セキュリティ アドバイザリ 2862973 ~ ルート証明書プログラムにおける MD5ハッシュの利用制限
Tuesday, August 13, 2013
こんにちは。村木ゆりかです。 これまでも、マイクロソフトでは証明書を利用する環境を、より安全な環境にす
2013
Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063
Monday, August 12, 2013
Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). As we’ve described in the past, these mitigations play an important role in making it more difficult and costly for attackers to exploit vulnerabilities.
2013 年 8 月 14 日のセキュリティ リリース予定 (月例)
Thursday, August 08, 2013
2013 年 8 月の月例セキュリティ リリースの事前通知を公開しました。 2013 年 8 月 14 日に公開を予定している新規月例
Advance Notification Service for August 2013 Security Bulletin Release
Thursday, August 08, 2013
Today we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for August 2013. The Critical updates address vulnerabilities in Microsoft Windows, Internet Explorer and Exchange. As usual, we’ve scheduled the bulletin release for the second Tuesday of the month, August 13, 2013, at approximately 10:00 a.
ウイルスは復活しているのか?
Wednesday, August 07, 2013
本記事は、 Microsoft Security Blog のブログ “Are Viruses Making a Comeback?” (2013 年 5 月 16 日公開 ) を翻訳した記事です。 Trustworthy Computing
The story of MS13-002: How incorrectly casting fat pointers can make your code explode
Tuesday, August 06, 2013
C++ supports developers in object-orientated programming and removes from the developer the responsibility of dealing with many object-oriented programming (OOP) paradigm problems. But these problems do not magically disappear. Rather it is the compiler that aims to provide a solution to many of the complexities that arise from C++ objects, virtual methods, inheritance etc.
Are you prepared for the BlueHat Challenge?
Wednesday, July 31, 2013
Today we are kicking off a new challenge so you can showcase your security prowess and, if we can, help you build some more. Our BlueHat Challenge is a series of computer security questions, which increase in difficulty as you progress. Only the rare and talented engineer will be able to finish the Challenge on the first attempt.
EMET 4 日本語版ユーザー ガイドを公開しました
Wednesday, July 31, 2013
みなさん、こんにちは。村木ゆりかです。 脆弱性緩和ツール Enhanced Mitigation Experience Toolkit (EMET) の最新版、EMET 4.0 がリリースされて
Try something new – Beat the BlueHat Challenge!
Wednesday, July 31, 2013
August 2014 Update: The BlueHat Challenge is on hold. We will make an announcement on this blog when we re-start the BlueHat Challenge. Thanks for your interest! —- We were inspired by the Matasano Crypto Challenges. So we built a similar series of fun challenges to exercise reverse engineering, vulnerability discovery, and web browser manipulation attack concepts.
Announcing the 2013 MSRC Progress Report featuring MAPP expansions
Monday, July 29, 2013
Over the years, our customers have come to expect a certain regularity and transparency in both our security updates and the guidance that goes with them. One regular piece of communication about our work is a yearly progress report, which provides a look into the program updates and bulletin statistics from the Microsoft Security Response Center (MSRC).