In January 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown). In this blog post, we will provide a technical analysis of a new speculative execution side channel vulnerability known as L1 Terminal Fault (L1TF) which has been assigned CVE-2018-3615 (for SGX), CVE-2018-3620 (for operating systems and SMM), and CVE-2018-3646 (for virtualization).
Microsoft’s Top 100 Security Researchers – Black Hat 2018 Edition
This morning we are excited to unveil the security researcher leaderboard at the Black Hat Security Conference. This list recognizes the top security researchers who have contributed research to the Microsoft products and services. If you are curious on how we build the list, check out our blog from last week on The Making of the Top 100 Researcher List.
Announcing the BlueHat v18 Schedule
Where did the summer go? This year the BlueHat Security Conference moved forward in the schedule to late September. Next year it will settle into a steady orbit of early October moving forward. With that change in schedule, it is hard to believe that it is time to reveal the schedule for BlueHat v18.
The Making of the Top 100 Researcher List
At Black Hat USA each year, we unveil the Top 100 Security Researcher list to reflect the amazing engagement we get from the community. During this period, we had several thousand researchers engage with the Microsoft Security Response Center (MSRC). We appreciate all the partnership and coordination that goes on throughout the year.
Recognizing Q4 Top 5 Bounty Hunters
We have tabulated the results from April-June 2018. The Top 5 Bounty Hunters for Q4 are now in. As with our list from Q3, we want to recognize both the leaders in payouts and in number of successful submissions. We appreciate the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft’s products and services over our fourth quarter.
EMET サポート終了 – Windows Defender Exploitation Guard へ移行を
こんにちは、垣内ゆりかです。 2009 年にリリースされて以来、最先端の攻撃緩和を追加する無償のツールとして、
Microsoft launches Identity Bounty program
Modern security depends today on collaborative communication of identities and identity data within and across domains. A customer’s digital identity is often the key to accessing services and interacting across the internet. Microsoft has invested heavily in the security and privacy of both our consumer (Microsoft Account) and enterprise (Azure Active Directory) identity solutions.
July 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about this month’s security updates can be found on the Security Update Guide.
Announcing Changes to Microsoft’s Mitigation Bypass Bounty
Today we’re announcing a change to the Mitigation Bypass Bounty that removes Control Flow Guard (CFG) from the set of in-scope mitigations. In this blog, we’ll provide additional background and explain why we’re making this change.
Mitigation Bypass Bounty Background Mitigation Bypass Bounty Background Microsoft started the Mitigation Bypass Bounty in 2013 with the goal of helping us improve key defense-in-depth mitigation technologies by learning about bypasses.