Microsoft Security Response Centerの新着記事はこちら
Announcing BlueHat 2024: Call for Papers now open
Congratulations to the MSRC 2024 Most Valuable Security Researchers!
Microsoft Bounty Program Year in Review: $16.6M in Rewards
Introducing the MSRC Researcher Resource Center
Congratulations to the Top MSRC 2024 Q2 Security Researchers!
Announcing the CVRF API 3.0 upgrade
What’s new in the MSRC Report Abuse Portal and API
Toward greater transparency: Unveiling Cloud Service CVEs
Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning
Improved Guidance for Azure Network Service Tags
Congratulations to the Top MSRC 2024 Q1 Security Researchers!
Toward greater transparency: Adopting the CWE standard for Microsoft CVEs
Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team
Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard
Faye’s Journey: From Security PM to Diversity Advocate at Microsoft
Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and an expanded scope
From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin
An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career at Microsoft
New Security Advisory Tab Added to the Microsoft Security Update Guide
Congratulations to the Top MSRC 2023 Q4 Security Researchers!
Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard
BlueHat India Call for Papers is Now Open!
Microsoft addresses App Installer abuse
Azure Serial Console Attack and Defense - Part 2
Introducing the Microsoft Defender Bounty Program
Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded
Reflecting on 20 years of Patch Tuesday
Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI
Congratulations to the Top MSRC 2023 Q3 Security Researchers!
Introducing the Microsoft AI Bug Bounty Program featuring the AI-powered Bing experience
Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2
Cybersecurity Awareness Month 2023: Elevating Security Together
Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217
Journey Down Under: How Rocco Became Australia’s Premier Hacker
Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token
Results of Major Technical Investigations for Storm-0558 Key Acquisition
Azure Serial Console Attack and Defense - Part 1
Congratulations to the MSRC 2023 Most Valuable Security Researchers!
Updating our Vulnerability Severity Classification for AI Systems
Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards
Microsoft mitigates Power Platform Custom Code information disclosure vulnerability
BlueHat October 2023 Call for Papers is Now Open!
Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form
From Bounty Leaderboards to Microsoft Security Researcher, Meet Cameron Vincent!
What to expect when reporting vulnerabilities to Microsoft
Congratulations to the Top MSRC 2023 Q2 Security Researchers!
Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
Breaking Barriers: Aditi’s Journey Through Sight Loss to Microsoft AI Innovator
Potential Risk of Privilege Escalation in Azure AD Applications
Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks
Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry
Hey Yara, find some vulnerabilities
Announcing The BlueHat Podcast: Listen and Subscribe Now!
Guidance related to Secure Boot Manager changes associated with CVE-2023-24932
Microsoft Vulnerability Severity Classification for Online Services Publication
Congratulations to the Top MSRC 2023 Q1 Security Researchers!
Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access
Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
Azure Kubernetes Service (AKS) Threat Hunting
Configuring host-level audit logging for AKS VMSS
First steps in CHERIoT Security Research
New MSRC Blog Site
BlueHat 2023: Connecting the security research community with Microsoft
Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process
Congratulations to the Top MSRC 2022 Q4 Security Researchers!
Microsoft resolves four SSRF vulnerabilities in Azure cloud services
Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
Security Update Guide Improvement – Representing Hotpatch Updates
BlueHat 2023: Applications to Attend NOW OPEN!
A Ride on the Wild Side with Hacking Heavyweight Sick Codes
Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)
Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)
Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB
Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People
Congratulations to the Top MSRC 2022 Q3 Security Researchers!
Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk
Investigation Regarding Misconfigured Microsoft Storage Location
BlueHat 2023 Call for Papers is Now Open!
Hunting for Cobalt Strike: Mining and plotting for fun and profit
Improvements in Security Update Notifications Delivery - And a New Delivery Method
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance
Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez
What’s the smallest variety of CHERI?
Vulnerability Fixed in Azure Synapse Spark
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards
Security Update Guide Notification System News: Create your profile now
Congratulations to the MSRC 2022 Most Valuable Researchers!
Microsoft Office to publish symbols starting August 2022
Anatomy of a Cloud-Service Security Update
Congratulations to the Top MSRC 2022 Q2 Security Researchers!
Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability
All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity
Microsoft Mitigates Azure Site Recovery Vulnerabilities
Service Fabric Privilege Escalation from Containerized Workloads on Linux
A Man of Action: Meet Callum Carney
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
New Research Paper: Pre-hijacking Attacks on Web User Accounts
Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards
Anatomy of a Security Update
Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)
Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution
Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!
Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs
Microsoft’s Response to CVE-2022-22965 Spring Framework
On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program
Randomizing the KUSER_SHARED_DATA Structure on Windows
Increasing Representation of Women in Security Research
Randomizing the KUSER_SHARED_DATA Structure on Windows
Exploring a New Class of Kernel Exploit Primitive
Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint
Disclosure of Vulnerability in Azure Automation Managed Identity Tokens
Cyber threat activity in Ukraine: analysis and resources
Researcher Spotlight: Cyber Viking Nate Warfield is Here to Help
Congratulations to the Top MSRC 2021 Q4 Security Researchers!
Expanding the Microsoft Researcher Recognition Program
An Armful of CHERIs
Coming Soon: New Security Update Guide Notification System
Azure App Service Linux source repository exposure
Researcher Spotlight: Dr. Nestori Syynimaa’s Constant Mission Protecting Identities
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
BlueHat is Back!
We’re Excited to Announce the Launch of Comms Hub!
New High Impact Scenarios and Awards for the Azure Bounty Program
Congratulations to the Top MSRC 2021 Q3 Security Researchers!
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program
Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions
Coordinated disclosure of vulnerability in Azure Container Instances Service
Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature
Announcing the Launch of the Azure SSRF Security Research Challenge
Point and Print Default Behavior Change
Congratulations to the MSRC 2021 Most Valuable Security Researchers!
Introducing Bounty Awards for Teams Mobile Applications Security Research
Announcing the Top MSRC 2021 Q2 Security Researchers - Congratulations!
Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability
Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards
Out-of-Band (OOB) Security Update available for CVE-2021-34527
Investigating and Mitigating Malicious Drivers
New Nobelium activity
“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks
Congratulating Our Top MSRC 2021 Q1 Security Researchers!
April 2021 Update Tuesday packages now available
Introducing Bounty Awards for Teams Desktop Client Security Research
Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities
One-Click Microsoft Exchange On-Premises Mitigation Tool - March 2021
Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021
A new experience for reporting copyright or trademark infringement on Microsoft Services
On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021
Microsoft Internal Solorigate Investigation - Final Update
MSRC Security Researcher Recognition: 2021
Continuing to Listen: Good News about the Security Update Guide API!
Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
New and Improved Report Abuse Portal and API!
Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472
Top MSRC 2020 Q4 Security Researchers – Congratulations!
Security Update Guide Supports CVEs Assigned by Industry Partners
Building Faster AMD64 Memset Routines
Microsoft Internal Solorigate Investigation Update
Nobelium Resource Center - updated March 4, 2021
Customer Guidance on Recent Nation-State Cyber Attacks
Security Update Guide: Let's keep the conversation going
Vulnerability Descriptions in the New Version of the Security Update Guide
Attacks exploiting Netlogon vulnerability (CVE-2020-1472)
Announcing the Top MSRC 2020 Q3 Security Researchers
Security Analysis of CHERI ISA
Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community
New and improved Security Update Guide!
Control Flow Guard for Clang/LLVM and Rust
Congratulations to the MSRC’s 2020 Most Valuable Security Researchers
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards
Microsoft Joins Open Source Security Foundation
Black Hat 2020: See you in the Cloud!
Updates to the Windows Insider Preview Bounty Program
Top MSRC 2020 Q2 Security Researchers Announced – Congratulations!
July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server
Solving Uninitialized Kernel Pool Memory on Windows
Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack
Solving Uninitialized Stack Memory on Windows
Azure Sphere Security Research Challenge Now Open
The Safety Boat: Kubernetes and Rust
Congratulating Our Top 2020 Q1 Security Researchers!
March 2020 security updates are available
Calling for security research in Azure Sphere, now generally available
February 2020 security updates are available
Recognizing Security Researchers in 2020
Announcing the Xbox Bounty program
Access Misconfiguration for Customer Support Database
Announcing MSRC 2019 Q4 Security Researcher Leaderboard
January 2020 security updates are available!
January 2020 Security Updates: CVE-2020-0601
Announcing the Microsoft Identity Research Project Grant
December 2019 security updates are available
Customer Guidance for the Dopplepaymer Ransomware
BlueHat Seattle videos are online!
November 2019 security updates are available!
