We believe the Solorigate incident is an opportunity to work with the community, to share information, strengthen defenses and respond to attacks. We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer …
Microsoft Internal Solorigate Investigation – Final Update Read More »
2021 年 2 月 9 日 (日本時間) に、マイクロソフトは TCP/IP の実装に影響を与えるセキュリティ脆弱性に対する修正をリリースしました。それらは、2 件の深刻度評価が緊急のリモートのコード実行 (RCE) の脆弱性 (CVE-2021-24074, CVE-2021-24094) と、1 件の深刻度評価が重要のサービス拒否 (DoS) の脆弱性 (CVE-2021-24086) です。
Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different paths you can take to get into the top researcher tiers. The MSRC Most Valuable Security Researcher (MVR) and MSRC Contributor are tiers in …
Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move …
Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. We’re happy to make this valuable public information more freely available …
Continuing to Listen: Good News about the Security Update Guide API! Read More »
The Report Abuse (CERT) Portal and Report Abuse API have played a significant role in MSRC’s response to suspected cyberattacks, privacy issues, and abuse originating from Microsoft Online Services. With the contributions from our wonderful community of reporters, we continue to gain insightful perspectives into the various types of attacks that threaten our online services, our cloud, and our customers. To further commit to MSRC’s mission of responding to and defending against these types of security incidents, our team has …