サポート終了後の Windows XP、マルウェア対策ソフトが動いていれば安心?
Monday, December 23, 2013
よく、「サポート終了後の製品でも、マルウェア対策ソフトを実行していれば大丈夫?」とのご質問を受けます
Month Archives: December 2013
休暇中に被害に遭わないために ~お休み前のセキュリティ チェック
Thursday, December 19, 2013
今年の年末年始は大型休暇になる方もいらっしゃるのではないでしょうか。 特に一斉休暇となりオフィスからひ
2013 年マイクロソフトのセキュリティ情報まとめ
Tuesday, December 17, 2013
皆さん、こんにちは!関東地方では、雪が降るとの予報がでていますが、今日はとても寒いです。仕事も私生活
Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Monday, December 16, 2013
Today we’re publishing the December 2013 Security Bulletin Webcast Questions & Answers page. We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin (MS13-096), Security Advisory 2915720 and Security Advisory 2905247. We also wanted to note a new blog on the Microsoft Security Blog site on the top cyber threat predications for 2014.
2013 年 12 月のセキュリティ更新プログラムのリスク評価
Wednesday, December 11, 2013
本記事は、Security Research & Defense のブログ “ Assessing risk for the December 2013 security updates ” (2013 年 12 月 10 日公開) を翻訳した記事です。 本
Software defense: mitigating common exploitation techniques
Wednesday, December 11, 2013
In our previous posts in this series, we described various mitigation improvements that attempt to prevent the exploitation of specific classes of memory safety vulnerabilities such as those that involve stack corruption, heap corruption, and unsafe list management and reference count mismanagement. These mitigations are typically associated with a specific developer mistake such as writing beyond the bounds of a stack or heap buffer, failing to correctly track reference counts, and so on.
2013 年 12 月のセキュリティ情報 (月例) - MS13-096~MS13-106
Tuesday, December 10, 2013
2013 年 12 月 11 日 (日本時間)、マイクロソフトは計 11 件 (緊急 5 件、重要 6 件) の新規セキュリティ情報を公開し
2013 年 12 月のマイクロソフト ワンポイント セキュリティ ~ビデオで簡単に解説 ~
Tuesday, December 10, 2013
皆さん、こんにちは! 先ほど 12 月のマイクロソフト ワンポイント セキュリティ情報を公開しました。 本日 12 月 11
Assessing risk for the December 2013 security updates
Tuesday, December 10, 2013
Today we released eleven security bulletins addressing 24 CVE’s. Five bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max XI Likely first 30 days impact Platform mitigations and key notes MS13-096(GDI+ TIFF parsing) Victim opens malicious Office document.
MS13-098: Update to enhance the security of Authenticode
Tuesday, December 10, 2013
Today we released MS13-098, a security update that strengthens the Authenticode code-signing technology against attempts to modify a signed binary without invalidating the signature. This update addresses a specific instance of malicious binary modification that could allow a modified binary to pass the Authenticode signature check. More importantly, it also introduces further hardening to consider a binary “unsigned” if any modification has been made in a certain portion of the binary.