Using Rust in Windows
Vulnerability hunting with Semmle QL: DOM XSS
Time for day 2 of briefings at BlueHat Seattle!
Welcome to the second stage of BlueHat!
Microsoft Identity Bounty Improvements
Introducing the ElectionGuard Bounty program
Announcing the Security Researcher Quarterly Leaderboard
An intern's experience with Rust
Designing a COM library for Rust
October 2019 security updates are available!
Building the Azure IoT Edge Security Daemon in Rust
MSRC is going to ROOTCON!
Meet the BlueHat Content Advisory Board
Calling all breakers & builders: BlueHat Seattle registration is open!
Attacking the VM Worker Process
September 2019 Security Updates
Acquiring a VHD to Investigate
BlueHat Seattle 2019 Call for Papers is Now Open!
Scalable infrastructure for investigations and incident response
Announcing the Microsoft Edge Insider Bounty
August 2019 Security Updates
Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP)
Announcing 2019 MSRC Most Valuable Security Researchers
Azure Security Lab: a new space for Azure research and collaboration
Corporate IoT - a path to intrusion
Recognizing Security Researchers in 2019
It’s Official – The Way We Recognize Our Security Researchers
Meet the MSRC at Black Hat 2019
Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP)
Why Rust for safe systems programming
We need a safer systems programming language
Announcing the Microsoft Dynamics 365 Bounty program
A proactive approach to more secure code
July 2019 Security Update Release
Inside the MSRC – Building your own security incident response process
Inside the MSRC – Anatomy of a SSIRP incident
Inside the MSRC – Customer-centric incident response
Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)
June 2019 security update release
A Reminder to Update Your Systems to Prevent a Worm
BlueHat Shanghai 2019: Amplifying the power of defensive partnerships around the world
Microsoft Launches a New Recognition Program for MAPP Partners
Time travel debugging: It’s a blast! (from the past)
May 2019 Security Update Release
Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)
April 2019 Security Update Release
Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards
Vulnerability hunting with Semmle QL, part 2
Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec!
Local privilege escalation via the Windows I/O Manager: a variant finding collaboration
Call for Papers | Microsoft BlueHat Shanghai 2019
March 2019 Security Update Release
Practical advice for earning higher Microsoft bounty awards
BlueHat Shanghai 2019 Call for Papers is Now Open!
February 2019 Security Update Release
Fuzzing para-virtualized devices in Hyper-V
Microsoft’s Cyber Defense Operations Center shares best practices
Announcing the Microsoft Azure DevOps Bounty program
January 2019 Security Update Release
December 2018 Security Update Release
December 2018 Security Update Release
First Steps in Hyper-V Research
November 2018 Security Update Release
Should You Send Your Pen Test Report to the MSRC?
BlueHat v18 Content Now Available
October 2018 Security Update Release
Standing behind “MSRC Listens”
Behind BlueHat: The Art
September 2018 Security Update Release
Microsoft Security Servicing Criteria for Windows
Inside MSRC: Sharing Our Story & Customer Tips
Vulnerability hunting with Semmle QL, part 1
August 2018 Security Update Release
Analysis and mitigation of L1 Terminal Fault (L1TF)
Microsoft’s Top 100 Security Researchers – Black Hat 2018 Edition
Announcing the BlueHat v18 Schedule
The Making of the Top 100 Researcher List
Recognizing Q4 Top 5 Bounty Hunters
Microsoft launches Identity Bounty program
July 2018 Security Update Release
Announcing Changes to Microsoft’s Mitigation Bypass Bounty
Draft of Microsoft Security Servicing Commitments for Windows
June 2018 Security Update Release
Analysis and mitigation of speculative store bypass (CVE-2018-3639)
May 2018 security update release
BlueHat v18 Announced & Call for Papers Opens
Hyper-V Debugging Symbols Are Publicly Available
Recognizing Q3 Top 5 Bounty Hunters
April 2018 security update release
Triaging a DLL planting vulnerability
KVA Shadow: Mitigating Meltdown on Windows
Mitigating speculative execution side channel hardware vulnerabilities
Speculative Execution Bounty Launch
March 2018 security update release
Inside the MSRC– The Monthly Security Update Releases
February 2018 security update release
Inside the MSRC – How we recognize our researchers
January 2018 security update release
December 2017 security update release
Clarifying the behavior of mandatory ASLR
November 2017 security update release
October 2017 security update release
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues
Extending the Microsoft Office Bounty Program
September 2017 security update release
