Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about this month’s security updates can be found on the Security Update Guide.
MSRC team
Draft of Microsoft Security Servicing Commitments for Windows
Updated September 10, 2018
The Servicing Criteria for Windows has transitioned to an official document and can be found at the link below. Microsoft thanks the members of the research community who provided feedback on the draft copy.
Microsoft Security Servicing Criteria for Windows
2018 年 6 月のセキュリティ更新プログラム (月例)
2018/6/21 更新: 2 件のセキュリティ アドバイザリ ADV180016 および ADV180010 の情報を追加しました。 -——————– 2018 年 6 月 13 日 (日本時間)、マ
Analysis and mitigation of speculative store bypass (CVE-2018-3639)
In January, 2018, Microsoft published an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown). In this blog post, we will provide a technical analysis of an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (SSB) which has been assigned CVE-2018-3639.
May 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about this month’s security updates can be found on the Security Update Guide.
MSRC team
BlueHat v18 Announced & Call for Papers Opens
We are back! Microsoft is excited to announce the next installment of the BlueHat Security Conference – BlueHat v18. We will be holding the event at Microsoft’s headquarter campus September 25-27, 2018. This year we are adding the option for workshops and networking on the first day prior to the content beginning.
Hyper-V Debugging Symbols Are Publicly Available
The security of Microsoft’s cloud services is a top priority for us. One of the technologies that is central to cloud security is Microsoft Hyper-V which we use to isolate tenants from one another in the cloud. Given the importance of this technology, Microsoft has made and continues to make significant investment in the security of Hyper-V and the powerful security features that it enables, such as Virtualization-Based Security (VBS).
Recognizing Q3 Top 5 Bounty Hunters
Throughout the year, security researchers submit some amazing work to us under the Microsoft Bug Bounty program. Starting this quarter, we want to give a shout out to and acknowledge the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft’s products and services over our third quarter (January-March 2018).
挙動監視と機械学習で大規模な「Dofoil」によるコイン マイニング攻撃を阻止
本記事は、Microsoft Secure のブログ “Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign” (2018 年