2014

Advance Notification Service for the April 2014 Security Bulletin Release

Thursday, April 03, 2014

Today we provide advance notification for the release of four bulletins, two rated Critical and two rated Important in severity. These updates address issues in Microsoft Windows, Office and Internet Explorer. The update provided through MS14-017 fully addresses the Microsoft Word issue first described in Security Advisory 2953095. This advisory also included a Fix it to disable opening rich-text format (RTF) files within Microsoft Word.

Read More

• ANS
• Internet Explorer (IE)
• Microsoft Office
• Microsoft Windows
• Security Advisory

【Windows XP、Office 2003 サポート終了まであと 6 日】あらためて、「使い続けるリスク」のまとめ

Wednesday, April 02, 2014

サポート終了まであと 6 日となりました。サポート対象の新しい製品への移行はお済みでしょうか？ これまで、

Read More

• EoS
• Windows XP

The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries

Wednesday, April 02, 2014

It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work together.

Read More

• Announcements
• Microsoft Active Protections Program (MAPP)
• Risk Assessment

Windows XP に対するサイバー脅威、および中小企業と個人消費者へのガイダンス

Tuesday, April 01, 2014

本記事は、Microsoft Security のブログ、“ Cyber threats to Windows XP and guidance for Small Businesses and Individual Consumers ” (2014 年 3 月 24 日公開) を翻訳した記

Read More

• EoS
• Windows XP
• ガイダンス
• リスク評価

マイクロソフト サイバーセキュリティ レポート: 最も注意が必要なエンタープライズの脅威 トップ 10

Wednesday, March 26, 2014

本記事は、 Microsoft Security のブログ “ Microsoft Cybersecurity Report: Top 10 Most Wanted Enterprise Threats ” (2013 年 11 月 26 日公開 ) を翻訳した記事です。 長年にわたる海外出

Read More

• レポート
• 展開

Microsoft Releases Security Advisory 2953095

Monday, March 24, 2014

Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer.

Read More

• Advisory
• Fix It
• Microsoft Office
• Security Advisory

Security Advisory 2953095: recommendation to stay protected and for detections

Monday, March 24, 2014

Today, Microsoft released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. This blog will discuss mitigations and temporary defensive strategies that will help customers to protect themselves while we are working on a security update.

Read More

• 0day
• 2953095
• CVE-2014-1761
• EMET
• MSRC
• RTF

セキュリティ アドバイザリ 2953095「Microsoft Word の脆弱性により、リモートでコードが実行される」を公開

Monday, March 24, 2014

2014/03/25 16:45 更新: 回避策 ④ EMET を導入するの記載を更新し、Mandatory ASLR および anti-ROP features のいずれかで阻止できるこ

Read More

• アドバイザリ
• 標的型攻撃

証明書更新機能の進化と Windows XP サポート終了後のリスク

Wednesday, March 19, 2014

こんにちは、村木ゆりかです。 マイクロソフトでは、Windows において信頼するルート証明書を管理する

Read More

• PKI
• Windows XP
• 啓発
• 証明書

March 2014 Security Bulletin Webcast and Q&A

Monday, March 17, 2014

Today we published the March 2014 Security Bulletin Webcast Questions & Answers page. We answered eight questions in total, with the majority focusing on the updates for Windows (MS14-016) and Internet Explorer (MS14-012). One question that was not answered on air has been included on the Q&A page. Here is the video replay.

Read More

• Bulletin Webcast
• Internet Explorer (IE)
• Microsoft Windows
• Security Bulletin Webcast