Announcing the BlueHat v17 Schedule
Moving Beyond EMET II – Windows Defender Exploit Guard
August 2017 security update release
The MSRC 2017 list of “Top 100” security researchers
Announcing the Windows Bounty Program
EnglishmansDentist Exploit Analysis
Eternal Synergy Exploit Analysis
July 2017 security update release
Eternal Champion Exploit Analysis
Update on Petya malware attacks
Extending the Microsoft Edge Bounty Program
Tales from the MSRC: from pixels to POC
June 2017 security update release
BlueHat v17 Call for Papers Opens
Extending Microsoft Edge Bounty Program
Customer Guidance for WannaCrypt attacks
Coming together to address Encapsulated PostScript (EPS) attacks
May 2017 security update release
Taking your feedback on the Security Update Guide
Bountycraft at Nullcon 2017
Protecting customers and evaluating risk
April 2017 security update release
Announcing the new Bug Bounty Program for Office Insider Builds on Windows
Microsoft BlueHat v17 Dates Announced - Update 4/3/2017
March 2017 security update release
Office 365 security researchers: Double your bounties March-May 2017
SHA-1 Collisions Research
Adobe Flash Player security vulnerability release
February 2017 security update release
EMET 5.52 update is now available
January 2017 security update release
December 2016 security update release
Furthering our commitment to security updates
November 2016 security update release
Moving Beyond EMET
BlueHat v16 Keynote announced
October 2016 security update release
BlueHat IL 2017 Announced
Security Engineering Evolution in Office 2016 for Mac
Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms
September 2016 security update release
Announcing a Microsoft .NET Core and ASP.NET Core Bug Bounty
BlueHat v16 Schedule Announced
August 2016 security update release
Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty
July 2016 security update release
June 2016 security update release
Microsoft Bounty Program expansion - .NET Core and ASP.NET RC2 Beta Bounty
BlueHat v16 Announced
May 2016 security update release
Changes to Security Update Links
Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty
April 2016 Security Update Release
Microsoft Bounty Programs Announce Expansion - Bounty for Microsoft OneDrive
March 2016 Security Update Release
February 2016 Security Update Release Summary
Enhanced Mitigation Experience Toolkit (EMET) version 5.5 is now available
January 2016 Security Update Release Summary
Triaging the exploitability of IE/EDGE crashes
December 2015 Security Update Release Summary
BlueHat v15 Announces Schedule and Registration
November 2015 Security Update Release Summary
EMET: To be, or not to be, A Server-Based Protection Mechanism
Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty
Enhanced Mitigation Experience Toolkit (EMET) version 5.5 Beta is now available
Announcing BlueHat v15 Conference
October 2015 Security Update Release Summary
September 2015 Security Update Release Summary
What makes a good Microsoft Defense Bounty submission?
Security Update Solution Further Protects Customer Devices
August 2015 Security Update Release Summary
Defending against CVE-2015-1769: a logical issue exploited via a malicious USB stick
Microsoft Bounty Programs Expansion - Bounty for Defense, Authentication Bonus, and RemoteApp
Out-of-band release for Security Bulletin MS15-078
July 2015 Security Updates
Advances in Scripting Security and Protection in Windows 10 and PowerShell V5
June 2015 Updates
May 2015 Updates
Microsoft Bounty Programs Expansion – Azure and Project Spartan
April 2015 Updates
EMET 5.2 is available (update)
March 2015 Updates
Security Advisory 3046015 released
February 2015 Updates
MS15-011 & MS15-014: Hardening Group Policy
January 2015 Updates
A Call for Better Coordinated Vulnerability Disclosure
Evolving Microsoft's Advance Notification Service in 2015
December 2014 Updates
Advance Notification Service for the December 2014 Security Bulletin Release
Security Bulletin MS14-068 released
Additional information about CVE-2014-6324
Out-of-band release for Security Bulletin MS14-068
Assessing Risk for the November 2014 Security Updates
MS14-072: .NET Remoting Elevation of Privilege Vulnerability
November 2014 Updates
EMET 5.1 is available
Advance Notification Service for the November 2014 Security Bulletin Release
Security Advisory 3009008 updated
Security Advisory 3010060 released
Assessing Risk for the October 2014 Security Updates
More Details About CVE-2014-4073 Elevation of Privilege Vulnerability
October 2014 Updates
Advance Notification Service for the October 2014 Security Bulletin Release
BlueHat v14 is almost here
Bug Bounty Evolution: Online Services
September 2014 Security Bulletin Release Webcast and Q&A
Assessing risk for the September 2014 security updates
The September 2014 Security Updates
