2017 年 3 月 15 日 (日本時間)、マイクロソフトは計 18 件 (緊急 9 件、重要 9 件) の新規セキュリティ情報を公開し
Category: Uncategorized
March 2017 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about this month’s security updates can be found on the Security Update Guide.
Security bulletins were also published this month to give customers extra time to ensure they are ready to transition their processes.
Office 365 のセキュリティ研究者の皆さまへ: 2017 年 3 月 ~ 5 月は報奨金が 2 倍になります
本記事は、Microsoft Security Response Center のブログ “Office 365 security researchers: Double your bounties March-May 2017” (2017 年 3 月 1 日 米国時間
Office 365 security researchers: Double your bounties March-May 2017
Microsoft strives to protect our customers and we’re constantly improving our security posture to meet their needs. We realize the desire of researchers and customers to security test our services to ensure they can trust us and our solutions. We also believe that if a researcher informs us of a security flaw in our Office 365 services, they should be awarded for protecting us.
SHA-1 Collisions Research
Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm (called “SHAttered”). This is a significant step toward understanding this type of security issue, a milestone in cryptanalysis that has been underway for the past decade.
Adobe Flash Player security vulnerability release
Today, we released an Adobe Flash Player security update to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about these updates can be found on the Security Update Guide.
MSRC team
Adobe Flash Player の脆弱性を修正するセキュリティ更新プログラムを定例外で公開
本日、セキュリティ情報 MS17-005「Adobe Flash Player のセキュリティ更新プログラム」を公開しました。
Security Assessment
A proper assessment of an organization’s security posture must be performed at the network level and at the OS and application level. Below are some sample questions that are asked and evaluated with a risk profile based from ALE (annual loss expectancy), or consequences as it relates to a (EF) exposure factor with Risk/Breach.Column content
A countermeasure is a security control that is strategically designed to eliminate a vulnerability or at least reduce the likelihood of a vulnerability being exploited. The value of implementing countermeasures is the mitigation of potential risks. The costs of countermeasures involve more than just monetary allocations. There are several areas that need to be assessed and evaluated regarding countermeasure implementations, such as:
-
Network Level Security
-
Cloud-based
-
Hosted-Based and OS
-
Application layer
A Configuration Management Database (CMDB) is a repository that acts as a data warehouse for Information Technology (IT) installations. It holds data mapped to a collection of IT assets commonly referred to as Configuration Items (CI), as well as to descriptive relationships between the assets.
* Can you create some diagram to visualize this process? Even hand drawing will work. I can make the graph in PowerPoint or something.