Microsoft Security Response Centerの新着記事はこちら Introducing the Microsoft Defender Bounty Program Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded Reflecting on 20 years of Patch Tuesday Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI Congratulations to the Top MSRC 2023 Q3 Security Researchers! Introducing the Microsoft AI Bug Bounty Program featuring the AI-powered Bing experience Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2 Cybersecurity Awareness Month 2023: Elevating Security Together Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217 Journey Down Under: How Rocco Became Australia’s Premier Hacker Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token Results of Major Technical Investigations for Storm-0558 Key Acquisition Azure Serial Console Attack and Defense - Part 1 Congratulations to the MSRC 2023 Most Valuable Security Researchers! Updating our Vulnerability Severity Classification for AI Systems Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards Microsoft mitigates Power Platform Custom Code information disclosure vulnerability BlueHat October 2023 Call for Papers is Now Open! Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form From Bounty Leaderboards to Microsoft Security Researcher, Meet Cameron Vincent! What to Expect When Reporting Vulnerabilities to Microsoft Congratulations to the Top MSRC 2023 Q2 Security Researchers! Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email Breaking Barriers: Aditi’s Journey Through Sight Loss to Microsoft AI Innovator Potential Risk of Privilege Escalation in Azure AD Applications Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry Hey Yara, find some vulnerabilities Announcing The BlueHat Podcast: Listen and Subscribe Now! Guidance related to Secure Boot Manager changes associated with CVE-2023-24932 Microsoft Vulnerability Severity Classification for Online Services Publication Congratulations to the Top MSRC 2023 Q1 Security Researchers! Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD Microsoft Mitigates Outlook Elevation of Privilege Vulnerability Azure Kubernetes Service (AKS) Threat Hunting Configuring host-level audit logging for AKS VMSS First steps in CHERIoT Security Research New MSRC Blog Site BlueHat 2023: Connecting the security research community with Microsoft Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process Congratulations to the Top MSRC 2022 Q4 Security Researchers! Microsoft resolves four SSRF vulnerabilities in Azure cloud services Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API Security Update Guide Improvement – Representing Hotpatch Updates BlueHat 2023: Applications to Attend NOW OPEN! A Ride on the Wild Side with Hacking Heavyweight Sick Codes Announcing the Microsoft Machine Learning Membership Inference Competition (MICO) Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602) Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People Congratulations to the Top MSRC 2022 Q3 Security Researchers! Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk Investigation Regarding Misconfigured Microsoft Storage Location BlueHat 2023 Call for Papers is Now Open! Hunting for Cobalt Strike: Mining and plotting for fun and profit Improvements in Security Update Notifications Delivery - And a New Delivery Method Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez What’s the smallest variety of CHERI? Vulnerability Fixed in Azure Synapse Spark Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards Security Update Guide Notification System News: Create your profile now Congratulations to the MSRC 2022 Most Valuable Researchers! Microsoft Office to publish symbols starting August 2022 Anatomy of a Cloud-Service Security Update Congratulations to the Top MSRC 2022 Q2 Security Researchers! Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity Microsoft Mitigates Azure Site Recovery Vulnerabilities Service Fabric Privilege Escalation from Containerized Workloads on Linux A Man of Action: Meet Callum Carney Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability New Research Paper: Pre-hijacking Attacks on Web User Accounts Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards Anatomy of a Security Update Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers! Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs Microsoft’s Response to CVE-2022-22965 Spring Framework On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program Randomizing the KUSER_SHARED_DATA Structure on Windows Increasing Representation of Women in Security Research Randomizing the KUSER_SHARED_DATA Structure on Windows Exploring a New Class of Kernel Exploit Primitive Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint Disclosure of Vulnerability in Azure Automation Managed Identity Tokens Cyber threat activity in Ukraine: analysis and resources Researcher Spotlight: Cyber Viking Nate Warfield is Here to Help Congratulations to the Top MSRC 2021 Q4 Security Researchers! Expanding the Microsoft Researcher Recognition Program An Armful of CHERIs Coming Soon: New Security Update Guide Notification System Azure App Service Linux source repository exposure Researcher Spotlight: Dr. Nestori Syynimaa’s Constant Mission Protecting Identities Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs BlueHat is Back! We’re Excited to Announce the Launch of Comms Hub! New High Impact Scenarios and Awards for the Azure Bounty Program Congratulations to the Top MSRC 2021 Q3 Security Researchers! Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions Coordinated disclosure of vulnerability in Azure Container Instances Service Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature Announcing the Launch of the Azure SSRF Security Research Challenge Point and Print Default Behavior Change Congratulations to the MSRC 2021 Most Valuable Security Researchers! Introducing Bounty Awards for Teams Mobile Applications Security Research Announcing the Top MSRC 2021 Q2 Security Researchers - Congratulations! Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards Out-of-Band (OOB) Security Update available for CVE-2021-34527 Investigating and Mitigating Malicious Drivers New Nobelium activity “BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks Congratulating Our Top MSRC 2021 Q1 Security Researchers! April 2021 Update Tuesday packages now available Introducing Bounty Awards for Teams Desktop Client Security Research Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities One-Click Microsoft Exchange On-Premises Mitigation Tool - March 2021 Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021 A new experience for reporting copyright or trademark infringement on Microsoft Services On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021 Microsoft Internal Solorigate Investigation - Final Update MSRC Security Researcher Recognition: 2021 Continuing to Listen: Good News about the Security Update Guide API! Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 New and Improved Report Abuse Portal and API! Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 Top MSRC 2020 Q4 Security Researchers – Congratulations! Security Update Guide Supports CVEs Assigned by Industry Partners Building Faster AMD64 Memset Routines Microsoft Internal Solorigate Investigation Update Nobelium Resource Center - updated March 4, 2021 Customer Guidance on Recent Nation-State Cyber Attacks Security Update Guide: Let's keep the conversation going Vulnerability Descriptions in the New Version of the Security Update Guide Attacks exploiting Netlogon vulnerability (CVE-2020-1472) Announcing the Top MSRC 2020 Q3 Security Researchers Security Analysis of CHERI ISA Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community New and improved Security Update Guide! What to Expect When Reporting Vulnerabilities to Microsoft Control Flow Guard for Clang/LLVM and Rust Congratulations to the MSRC’s 2020 Most Valuable Security Researchers Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards Microsoft Joins Open Source Security Foundation Black Hat 2020: See you in the Cloud! Updates to the Windows Insider Preview Bounty Program Top MSRC 2020 Q2 Security Researchers Announced – Congratulations! July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server Solving Uninitialized Kernel Pool Memory on Windows Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack Solving Uninitialized Stack Memory on Windows Azure Sphere Security Research Challenge Now Open The Safety Boat: Kubernetes and Rust Congratulating Our Top 2020 Q1 Security Researchers! March 2020 security updates are available Calling for security research in Azure Sphere, now generally available February 2020 security updates are available Recognizing Security Researchers in 2020 Announcing the Xbox Bounty program Access Misconfiguration for Customer Support Database Announcing MSRC 2019 Q4 Security Researcher Leaderboard January 2020 security updates are available! January 2020 Security Updates: CVE-2020-0601 Announcing the Microsoft Identity Research Project Grant December 2019 security updates are available Customer Guidance for the Dopplepaymer Ransomware BlueHat Seattle videos are online! November 2019 security updates are available! Using Rust in Windows Vulnerability hunting with Semmle QL: DOM XSS Time for day 2 of briefings at BlueHat Seattle! Welcome to the second stage of BlueHat! Microsoft Identity Bounty Improvements Introducing the ElectionGuard Bounty program Announcing the Security Researcher Quarterly Leaderboard An intern's experience with Rust Designing a COM library for Rust October 2019 security updates are available! Building the Azure IoT Edge Security Daemon in Rust MSRC is going to ROOTCON! Meet the BlueHat Content Advisory Board Calling all breakers & builders: BlueHat Seattle registration is open! Attacking the VM Worker Process September 2019 Security Updates Acquiring a VHD to Investigate BlueHat Seattle 