2021

Security Update Guide Supports CVEs Assigned by Industry Partners

Wednesday, January 13, 2021

Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA. First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a cybersecurity vulnerability. The CVE program was started back in 1999 and is funded by the US federal government, currently out of the Cybersecurity and Infrastructure Security Agency (CISA).

Read More

• CVSS
• Security Update
• Security Update Guide
• Update Tuesday

2021 年 1 月のセキュリティ更新プログラム (月例)

Tuesday, January 12, 2021

2021 年 1 月 13 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし

Read More

• アドバイザリ
• セキュリティ情報
• セキュリティ更新
• 脆弱性

Building Faster AMD64 Memset Routines

Monday, January 11, 2021

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memory by default. Where possible the compiler will unroll calls to memset.

Read More

• InitAll
• Memset
• Uninitialized Memory