Month Archives: November 2019

[あらためて確認を]　RDP の脆弱性に対するセキュリティ更新プログラムの適用を推奨

Tuesday, November 26, 2019

2019 年、マイクロソフトはリモートデスクトッププロトコル (Remote Desktop Protocol: RDP)、 Terminal Services における複数の脆弱性を修正し

• BlueKeep
• RDP
• セキュリティ情報
• セキュリティ更新プログラム
• 脆弱性

Customer Guidance for the Dopplepaymer Ransomware

Wednesday, November 20, 2019

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymerransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated and found no evidence to support these claims. In our investigations we found that the malware relies on remote human operators using existing Domain Admin credentials to spread across an enterprise network.

• BlueKeep
• Doppepaymer
• Malware
• Microsoft Teams
• Ransomware
• RDP

BlueHat Seattle videos are online!

Wednesday, November 13, 2019

Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone.

• AppSec
• Azure AD
• Binary analysis
• BlueHat Security Briefings
• Community-based Defense
• DFIR
• Identity
• Kubernetes
• Machine learning
• Malware research
• Open Source
• Xbox

2019 年 11 月のセキュリティ更新プログラム (月例)

Tuesday, November 12, 2019

2019 年 11 月 13 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし

• アドバイザリ
• セキュリティ情報
• セキュリティ更新
• 脆弱性

November 2019 security updates are available!

Tuesday, November 12, 2019

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer receiving updates as of January 14, 2020.

Using Rust in Windows

Thursday, November 07, 2019

This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in Microsoft. If you want to talk with some of the people working on how Microsoft is evolving its code practices for better security, be sure to attend the keynote and talk to Ryan and Sebastian afterwards!

• Memory Safety
• Rust
• Safe Systems Programming Languages
• Secure Development

Vulnerability hunting with Semmle QL: DOM XSS

Wednesday, November 06, 2019

In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­ the most common type of client-side vulnerabilities: DOM-based cross-site scripting (XSS).

• DOM-based XSS
• Security Research
• Security Vulnerability
• Semmle