2020

セキュリティ更新プログラム リリース スケジュール (2021 年)

Tuesday, November 10, 2020

2021 年のセキュリティ更新プログラムの公開予定日は下記のとおりです。更新プログラムの評価、テスト、適用の

Read More

• セキュリティ情報
• セキュリティ更新

Vulnerability Descriptions in the New Version of the Security Update Guide

Monday, November 09, 2020

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.

Read More

• CVSS
• Security Update
• Security Update Guide
• Update Tuesday

新しいセキュリティ更新プログラム ガイドでの脆弱性情報の詳細

Monday, November 09, 2020

新しいバージョンのセキュリティ更新プログラムについては下記の関連ブログもご覧ください。 「新しいセキュ

Read More

• セキュリティ情報
• セキュリティ更新プログラム ガイド

Attacks exploiting Netlogon vulnerability (CVE-2020-1472)

Thursday, October 29, 2020

Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to spoof a domain controller account that could be used to steal domain credentials and take over the domain.

Read More

• Active Directory
• EOP
• Patch
• Standard)
• Vulnerability
• Windows Server 2008 R2 Service Pack 1
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019 all editions
• Windows Server version 1809 (Datacenter
• Windows Server version 1903 all editions
• Windows Server version 1909 all editions

[IT 管理者向け] DNS レコードを管理してサブドメイン テイクオーバーを防ぐ

Tuesday, October 27, 2020

みなさんは、「サブドメイン テイクオーバー」というセキュリティの問題をご存じですか? サブドメイン テイク

Read More

• Azure
• サブドメイン テイクオーバー
• セキュリティ情報

Microsoft Digital Defense Report でサイバーセキュリティの動向を知る

Thursday, October 22, 2020

2020 年 9 月マイクロソフトは、昨年のサイバーセキュリティの動向を網羅した「Microsoft Digital Defense Repo

Read More

• DigitalDefenseReport
• SIR
• セキュリティ情報
• レポート

Announcing the Top MSRC 2020 Q3 Security Researchers

Thursday, October 15, 2020

Following the MSRC’s 2020 Most Valuable Security Researchers announced during this year’s Black Hat, we’re excited to announce the top contributing researchers for the 2020 Third Quarter (Q3)! The top three researchers of the 2020 Q3

Read More

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

Security Analysis of CHERI ISA

Wednesday, October 14, 2020

Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI (Capability Hardware Enhanced RISC Instructions), which provides memory protection features against many exploited vulnerabilities, or in other words, an architectural solution that breaks exploits.

Read More

• Memory Corruption
• Memory Safety
• Secure Development
• Security Research

2020 年 10 月のセキュリティ更新プログラム (月例)

Tuesday, October 13, 2020

2020 年 10 月 14 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし

Read More

• アドバイザリ
• セキュリティ情報
• セキュリティ更新
• 脆弱性

Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community

Tuesday, October 06, 2020

The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. During the three-month Azure Sphere Security Research Challenge, researchers surfaced 20 Critical or Important severity security vulnerabilities, with Microsoft awarding $374,300 in bounty awards for 16 bounty eligible reports.

Read More

• Bounty
• Community-based Defense
• Security Research
• Security Researcher