Azure ADを使用するマルチテナント アプリケーションの承認に関する構成ミスの可能性に関するガイダンス
Thursday, March 30, 2023
本ブログは、Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD の抄訳版です。最新の情報は原文を参照してください
Month Archives: March 2023
Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD
Wednesday, March 29, 2023
Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of our internal applications. The misconfiguration allowed external parties read and write access to the impacted applications. Microsoft immediately corrected the misconfiguration and added additional authorization checks to address the issue and confirmed that no unintended access had occurred.
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
Tuesday, March 14, 2023
May 9, 2023 update: Releases for Microsoft Products has been updated with the release of CVE-2023-29324 - Security Update Guide - Microsoft - Windows MSHTML Platform Security Feature Bypass Vulnerability March 24, 2023 update: Impact Assessment has been updated to a link to Guidance for investigating attacks using CVE-2023-23397 - Microsoft Security Blog.
2023 年 3 月のセキュリティ更新プログラム (月例)
Tuesday, March 14, 2023
2023 年 3 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
マイクロソフトは Outlook の 特権昇格の脆弱性を緩和します
Tuesday, March 14, 2023
本ブログは、Microsoft Mitigates Outlook Elevation of Privilege Vulnerability の抄訳版です。最新の情報は原文を参照してください。 2023 年 5 月
Azure Kubernetes Service (AKS) Threat Hunting
Wednesday, March 01, 2023
As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also extended to adversaries. As adversaries leverage Kubernetes to run their workloads, their understanding of how these platforms work and can be exploited increases.
Configuring host-level audit logging for AKS VMSS
Wednesday, March 01, 2023
This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service (AKS) Virtual Machine Scale Set (VMSS) using the Linux auditing subsystem, also known as auditd. Warning The information provided below is accurate as of the release date of this blog post (2023-03) and guidance may change in future.