Month Archives: July 2013

Filling A Gap In the Vulnerability Market – First Bounty Notification

Wednesday, July 10, 2013

When Microsoft decided to offer not one but three new bounties, paying outside researchers directly for security research on some of our latest products, we put a lot of thought into developing those bounty programs. We developed a customized set of programs designed to create a win-win between the security researcher community and Microsoft’s customers, by focusing on key data about what researchers were doing with vulnerabilities they found in our products.

Read More

• BlueHat Prize
• Bounty
• Bountyprograms
• Internet Explorer (IE)
• Microsoft Windows
• Responsible Disclosure
• Security Research
• Zero-Day Exploit

Running in the wild, not for so long

Wednesday, July 10, 2013

Over the weekend we received a report from our partners about a possible unpatched Internet Explorer vulnerability being exploited in the wild. The exploit code uses a memory corruption bug triggered from a webpage but it deeply leverages a Flash SWF file in order to achieve reliable exploitation and code execution.

Read More

• Attack
• Detection
• EMET
• Exploitation
• Internet Explorer (IE)
• Workarounds
• Zero-Day Exploit

2013 年 7 月のセキュリティ情報 (月例) – MS13-052 ～ MS13-058

Tuesday, July 09, 2013

先週の事前通知でお知らせしましたとおり、新規セキュリティ情報 合計 7 件 (緊急 6 件、重要 1 件) を公開しま

Read More

• アドバイザリ
• セキュリティ情報

2013 年 7 月のマイクロソフト ワンポイント セキュリティ ～ビデオで簡単に解説 ～

Tuesday, July 09, 2013

皆さん、こんにちは！ 先ほど 7 月のマイクロソフト ワンポイント セキュリティ情報を公開しました。 本日 7 月 10

Read More

• セキュリティ情報
• ビデオ
• ワンポイント

A new policy for store apps and the July 2013 security updates

Tuesday, July 09, 2013

There are those I’ve met who think my life is something akin to the classic comedy Groundhog Day. No, I don’t wake up to the musical stylings of Sonny and Cher each morning, but month after month after month, the second Tuesday rolls around and I’m involved in releasing security updates.

Read More

• Bulletins
• Internet Explorer (IE)
• Microsoft Windows
• Security Bulletins
• Security Update

Assessing risk for the July 2013 security updates

Tuesday, July 09, 2013

Today we released seven security bulletins addressing 34 CVE’s. Six bulletins have a maximum severity rating of Critical, and one has a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS13-055(Internet Explorer) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Risk Asessment

2013 年 7 月 10 日のセキュリティ リリース予定 (月例)

Thursday, July 04, 2013

2013 年 7 月の月例セキュリティ リリースの事前通知を公開しました。2013 年 7 月 10 日に公開を予定している新

Read More

• セキュリティ情報

Advance Notification Service for July 2013 Security Bulletin Release

Thursday, July 04, 2013

Today we’re providing advance notification for the release of seven bulletins, six Critical and one Important, for July 2013. The Critical bulletins address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer and GDI+. Also scheduled for inclusion among these Critical bulletins is an update to address CVE-2013-3660, which is a publicly known issue in the Kernel-Mode Drivers component of Windows.

Read More

• ANS
• Bulletins
• Monthly bulletin release
• Update Tuesday

New Bounty Programs – One Week In

Wednesday, July 03, 2013

Two weeks ago, Microsoft made an important evolutionary step in our work with the security community when we announced our first-ever bounty programs for security issues. One week ago, the Windows 8.1 Preview and Internet Explorer 11 Preview became available for download, and the doors officially opened for bounty-eligible submissions to secure [at] Microsoft [dot] com.

Read More

• Black Hat
• BlueHat Prize
• Bounty
• Bountyprograms
• CVD
• Internet Explorer (IE)
• Microsoft Windows
• Security Ecosystem
• Security Research