October 2020 – Microsoft Security Response Center

Attacks exploiting Netlogon vulnerability (CVE-2020-1472)

MSRC / By Aanchal Gupta / October 29, 2020 October 29, 2020

Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to spoof a domain controller account that could be …

Attacks exploiting Netlogon vulnerability (CVE-2020-1472) Read More »

[IT 管理者向け] DNS レコードを管理してサブドメインテイクオーバーを防ぐ

Japan Security Team / By jsecteam / October 27, 2020 October 27, 2020

サブドメインテイクオーバーは、以前から存在する一般的なセキュリティの問題ですが、クラウドサービスの利用増加に伴い、特に注意が必要になっています。マイクロソフトのサービスだけに発生する問題ではありませんが、Microsoft Azure を例に挙げながら、サブドメインテイクオーバーの概要、発生原因と対策について解説したいと思います。

Microsoft Digital Defense Report でサイバーセキュリティの動向を知る

Japan Security Team / By jsecteam / October 21, 2020 October 21, 2020

2020 年 9 月マイクロソフトは、昨年のサイバーセキュリティの動向を網羅した「Microsoft Digital Defense Report」と呼ばれる新しい年次報告書を発表しました。

Announcing the Top MSRC 2020 Q3 Security Researchers

MSRC / By Sylvie Liu / October 15, 2020 October 15, 2020

Following the MSRC’s 2020 Most Valuable Security Researchers announced during this year’s Black Hat, we’re excited to announce the top contributing researchers for the 2020 Third Quarter (Q3)! The top three researchers of the 2020 Q3 Security Researcher Leaderboard are: David Dworken (1800 points), Cameron Vincent (1780 points), and Yuki Chen (1380 points). Congratulations to …

Announcing the Top MSRC 2020 Q3 Security Researchers Read More »

Security Analysis of CHERI ISA

Security Research & Defense / By MSRC Team / October 14, 2020 October 14, 2020

Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI (Capability Hardware Enhanced RISC Instructions), which provides memory protection features against many exploited vulnerabilities, or in other words, an architectural solution that breaks exploits. We’ve looked at …

Security Analysis of CHERI ISA Read More »

2020 年 10 月のセキュリティ更新プログラム (月例)

Japan Security Team / By jsecteam / October 13, 2020 October 19, 2020

2020 年 10 月 14 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。

Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community

MSRC / By Sylvie Liu / October 6, 2020 October 6, 2020

The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. During the three-month Azure Sphere Security Research Challenge, researchers surfaced 20 Critical or Important severity security vulnerabilities, with Microsoft awarding $374,300 in bounty awards for …

Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community Read More »

Month: October 2020