Month: May 2022

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

UPDATE July 12, 2022: As part of the response by Microsoft, a defense in depth variant has been found and fixed in the Windows July cumulative updates. Microsoft recommends installing the July updates as soon as possible. Windows Version Link to KB article LInk to Catalog Windows 8.1, Windows Server 2012 R2 5015805 Download Windows …

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability Read More »

An overview of account pre-hijacking attacks.

New Research Paper: Pre-hijacking Attacks on Web User Accounts

In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researcher Avinash Sudhodanan, investigated account pre-hijacking – a new class of …

New Research Paper: Pre-hijacking Attacks on Web User Accounts Read More »

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion: His two cats. They’re always by his side when he is working late. Origin of his Hacker name: The word dog in Spanish is …

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards Read More »

Anatomy of a Security Update

The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provide updated tools and guidance to help organizations …

Anatomy of a Security Update Read More »

JPSRT LOGO

2022 年 5 月のセキュリティ更新プログラム (月例)

2022 年 5 月 10 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキュリティ更新プログラムを公開しました。お客様はできるだけ早期に、公開されたセキュリティ更新プログラムを適用するようお願いします。最新の情報は、セキュリティ更新プログラム ガイドMSRを確認してください

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)

Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole. The vulnerability could …

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) Read More »