2024 年 12 月 10 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
本ブログは Announcing the Adaptive Prompt Injection Challenge (LLMail-Inject) の抄訳版です。最新の情報は原文を参照してください。 LLMail-Inject は、現実的にシミュレート| 2024 on Microsoft Security Response Center
本ブログは Mitigating NTLM Relay Attacks by Default の抄訳版です。 最新の情報は原文を参照してください。 はじめに 2024 年 2 月、マイクロソ| 2024 on Microsoft Security Response Center
2025 年のセキュリティ更新プログラムの公開予定日は下記のとおりです。更新プログラムの評価、テスト、適用の| 2024 on Microsoft Security Response Center
本ブログは Securing AI and Cloud with the Zero Day Quest の抄訳版です。 最新の情報は原文を参照してください。 マイクロソフトのセキュ| 2024 on Microsoft Security Response Center
2024 年 11 月 12 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
本ブログは Toward greater transparency: Publishing machine-readable CSAF files の抄訳版です。最新の情報は原文を参照してください。 Microsoft Security Response Center (MSRC) の透明性に関する| 2024 on Microsoft Security Response Center
2024 年 10 月 8 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
2024 年 9 月 10 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
2024 年 8 月 13 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center (MSRC). Each year we identify over a thousand potential security issues together, safeguarding our customers from possible threats through the Microsoft Bounty Program.| 2024 on Microsoft Security Response Center
本ブログは Introducing the MSRC Researcher Resource Center の抄訳版です。 最新の情報は原文を参照してください。 マイクロソフトは、マイクロソ| 2024 on Microsoft Security Response Center
At the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common Vulnerability Reporting (CVRF) API. This update brings improvements in both security and performance, without requiring any changes to your existing invocation methods.| 2024 on Microsoft Security Response Center
本ブログは Announcing the CVRF API 3.0 upgrade の抄訳版です。 最新の情報は原文を参照してください。 Microsoft Security Response Center では、お客様の進化す| 2024 on Microsoft Security Response Center
2024 年 7 月 9 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
本ブログは What’s new in the MSRC Report Abuse Portal and API の抄訳版です。最新の情報は原文を参照してください。 Microsoft Security Response Center (MSRC) は、マイク| 2024 on Microsoft Security Response Center
本ブログは、Toward greater transparency: Unveiling Cloud Service CVEs の抄訳版です。最新の情報は原文を参照してください。 このブログは、| 2024 on Microsoft Security Response Center
本ブログは、Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning の抄訳版です。最新の情報は原文を参照してください。 概要 2024| 2024 on Microsoft Security Response Center
2024 年 6 月 11 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
本ブログは、Improved Guidance for Azure Network Service Tags の抄訳版です。最新の情報は原文を参照してください。 概要 Microsoft Security Response| 2024 on Microsoft Security Response Center
2024 年 5 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
2024 年 4 月 9 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
本ブログは、Toward greater transparency: Adopting the CWE standard for Microsoft CVEs の抄訳版です。最新の情報は原文を参照してください。 Microsoft Security Response Center| 2024 on Microsoft Security Response Center
2024 年 3 月 12 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
本ブログは、Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard の抄訳版です。最新の情報は原文を参照してください。 この| 2024 on Microsoft Security Response Center
本ブログは、Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and an expanded scope の抄訳版です。最新の情報は原文を参照| 2024 on Microsoft Security Response Center
本ブログは、New Security Advisory Tab Added to the Microsoft Security Update Guide の抄訳版です。最新の情報は原文を参照してください。 本日、マイク| 2024 on Microsoft Security Response Center
2024 年 2 月 13 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
2024 年 1 月 9 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ| 2024 on Microsoft Security Response Center
Microsoftは アプリ インストーラー の悪用に対処します| msrc.microsoft.com
You asked for it and it’s finally here! The inaugural BlueHat India conference will be held May 16-17th, 2024, in Hyderabad, India! This intimate conference will bring together a unique blend of security researchers and responders, who come together as peers to exchange ideas, experiences, and learnings in the interest of creating a safer and more secure world for all.| 2024 on Microsoft Security Response Center
Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new and existing installs of Exchange 2019. While we’re currently unaware of any active threat campaigns involving NTLM relaying attacks against Exchange, we have observed threat actors exploiting this vector in the past.| 2024 on Microsoft Security Response Center
