Month Archives: March 2013

隣国のセキュリティ事案を教訓とするために

Thursday, March 28, 2013

隣国、韓国で 3 月 20 に起きたセキュリティ事案は、日本でも大きく取り上げられ注目されている。 この事案につ

セキュリティ アドバイザリ 2819682「Microsoft Windows ストア アプリケーション用のセキュリティ更新プログラム」を公開

Tuesday, March 26, 2013

2013 年 3 月 27 日、セキュリティ アドバイザリ 2819682「Microsoft Windows ストア アプリケーション用の

• Windows ストア アプリ
• アドバイザリ

2013 年 3 月のセキュリティ更新プログラムに関してリスクを評価する

Wednesday, March 20, 2013

本記事は、Security Research & Defense のブログ “Assessing risk for the March 2013 security updates” (2013 年 3 月 12 日

• セキュリティ情報

March 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Friday, March 15, 2013

Today we’re publishing the March 2013 Security Bulletin Webcast Questions & Answers page. We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer (MS13-021), SharePoint (MS13-024) and the update for Kernel-Mode Drivers in MS13-027. There were six additional questions during the webcast that we were unable to answer on air, and we have also answered those on the Q&A page.

• Bulletins
• Internet Explorer (IE)
• Malicious Software Removal Tool (MSRT)
• Microsoft Office
• Microsoft Windows
• Monthly bulletin release
• Security Bulletin
• Security bulletin release
• Security Bulletin Webcast
• Security Bulletins
• Security Update Webcast
• Security Update Webcast Q & A
• Video
• Webcast
• Webcast Q&A

組織に対する標的型攻撃を緩和する

Wednesday, March 13, 2013

本記事は、Microsoft Trustworthy Computing のブログ “Mitigating Targeted Attacks on Your Organization” (2012 年

• APT
• Pass-the-hash
• レポート

2013 年 3 月のセキュリティ情報 (月例) – MS13-021 ～ MS13-027

Tuesday, March 12, 2013

先週の事前通知でお知らせしましたとおり、新規セキュリティ情報 合計 7 件 (緊急 4 件、重要 3 件) を公開しま

• アドバイザリ
• セキュリティ情報
• セキュリティ更新
• 脆弱性

2013 年 3 月のマイクロソフト ワンポイント セキュリティ ～ビデオで簡単

Tuesday, March 12, 2013

皆さん、こんにちは！ 先ほど 12 月のマイクロソフト ワンポイント セキュリティ情報を公開しました。 本日 3 月 13

• セキュリティ情報
• ビデオ
• ワンポイント

Assessing risk for the March 2013 security updates

Tuesday, March 12, 2013

Today we released seven security bulletins addressing 20 CVE’s. Four of the bulletins have a maximum severity rating of Critical, and three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS13-021(Internet Explorer) Victim browses to a malicious webpage.

• Mitigations
• Rating
• Risk Asessment

Evolving Response and the March 2013 Bulletin Release

Tuesday, March 12, 2013

As my career in security response has grown over the years, I am often reminded of the words of Italian author Giuseppe Tomasi Di Lampedusa, who stated, “If we want everything to remain as it is, it will be necessary for everything to change.” There are some things that we wish to stay the same.

• Internet Explorer (IE)
• Microsoft Office
• Microsoft Windows
• Security Bulletin
• Security bulletin release
• Security Update

MS13-027: Addressing an issue in the USB driver requiring physical access

Tuesday, March 12, 2013

Today we are addressing a vulnerability in the way that the Windows USB drivers handle USB descriptors when enumerating devices. (KB 2807986). This update represents an expansion of our risk assessment methodology to recognize vulnerabilities that may require physical access, but do not require a valid logon session. Windows typically discovers USB devices when they are inserted or when they change power sources (if they switch from plugged-in power to being powered off of the USB connection itself).

• Attack Vector
• Kernel