本記事は、Microsoft Secure のブログ “How artificial intelligence stopped an Emotet outbreak” (2018 年 2 月 14 日 米国時間公開)
April 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found in the Security Update Guide.
DLL の植え付けの脆弱性のトリアージ
本記事は、Security Research & Defense のブログ “Triaging a DLL planting vulnerability” (2018 年 4 月
Triaging a DLL planting vulnerability
DLL planting (aka binary planting/hijacking/preloading) resurface every now and then, it is not always clear on how Microsoft will respond to the report. This blog post will try to clarify the parameters considered while triaging DLL planting issues.
It is well known that when an application loads a DLL without specifying a fully qualified path, Windows attempts to locate the DLL by searching a well-defined set of directories in an order known as DLL search order.
投機的実行に関する報奨金プログラムの開始
本記事は、Microsoft Security Response Center のブログ “Speculative Execution Bounty Launch” (2016 年 3 月 14 日 米国
KVA Shadow: Mitigating Meltdown on Windows
On January 3rd, 2018, Microsoft released an advisory and security updates that relate to a new class of discovered hardware vulnerabilities, termed speculative execution side channels, that affect the design methodology and implementation decisions behind many modern microprocessors. This post dives into the technical details of Kernel Virtual Address (KVA) Shadow which is the Windows kernel mitigation for one specific speculative execution side channel: the rogue data cache load vulnerability (CVE-2017-5754, also known as “Meltdown” or “Variant 3”).
Speculative Execution Bounty Launch
Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat environment change, we are launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues.
Mitigating speculative execution side channel hardware vulnerabilities
On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown) that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chance to learn about these issues, we recommend watching The Case of Spectre and Meltdown by the team at TU Graz from BlueHat Israel, reading the blog post by Jann Horn (@tehjh) of Google Project Zero, or reading the FOSDEM 2018 presentation by Jon Masters of Red Hat.
March 2018 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice.
More information about this month’s security updates can be found in the Security Update Guide.