We are excited to introduce LLMail-Inject, a new challenge focused on evaluating state-of-the-art prompt injection defenses in a realistic simulated LLM-integrated email client. In this challenge, participants assume the role of an attacker who sends an email to a user. The user then queries the LLMail service with a question (e.| 2024 on Microsoft Security Response Center
Our security teams work around the clock to help protect every person and organization on the planet from security threats. We also know that security is a team sport, and that’s why we also partner with the global security community through our bug bounty programs to proactively identify and mitigate potential issues before our customers are impacted.| 2024 on Microsoft Security Response Center
Toward greater transparency: Publishing machine-readable CSAF files| msrc.microsoft.com
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q3 Security Researcher Leaderboard are wkai, VictorV, and Zhihua Wen! Check out the full list of researchers recognized this quarter here.| 2024 on Microsoft Security Response Center
34 sessions from 54 presenters representing 20 organizations! We are thrilled to reveal the lineup of speakers and presentations for the 23rd BlueHat Security Conference, in Redmond WA from Oct 29-30. This year’s conference continues the BlueHat ethos and Secure Future Initiative mission of “Security Above All Else”. Security researchers and responders from inside and outside of Microsoft will gather on the Microsoft campus in Redmond, WA to share, debate, and challenge each other, wit...| 2024 on Microsoft Security Response Center
The 23rd edition of Microsoft’s BlueHat security conference will be hosted by the Microsoft Security Response Center (MSRC) at the Redmond, WA corporate campus, October 29 and 30, 2024. BlueHat brings together security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and best practices, all in the interest of creating a safer and more secure world for everyone.| 2024 on Microsoft Security Response Center
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s 100 Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.| 2024 on Microsoft Security Response Center
Introducing the MSRC Researcher Resource Center| msrc.microsoft.com
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q2 Security Researcher Leaderboard are Yuki Chen, Lewis Lee & Ver & Zhiniang Peng, and Wei!| 2024 on Microsoft Security Response Center
The Microsoft Security Response Center (MSRC) has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several key updates to the Report Abuse Portal and API, which will significantly improve the way we handle and respond to abuse reports.| 2024 on Microsoft Security Response Center
Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities, and Microsoft, from current and emerging threats to security and privacy.| 2024 on Microsoft Security Response Center
Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning (AML) service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries (SSRF) and a path traversal vulnerability, posed potential risks for information exposure and service disruption via Denial-of-Service (DOS).| 2024 on Microsoft Security Response Center
Starting today, we are doubling the maximum bounty award for the Microsoft 365 Insider Bug Bounty Program to $30,000 USD for high impact scenarios, such as unauthenticated non-sandboxed code execution with no user interaction. We are also expanding the scope of our bounty program to include more vulnerability types and products.| 2024 on Microsoft Security Response Center
Improved Guidance for Azure Network Service Tags| msrc.microsoft.com
Congratulations to the Top MSRC 2024 Q1 Security Researchers!| msrc.microsoft.com
Toward greater transparency: Adopting the CWE standard for Microsoft CVEs| msrc.microsoft.com
Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team| msrc.microsoft.com
Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard| msrc.microsoft.com
From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin| msrc.microsoft.com
An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career at Microsoft| msrc.microsoft.com
New Security Advisory Tab Added to the Microsoft Security Update Guide| msrc.microsoft.com
Faye’s Journey: From Security PM to Diversity Advocate at Microsoft| msrc.microsoft.com
Congratulations to the Top MSRC 2023 Q4 Security Researchers!| msrc.microsoft.com
国家アクター Midnight Blizzard による攻撃に対するマイクロソフトの対応について| msrc.microsoft.com
Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard| msrc.microsoft.com