Service Fabric におけるLinux 上のコンテナ化されたワークロードからの特権昇格について
Thursday, June 30, 2022
本ブログは、 Service Fabric Privilege Escalation from Containerized Workloads on Linux の抄訳版です。最新の情報は原文を参照してください。 協調的な脆弱性の公開
2022
Service Fabric Privilege Escalation from Containerized Workloads on Linux
Tuesday, June 28, 2022
Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource’s host SF node and the entire cluster.
A Man of Action: Meet Callum Carney
Friday, June 24, 2022
Hidden Talents : He was a competitive swimmer for many years. Instrument of Choice : His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life : The Office, World War Z, The Matrix, Breaking Bad, The Thick of It.
2022 年 6 月のセキュリティ更新プログラム (月例)
Tuesday, June 14, 2022
2022 年 6 月 14 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
CVE-2022-30190 マイクロソフト サポート診断ツールの脆弱性に関するガイダンス
Monday, May 30, 2022
本ブログは Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability の抄訳版です。最新の情報は原文を参照してください。 2022 年 7 月 12 日更新 : マイク
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
Monday, May 30, 2022
UPDATE July 12, 2022: As part of the response by Microsoft, a defense in depth variant has been found and fixed in the Windows July cumulative updates. Microsoft recommends installing the July updates as soon as possible. Windows Version Link to KB article LInk to Catalog Windows 8.1, Windows Server 2012 R2 5015805 Download Windows Server 2012 5015805 Download Windows 7, Windows Server 2008 R2 5015805 Download Windows Server 2008 SP2 5015805 Download On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.
New Research Paper: Pre-hijacking Attacks on Web User Accounts
Monday, May 23, 2022
In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researcher Avinash Sudhodanan, investigated account pre-hijacking – a new class of attacks affecting websites and other online services.
Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards
Thursday, May 19, 2022
“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name : The word dog in Spanish is “perro” @p3RR0.
セキュリティ更新プログラムのアナトミー
Monday, May 16, 2022
本ブログは、Anatomy of a Security Update の抄訳版です。最新の情報は原文を参照してください。 マイクロソフト セ
Anatomy of a Security Update
Friday, May 13, 2022
The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provide updated tools and guidance to help organizations defend against, identify, and remediate attacks.