Author: cisadmin

We’ve engineered Office to be secure by design and continually invest in enhancing its security capabilities. In the spirit of maintaining a high security bar in Office, we’re launching the Bug Bounty Program for Office Insider Builds on Windows.
The Office Bug Bounty Program complements our continuous internal engineering investments that include designing secure features through threat modeling, security in code reviews, security automation, and internal penetration testing.

Update – The Call For Papers (CFP) for BlueHat v17 will be held from 6/1/2017 – 8/18/2017. We will be setting up a submissions portal for web based submissions of papers. The portal will be live on 6/1/2017. Please do not send submissions to [email protected].
Microsoft is pleased to announce that the dates for BlueHat v17 have been set for November 8-9, 2017, here in Redmond, WA USA.

2017 年 3 月 15 日 (日本時間)、マイクロソフトは計 18 件 (緊急 9 件、重要 9 件) の新規セキュリティ情報を公開し

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about this month’s security updates can be found on the Security Update Guide.
Security bulletins were also published this month to give customers extra time to ensure they are ready to transition their processes.

本記事は、Microsoft Security Response Center のブログ “Office 365 security researchers: Double your bounties March-May 2017” (2017 年 3 月 1 日 米国時間

Microsoft strives to protect our customers and we’re constantly improving our security posture to meet their needs. We realize the desire of researchers and customers to security test our services to ensure they can trust us and our solutions. We also believe that if a researcher informs us of a security flaw in our Office 365 services, they should be awarded for protecting us.

Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm (called “SHAttered”). This is a significant step toward understanding this type of security issue, a milestone in cryptanalysis that has been underway for the past decade.

Today, we released an Adobe Flash Player security update to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about these updates can be found on the Security Update Guide.
MSRC team

本日、セキュリティ情報 MS17-005「Adobe Flash Player のセキュリティ更新プログラム」を公開しました。