Acquiring a VHD to Investigate

In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating and maintaining a VM image which can be distributed to multiple regions, allowing you to deploy this …

Acquiring a VHD to Investigate Read More »

Scalable infrastructure for investigations and incident response

Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to the cloud and show one solution to overcome these challenges, using …

Scalable infrastructure for investigations and incident response Read More »

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction. The affected …

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) Read More »

August 2019 Security Updates

We have released the August security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

August 2019 Security Updates Read More »

Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP)

Today Microsoft announced the MAPP program Top Vulnerability Contributors, Top Threat Indicator Submitters, and Top Zero-Day Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through cooperation and collaboration with industry leading partners. While all MAPP partners have made a significant …

Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP) Read More »

Announcing 2019 MSRC Most Valuable Security Researchers

Earlier today we announced MSRC’s 2018-2019 Most Valuable Security Researchers at Black Hat. The following 75 researchers hail from all corners of the world and possess varied experience and skills, yet all of them have contributed to securing the Microsoft’s customers and the broader ecosystem. For over a decade, one of Microsoft’s partners in vulnerability …

Announcing 2019 MSRC Most Valuable Security Researchers Read More »

Corporate IoT – a path to intrusion

Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable, maintained, and monitored by security teams, especially in large …

Corporate IoT – a path to intrusion Read More »

Azure Security Lab: a new space for Azure research and collaboration

Azure is exceptionally secure.  To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000.  But we aren’t stopping there.   To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented individuals to come and do their worst …

Azure Security Lab: a new space for Azure research and collaboration Read More »