2019 Call for Papers is Now Open! Scalable infrastructure for investigations and incident response Announcing the Microsoft Edge Insider Bounty August 2019 Security Updates Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP) Announcing 2019 MSRC Most Valuable Security Researchers Azure Security Lab: a new space for Azure research and collaboration Corporate IoT - a path to intrusion Recognizing Security Researchers in 2019 It’s Official – The Way We Recognize Our Security Researchers Meet the MSRC at Black Hat 2019 Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP) Why Rust for safe systems programming We need a safer systems programming language Announcing the Microsoft Dynamics 365 Bounty program A proactive approach to more secure code July 2019 Security Update Release Inside the MSRC – Building your own security incident response process Inside the MSRC – Anatomy of a SSIRP incident Inside the MSRC – Customer-centric incident response Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149) June 2019 security update release A Reminder to Update Your Systems to Prevent a Worm BlueHat Shanghai 2019: Amplifying the power of defensive partnerships around the world Microsoft Launches a New Recognition Program for MAPP Partners Time travel debugging: It’s a blast! (from the past) May 2019 Security Update Release Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) April 2019 Security Update Release Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards Vulnerability hunting with Semmle QL, part 2 Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec! Local privilege escalation via the Windows I/O Manager: a variant finding collaboration Call for Papers | Microsoft BlueHat Shanghai 2019 March 2019 Security Update Release Practical advice for earning higher Microsoft bounty awards BlueHat Shanghai 2019 Call for Papers is Now Open! February 2019 Security Update Release Fuzzing para-virtualized devices in Hyper-V Microsoft’s Cyber Defense Operations Center shares best practices Announcing the Microsoft Azure DevOps Bounty program January 2019 Security Update Release December 2018 Security Update Release December 2018 Security Update Release First Steps in Hyper-V Research November 2018 Security Update Release Should You Send Your Pen Test Report to the MSRC? BlueHat v18 Content Now Available October 2018 Security Update Release Standing behind “MSRC Listens” Behind BlueHat: The Art September 2018 Security Update Release Microsoft Security Servicing Criteria for Windows Inside MSRC: Sharing Our Story & Customer Tips Vulnerability hunting with Semmle QL, part 1 August 2018 Security Update Release Analysis and mitigation of L1 Terminal Fault (L1TF) Microsoft’s Top 100 Security Researchers – Black Hat 2018 Edition Announcing the BlueHat v18 Schedule The Making of the Top 100 Researcher List Recognizing Q4 Top 5 Bounty Hunters Microsoft launches Identity Bounty program July 2018 Security Update Release Announcing Changes to Microsoft’s Mitigation Bypass Bounty Draft of Microsoft Security Servicing Commitments for Windows June 2018 Security Update Release Analysis and mitigation of speculative store bypass (CVE-2018-3639) May 2018 security update release BlueHat v18 Announced & Call for Papers Opens Hyper-V Debugging Symbols Are Publicly Available Recognizing Q3 Top 5 Bounty Hunters April 2018 security update release Triaging a DLL planting vulnerability KVA Shadow: Mitigating Meltdown on Windows Mitigating speculative execution side channel hardware vulnerabilities Speculative Execution Bounty Launch March 2018 security update release Inside the MSRC– The Monthly Security Update Releases February 2018 security update release Inside the MSRC – How we recognize our researchers January 2018 security update release December 2017 security update release Clarifying the behavior of mandatory ASLR  November 2017 security update release October 2017 security update release VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues  Extending the Microsoft Office Bounty Program September 2017 security update release Announcing the BlueHat v17 Schedule Moving Beyond EMET II – Windows Defender Exploit Guard August 2017 security update release The MSRC 2017 list of “Top 100” security researchers Announcing the Windows Bounty Program EnglishmansDentist Exploit Analysis Eternal Synergy Exploit Analysis July 2017 security update release Eternal Champion Exploit Analysis Update on Petya malware attacks Extending the Microsoft Edge Bounty Program Tales from the MSRC: from pixels to POC June 2017 security update release BlueHat v17 Call for Papers Opens Extending Microsoft Edge Bounty Program Customer Guidance for WannaCrypt attacks Coming together to address Encapsulated PostScript (EPS) attacks May 2017 security update release Taking your feedback on the Security Update Guide Bountycraft at Nullcon 2017 Protecting customers and evaluating risk April 2017 security update release Announcing the new Bug