2024

Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

Monday, June 17, 2024

Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning (AML) service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries (SSRF) and a path traversal vulnerability, posed potential risks for information exposure and service disruption via Denial-of-Service (DOS).

• MSRC
• CVD

2024 年 6 月のセキュリティ更新プログラム (月例)

Tuesday, June 11, 2024

2024 年 6 月 11 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ

• アドバイザリ
• セキュリティ更新
• セキュリティ更新プログラム
• 月例セキュリティ更新日

Azure ネットワーク サービス タグのガイダンスの改善

Wednesday, June 05, 2024

本ブログは、Improved Guidance for Azure Network Service Tags の抄訳版です。最新の情報は原文を参照してください。 概要 Microsoft Security Response

• Azure
• ネットワークインフラ

Improved Guidance for Azure Network Service Tags

Monday, June 03, 2024

Summary Microsoft Security Response Center (MSRC) was notified in January 2024 by our industry partner, Tenable Inc., about the potential for cross-tenant access to web resources using the service tags feature. Microsoft acknowledged that Tenable provided a valuable contribution to the Azure community by highlighting that it can be easily misunderstood how to use service tags and their intended purpose.

• Azure
• Network infrastructure

2024 年 5 月のセキュリティ更新プログラム (月例)

Tuesday, May 14, 2024

2024 年 5 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ

• アドバイザリ
• セキュリティ更新
• セキュリティ更新プログラム
• 月例セキュリティ更新日

Congratulations to the Top MSRC 2024 Q1 Security Researchers! 

Wednesday, April 17, 2024

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q1 Security Researcher Leaderboard are Yuki Chen, VictorV, and Nitesh Surana! Check out the full list of researchers recognized this quarter here.

• Researcher Recognition
• Security Research
• Community-based Defense
• Security Researcher

2024 年 4 月のセキュリティ更新プログラム (月例)

Tuesday, April 09, 2024

2024 年 4 月 9 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ

• アドバイザリ
• セキュリティ更新
• セキュリティ更新プログラム
• 月例セキュリティ更新日

透明性の向上に向けて： マイクロソフトのCVEに標準の CWE を採用

Tuesday, April 09, 2024

本ブログは、Toward greater transparency: Adopting the CWE standard for Microsoft CVEs の抄訳版です。最新の情報は原文を参照してください。 Microsoft Security Response Center

• セキュリティ更新プログラムガイド

Toward greater transparency: Adopting the CWE standard for Microsoft CVEs

Monday, April 08, 2024

At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by determining the root cause of security vulnerabilities in Microsoft products and services. We use this information to identify vulnerability trends and provide this data to our Product Engineering teams to enable them to systematically understand and eradicate security risks.

• Security Update Guide

Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team

Tuesday, April 02, 2024

Meet Derrick, a Senior Program Manager on the Operational Threat Intelligence team at Microsoft. Derrick’s role involves understanding and roadmapping the complete set of tools that Threat Intel analysts use to collect, analyze, process, and disseminate threat intelligence across Microsoft. Derrick’s love of learning and his natural curiosity led him to a career in technology and ultimately, to his current role at Microsoft.