January 2021 – Microsoft Security Response Center

サイバーセキュリティ月間 2021

Japan Security Team / By jsecteam / January 31, 2021 March 18, 2021

今年もサイバーセキュリティ月間 (2 月 1 日～3 月 18 日) が始まりました。サイバーセキュリティ月間とは、内閣サイバーセキュリティセンター (NISC) がサイバーセキュリティに関する普及啓発活動を強化する目的で実施している取り組みです。日本マイクロソフトも 2 月から 3 月にかけて様々なセキュリティの啓発活動を実施していきます。その中で、日本セキュリティチームからは、一般ユーザーに向けたセキュリティに関する情報を発信していきます。

Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472

MSRC / By Aanchal Gupta / January 14, 2021 January 14, 2021

Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default. This will block vulnerable connections from non-compliant devices. DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the …

Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 Read More »

Top MSRC 2020 Q4 Security Researchers – Congratulations!

MSRC / By Lynn Miyashita / January 14, 2021 January 15, 2021

We’re excited to announce the top contributing researchers for the 2020 Fourth Quarter (Q4)! Congratulations to all of the researchers who made this quarter’s leaderboard and a huge thank you to everyone who continues to help secure our customers and the ecosystem. The top three researchers of the 2020 Q4 Security Researcher Leaderboard are: Cameron …

Top MSRC 2020 Q4 Security Researchers – Congratulations! Read More »

Security Update Guide Supports CVEs Assigned by Industry Partners

MSRC / By MSRC Team / January 13, 2021 March 17, 2021

Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA. First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a cybersecurity vulnerability. The CVE program was started back …

Security Update Guide Supports CVEs Assigned by Industry Partners Read More »

2021 年 1 月のセキュリティ更新プログラム (月例)

Japan Security Team / By jsecteam / January 12, 2021 January 12, 2021

2021 年 1 月 13 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。

Building Faster AMD64 Memset Routines

Security Research & Defense / By Joe Bialek / January 11, 2021 January 11, 2021

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the ExAllocatePool2/ExAllocatePool3 API’s which zero memory by default. Where possible the compiler will unroll calls to memset. This means …

Building Faster AMD64 Memset Routines Read More »

Month: January 2021