Bounty Program for Office Insider Builds on Windows Microsoft BlueHat v17 Dates Announced - Update 4/3/2017 March 2017 security update release Office 365 security researchers: Double your bounties March-May 2017 SHA-1 Collisions Research Adobe Flash Player security vulnerability release February 2017 security update release EMET 5.52 update is now available January 2017 security update release December 2016 security update release Furthering our commitment to security updates November 2016 security update release Moving Beyond EMET BlueHat v16 Keynote announced October 2016 security update release BlueHat IL 2017 Announced Security Engineering Evolution in Office 2016 for Mac Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms September 2016 security update release Announcing a Microsoft .NET Core and ASP.NET Core Bug Bounty BlueHat v16 Schedule Announced August 2016 security update release Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty July 2016 security update release June 2016 security update release Microsoft Bounty Program expansion - .NET Core and ASP.NET RC2 Beta Bounty BlueHat v16 Announced May 2016 security update release Changes to Security Update Links Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty April 2016 Security Update Release Microsoft Bounty Programs Announce Expansion - Bounty for Microsoft OneDrive March 2016 Security Update Release February 2016 Security Update Release Summary Enhanced Mitigation Experience Toolkit (EMET) version 5.5 is now available January 2016 Security Update Release Summary Triaging the exploitability of IE/EDGE crashes December 2015 Security Update Release Summary BlueHat v15 Announces Schedule and Registration November 2015 Security Update Release Summary EMET: To be, or not to be, A Server-Based Protection Mechanism Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty Enhanced Mitigation Experience Toolkit (EMET) version 5.5 Beta is now available Announcing BlueHat v15 Conference October 2015 Security Update Release Summary September 2015 Security Update Release Summary What makes a good Microsoft Defense Bounty submission? Security Update Solution Further Protects Customer Devices August 2015 Security Update Release Summary Defending against CVE-2015-1769: a logical issue exploited via a malicious USB stick Microsoft Bounty Programs Expansion - Bounty for Defense, Authentication Bonus, and RemoteApp Out-of-band release for Security Bulletin MS15-078 July 2015 Security Updates Advances in Scripting Security and Protection in Windows 10 and PowerShell V5 June 2015 Updates May 2015 Updates Microsoft Bounty Programs Expansion – Azure and Project Spartan April 2015 Updates EMET 5.2 is available (update) March 2015 Updates Security Advisory 3046015 released February 2015 Updates MS15-011 & MS15-014: Hardening Group Policy January 2015 Updates A Call for Better Coordinated Vulnerability Disclosure Evolving Microsoft's Advance Notification Service in 2015 December 2014 Updates Advance Notification Service for the December 2014 Security Bulletin Release Security Bulletin MS14-068 released Additional information about CVE-2014-6324 Out-of-band release for Security Bulletin MS14-068 Assessing Risk for the November 2014 Security Updates MS14-072: .NET Remoting Elevation of Privilege Vulnerability November 2014 Updates EMET 5.1 is available Advance Notification Service for the November 2014 Security Bulletin Release Security Advisory 3009008 updated Security Advisory 3010060 released Assessing Risk for the October 2014 Security Updates More Details About CVE-2014-4073 Elevation of Privilege Vulnerability October 2014 Updates Advance Notification Service for the October 2014 Security Bulletin Release BlueHat v14 is almost here Bug Bounty Evolution: Online Services September 2014 Security Bulletin Release Webcast and Q&A Assessing risk for the September 2014 security updates The September 2014 Security Updates Advance Notification Service for the September 2014 Security Bulletin Release Security Bulletin MS14-045 rereleased August 2014 Security Bulletin Webcast and Q&A Assessing risk for the August 2014 security updates August 2014 Security Updates Advance Notification Service for the August 2014 Security Bulletin Release Announcing EMET 5.0 General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0 July 2014 Security Bulletin Webcast and Q&A Security Advisory 2982792 released, Certificate Trust List updated Assessing risk for the July 2014 security updates July 2014 Security Bulletin Release Advance Notification Service for the July 2014 Security Bulletin Release Driving a Collectively Stronger Security Community with Microsoft Interflow Microsoft releases Security Advisory 2974294 June 2014 Security Bulletin Webcast and Q&A Assessing risk for the June 2014 security updates Theoretical Thinking and the June 2014 Bulletin Release Advance Notification Service for the June 2014 Security Bulletin Release An Overview of KB2871997 Meet