No Image

November 2018 Security Update Release

2018-11-14 KENNETH 0

November 2018 Security Update Release Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.   More information about this month’s security updates can be found on the Security Update Guide.  Source: November 2018 Security Update Release

Should You Send Your Pen Test Report to the MSRC?

2018-11-13 KENNETH 0

Should You Send Your Pen Test Report to the MSRC? Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept, details of an attack or demonstration of a vulnerability, and a detailed writeup of the issue are extremely helpful and actionable. If you send these reports to us, thank you! Customers seeking to evaluate and harden their environments may ask penetration testers to probe their deployment and report on the findings. These reports can help that customer find and correct security risk(s) in their deployment. The catch is that the pen test report findings need to be evaluated in the context of that customer’s group policy objects, mitigations, tools, and [ more… ]

No Image

October 2018 Security Update Release

2018-10-10 KENNETH 0

October 2018 Security Update Release Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team Source: October 2018 Security Update Release

No Image

Standing behind “MSRC Listens”

2018-10-03 KENNETH 0

Standing behind “MSRC Listens” Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. We promised to communicate more about what’s happening in the MSRC that affects our customers and research partners. We weren’t expecting to get an opportunity to demonstrate this commitment quite so soon. Back in June 2018, Microsoft updated the terms and conditions of our mitigation bypass bounty. As Joe Bialek of MSRC’s Vulnerabilities & Mitigations Team explained in a blog about the scope change, we’ve learned a lot from the great research into CFG bypasses and what we need to do to harden it, so we removed it from the [ more… ]

No Image

September 2018 Security Update Release

2018-09-12 KENNETH 0

September 2018 Security Update Release Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team Source: September 2018 Security Update Release