MS – 보안 대응 센터

Microsoft Launches a New Recognition Program for MAPP Partners There are many dedicated people and organizations who contribute to the protection and security of our common customers. For years, Microsoft has recognized security researchers for helping protect the ecosystem. Now, we’re announcing the launch of a new program to better recognize and thank Microsoft Active Protections Program (MAPP) partners for all they do to protect our customers, including awards and evangelism based on their contributions. MAPP provides better protections for customers through: Early access to monthly security release information, allowing partners to proactively apply protections prior to the release date Sharing of threat indicators Reporting vulnerabilities in Microsoft products and following Coordinated Vulnerability Disclosure (CVD) In the last six months, MAPP partners have provided 430 unique vulnerability reports and submitted nearly 158 million threat indicators. This data helps Microsoft harden [ more… ]

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.  Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update [ more… ]

May 2019 Security Update Release Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Source: May 2019 Security Update Release

April 2019 Security Update Release Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Tags Security Advisory Security Update Update Tuesday Source: April 2019 Security Update Release