myBulletins: an online security bulletin customization service May 2014 Security Bulletin Webcast and Q&A Assessing risk for the May 2014 security updates Load Library Safely MS14-025: An Update for Group Policy Preferences The May 2014 Security Updates Advance Notification Service for the May 2014 Security Bulletin Release Out-of-Band Release to Address Microsoft Security Advisory 2963983 Security Update Released to Address Recent Internet Explorer Vulnerability Continuing with Our Community Driven, Customer Focused Approach for EMET Protection strategies for the Security Advisory 2963983 IE 0day Microsoft releases Security Advisory 2963983 More Details about Security Advisory 2963983 IE 0day April 2014 Security Bulletin Webcast and Q&A Assessing risk for the April 2014 security updates MS14-019 – Fixing a binary hijacking via .cmd or .bat file The April 2014 Security Updates Advance Notification Service for the April 2014 Security Bulletin Release The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries Microsoft Releases Security Advisory 2953095 Security Advisory 2953095: recommendation to stay protected and for detections March 2014 Security Bulletin Webcast and Q&A When ASLR makes the difference Assessing risk for the March 2014 security updates The March 2014 Security Updates Advance Notification Service for the March 2014 Security Bulletin Release Announcing EMET 5.0 Technical Preview Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322 Microsoft Releases Security Advisory 2934088 February 2014 Security Bulletin Webcast and Q&A Assessing risk for the February 2014 security updates Safer Internet Day 2014 and Our February 2014 Security Updates Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A A Look Into the Future and the January 2014 Bulletin Release Assessing risk for the January 2014 security updates Advance Notification Service for the January 2014 Security Bulletin Release Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck Software defense: mitigating common exploitation techniques Assessing risk for the December 2013 security updates MS13-098: Update to enhance the security of Authenticode Omphaloskepsis and the December 2013 Security Update Release MS13-106: Farewell to another ASLR bypass Security Advisory 2916652 released, Certificate Trust List updated BlueHat v13 is Coming Advance Notification Service for December 2013 Security Bulletin Release Microsoft Releases Security Advisory 2914486 Security and policy surrounding bring your own devices (BYOD) MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck Assessing risk for the November 2013 security updates Authenticity and the November 2013 Security Updates Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1 Security Advisory 2868725: Recommendation to disable RC4 Security Advisory 2880823: Recommendation to discontinue use of SHA-1 Technical details of the targeted attack using IE vulnerability CVE-2013-3918 ActiveX Control issue being addressed in Update Tuesday Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release Software defense: safe unlinking and reference count hardening CVE-2013-3906: a graphics vulnerability exploited through Word documents Microsoft Releases Security Advisory 2896666 Bounty Evolution: $100,000 for New Mitigation Bypass Techniques Wanted Dead or Alive Software Defense: mitigating heap corruption vulnerabilities Introduction: Chris Betz, new head of MSRC 10 years of Update Tuesdays October 2013 Security Bulletin Webcast, Q&A, and Slide Deck Assessing risk for the October 2013 security updates Congratulations to James Forshaw Recipient of Our First $100,000 Bounty for New Mitigation Bypass Techniques! MS13-080 addresses two vulnerabilities under limited, targeted attacks An update on the bounty programs The October 2013 security updates Bounty News Update: Bountiful Harvest Advance Notification Service for October 2013 Security Bulletin Release Software Defense: mitigating stack corruption vulnerabilties Software Defense Series: Exploit mitigation and vulnerability detection CVE-2013-3893: Fix it workaround available Microsoft Releases Security Advisory 2887505 September 2013 Security Bulletin Webcast, Q&A, and Slide Deck Assessing risk for the September 2013 security updates Lovely tokens and the September 2013 security updates MS13-068: A difficult-to-exploit double free in Outlook Advance Notification Service for September 2013 Security Bulletin Release August 2013 Security Bulletin Webcast, Q&A, and Slide Deck Assessing risk for the August 2013 security updates Cryptographic Improvements in Microsoft Windows Leaving Las Vegas and the August 2013 security updates Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063 Advance Notification Service for August 2013 Security Bulletin Release The story of MS13-002: How incorrectly casting fat pointers can make your code explode Are you prepared for the BlueHat Challenge? Try something new – Beat the BlueHat Challenge!