Year: 2017

The MSRC 2017 list of “Top 100” security researchers

Security researchers play an essential role in Microsoft’s security strategy and are key to community-based defense. To show our appreciation for their hard work and partnership, each year at BlackHat North America, the Microsoft Security Response Center highlights contributions of these researchers through the list of “Top 100” security researchers reporting to Microsoft. This list …

The MSRC 2017 list of “Top 100” security researchers Read More »

Announcing the Windows Bounty Program

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit and leverage vulnerabilities. We built in mitigations and defenses such as DEP, ASLR, CFG, …

Announcing the Windows Bounty Program Read More »

EnglishmansDentist Exploit Analysis

Introduction We are continuing our series of blog posts dissecting the exploits released by ShadowBrokers in April 2017. After the first two posts about the SMB exploits known as EternalChampion and EternalSynergy, we’ll move this time to analyze a different tool and we’ll focus on the exploit named EnglishmansDentist designed to target Exchange Server 2003. …

EnglishmansDentist Exploit Analysis Read More »

Eternal Synergy Exploit Analysis

Introduction Recently we announced a series of blog posts dissecting the exploits released by the ShadowBrokers in April 2017; specifically some of the less explored exploits. This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This one is particularly interesting because many of the exploitation steps are purely packet-based, …

Eternal Synergy Exploit Analysis Read More »

[IT 管理者向け] TLS 1.2 への移行を推奨しています

こんにちは、垣内由梨香です   データを暗号化し安全にやり取りを行う Transport Layer Security (TLS)。TLS は利用しているが、詳細なバージョンまでは把握してない、そんな方も多いのではないでしょうか?暗号プロトコルは「使ってさえいれば安全」ではありません。現在の脅威に対応できるバージョンのみを利用しリスクを下げることが重要です。 マイクロソフトでは、より安全な TLS 1.2 へ移行していくことを推奨しています。

July 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found on the Security Update Guide. MSRC team

Petya ランサムウェア攻撃に対する Windows 10 プラットフォームのレジリエンス

2017 年 6 月 27 日に発生した Petya ランサムウェアによる攻撃 (このブログで詳細分析を実施 (英語情報)) は、先月の WannaCrypt (WannaCry としても知られる) 攻撃よりも影響が大きい事態として認識されているかもしれません。なぜなら、Petya は WannaCrypt と同じ SMB のエクスプロイトを悪用し、さらに 2 つ目のエクスプロイトとその他の横断的な侵害手法を追加しているからです。しかし、テレメトリでは攻撃の蔓延範囲は WannaCrypt よりも少なく示されています。

Eternal Champion Exploit Analysis

Recently, a group named the ShadowBrokers published several remote server exploits targeting various protocols on older versions of Windows. In this post we are going to look at the EternalChampion exploit in detail to see what vulnerabilities it exploited, how it exploited them, and how the latest mitigations in Windows 10 break the exploit as-written. …

Eternal Champion Exploit Analysis Read More »