Advance Notification Service for the September 2014 Security Bulletin Release
Security Bulletin MS14-045 rereleased
August 2014 Security Bulletin Webcast and Q&A
Assessing risk for the August 2014 security updates
August 2014 Security Updates
Advance Notification Service for the August 2014 Security Bulletin Release
Announcing EMET 5.0
General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0
July 2014 Security Bulletin Webcast and Q&A
Security Advisory 2982792 released, Certificate Trust List updated
Assessing risk for the July 2014 security updates
July 2014 Security Bulletin Release
Advance Notification Service for the July 2014 Security Bulletin Release
Driving a Collectively Stronger Security Community with Microsoft Interflow
Microsoft releases Security Advisory 2974294
June 2014 Security Bulletin Webcast and Q&A
Assessing risk for the June 2014 security updates
Theoretical Thinking and the June 2014 Bulletin Release
Advance Notification Service for the June 2014 Security Bulletin Release
An Overview of KB2871997
Meet myBulletins: an online security bulletin customization service
May 2014 Security Bulletin Webcast and Q&A
Assessing risk for the May 2014 security updates
Load Library Safely
MS14-025: An Update for Group Policy Preferences
The May 2014 Security Updates
Advance Notification Service for the May 2014 Security Bulletin Release
Out-of-Band Release to Address Microsoft Security Advisory 2963983
Security Update Released to Address Recent Internet Explorer Vulnerability
Continuing with Our Community Driven, Customer Focused Approach for EMET
Protection strategies for the Security Advisory 2963983 IE 0day
Microsoft releases Security Advisory 2963983
More Details about Security Advisory 2963983 IE 0day
April 2014 Security Bulletin Webcast and Q&A
Assessing risk for the April 2014 security updates
MS14-019 – Fixing a binary hijacking via .cmd or .bat file
The April 2014 Security Updates
Advance Notification Service for the April 2014 Security Bulletin Release
The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries
Microsoft Releases Security Advisory 2953095
Security Advisory 2953095: recommendation to stay protected and for detections
March 2014 Security Bulletin Webcast and Q&A
When ASLR makes the difference
Assessing risk for the March 2014 security updates
The March 2014 Security Updates
Advance Notification Service for the March 2014 Security Bulletin Release
Announcing EMET 5.0 Technical Preview
Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322
Microsoft Releases Security Advisory 2934088
February 2014 Security Bulletin Webcast and Q&A
Assessing risk for the February 2014 security updates
Safer Internet Day 2014 and Our February 2014 Security Updates
Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release
Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A
A Look Into the Future and the January 2014 Bulletin Release
Assessing risk for the January 2014 security updates
Advance Notification Service for the January 2014 Security Bulletin Release
Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Software defense: mitigating common exploitation techniques
Assessing risk for the December 2013 security updates
MS13-098: Update to enhance the security of Authenticode
Omphaloskepsis and the December 2013 Security Update Release
MS13-106: Farewell to another ASLR bypass
Security Advisory 2916652 released, Certificate Trust List updated
BlueHat v13 is Coming
Advance Notification Service for December 2013 Security Bulletin Release
Microsoft Releases Security Advisory 2914486
Security and policy surrounding bring your own devices (BYOD)
MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Assessing risk for the November 2013 security updates
Authenticity and the November 2013 Security Updates
Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1
Security Advisory 2868725: Recommendation to disable RC4
Security Advisory 2880823: Recommendation to discontinue use of SHA-1
Technical details of the targeted attack using IE vulnerability CVE-2013-3918
ActiveX Control issue being addressed in Update Tuesday
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release
Software defense: safe unlinking and reference count hardening
CVE-2013-3906: a graphics vulnerability exploited through Word documents
Microsoft Releases Security Advisory 2896666
Bounty Evolution: $100,000 for New Mitigation Bypass Techniques Wanted Dead or Alive
Software Defense: mitigating heap corruption vulnerabilities
Introduction: Chris Betz, new head of MSRC
10 years of Update Tuesdays
October 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Assessing risk for the October 2013 security updates
Congratulations to James Forshaw Recipient of Our First $100,000 Bounty for New Mitigation Bypass Techniques!