2023

Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217

Monday, October 02, 2023

Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below: CVE-2023-4863 Microsoft Edge Microsoft Teams for Desktop Skype for Desktop Webp Image Extensions (Released on Windows and updates through Microsoft Store) CVE-2023-5217

Read More

• Open Source

オープンソースの脆弱性 CVE-2023-4863 および CVE-2023-5217 に対するマイクロソフトの対応

Monday, October 02, 2023

本ブログは、Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217 の抄訳版です。最新の情報は原文を参照してください。

Read More

• オープン ソース
• セキュリティガイダンス

Journey Down Under: How Rocco Became Australia’s Premier Hacker

Monday, September 25, 2023

Fun facts about Rocco Calvi (@TecR0c): Microsoft MVR: Rocco is a 2023 Microsoft Most Valuable Researcher. Fitness fanatic: Inspired by old-school body building and countless hours of chopping and carrying wood in the mountains during his youth, Rocco remains a fitness enthusiast, setting himself challenges and pushing his limits.

Read More

• BlueHat
• Security Researcher

Microsoftは、過剰な許可を持つSASトークンによるストレージ アカウント内の内部情報の露出を緩和しました

Tuesday, September 19, 2023

本ブログは、Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS tokenの抄訳版です。最新の情報は原文を参

Read More

• アドバイザリ

Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token

Monday, September 18, 2023

Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account.

Read More

• Azure
• Security
• Security Researcher
• Coordinated Vulnerability Disclosure
• CVD

2023 年 9 月のセキュリティ更新プログラム (月例)

Tuesday, September 12, 2023

2023 年 9 月 12 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ

Read More

• アドバイザリ
• セキュリティ更新
• セキュリティ更新プログラム
• 月例セキュリティ更新日

Results of Major Technical Investigations for Storm-0558 Key Acquisition

Wednesday, September 06, 2023

March 12, 2024 update As part of our continued commitment to transparency and trust outlined in Microsoft’s Secure Future Initiative, we are providing further information as it relates to our ongoing investigation. This new information does not change the customer guidance we previously shared, nor have our ongoing investigations revealed additional impact to Microsoft or our customers.

Read More

• Azure AD
• Identity
• Investigations

Storm-0558 によるキーの取得に関する主な技術調査の結果について

Wednesday, September 06, 2023

本ブログは、Results of Major Technical Investigations for Storm-0558 Key Acquisition の抄訳版です。最新の情報は原文を参照してください。 ** 2024 年 3

Read More

• Azure AD
• Identity
• Investigations

Azure Serial Console Attack and Defense - Part 1

Thursday, August 10, 2023

Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that’s available for free for everyone. While the primary intent of this feature is to assist users debug their machine, there are several interesting ways to abuse the features and compromise sensitive information.

Read More

• Security Research
• Microsoft Threat Hunting
• Azure Serial Console

2023 年 8 月のセキュリティ更新プログラム (月例) 

Tuesday, August 08, 2023

2023 年 8 月 8 日 (米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ

Read More

• アドバイザリ
• セキュリティ更新
• セキュリティ更新プログラム
• 月例セキュリティ更新日