaymer Ransomware
Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have...
BlueHat Seattle videos are online!
Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the...
November 2019 security updates are available!
We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security...
Using Rust in Windows
This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in...
Vulnerability hunting with Semmle QL: DOM XSS
In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this...
Time for day 2 of briefings at BlueHat Seattle!
We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent (complete with toasted marshmallows). Yesterday, we learned a lot about how XboxOne hardware security has advanced the state...
Welcome to the second stage of BlueHat!
We’ve finished two incredible days of security trainings at the Living Computer Museum in Seattle. Now it’s time for the second part of BlueHat: the briefings at ShowBox SoDo. We’ve got a big day planned, so head on down....
Microsoft Identity Bounty Improvements
Sharing the latest updates to the Microsoft Identity Bounty Program
The post Microsoft Identity Bounty Improvements appeared first on Microsoft Security Response Center.
Introducing the ElectionGuard Bounty program
Announcing the new ElectionGuard Bounty program
The post Introducing the ElectionGuard Bounty program appeared first on Microsoft Security Response Center.
Announcing the Security Researcher Quarterly Leaderboard
Right before Black Hat USA 2019, we announced our new researcher recognition program, and at Black Hat we announced the top researchers from the previous twelve months. Since it’s easier to track your progress with regular updates than with...
An intern’s experience with Rust
Over the course of my internship at the Microsoft Security Response Center (MSRC), I worked on the safe systems programming languages (SSPL) team to promote safer languages for systems programming where runtime overhead is important, as outlined in this...
Designing a COM library for Rust
I interned with Microsoft as a Software Engineering Intern in the MSRC UK team in Cheltenham this past summer. I worked in the Safe Systems Programming Language (SSPL) group, which explores safe programming languages as a proactive measure against...
October 2019 security updates are available!
We have released the October security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security...
[AD管理者向け] 2020 年 LDAP 署名と LDAP チャネルバインディングが有効化。確認を!
マイクロソフトでは、2020 年初頭に、Active Directory ドメイン環境内の LDAP 通信の安全性を向上するために、LDAP 署名、およびLDAP チャネルバインディング (LDAPS 利用時)を既定で有効化します。
The post 2020 年 LDAP 署名と LDAP チャネルバインディングが有効化。確認を! appeared first on Microsoft Security Response Center.
Pensacola confirms ransomware attack
Pensacola
officials confirmed that an ongoing
cyberattack that began early Saturday morning is a ransomware attack.
While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...
Trickbot Operators Now Selling Attack Tools to APT Actors
North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
The Great $50M African IP Address Heist
A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...
Intel Issues Fix for ‘Plundervolt’ SGX Flaw
Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
How to stop spam calls right now
Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.
