MS – 보안 대응 센터

Microsoft Security Response Center

Should You Send Your Pen Test Report to the MSRC?

2018-11-13 KENNETH 0

Should You Send Your Pen Test Report to the MSRC? Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept, details of an attack or demonstration of a vulnerability, and a detailed writeup of the issue are extremely helpful and actionable. If you send these reports to us, thank you! Customers seeking to evaluate and harden their environments may ask penetration testers to probe their deployment and report on the findings. These reports can help that customer find and correct security risk(s) in their deployment. The catch is that the pen test report findings need to be evaluated in the context of that customer’s group policy objects, mitigations, tools, and [ more… ]

No Image

October 2018 Security Update Release

2018-10-10 KENNETH 0

October 2018 Security Update Release Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team Source: October 2018 Security Update Release

No Image

Standing behind “MSRC Listens”

2018-10-03 KENNETH 0

Standing behind “MSRC Listens” Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. We promised to communicate more about what’s happening in the MSRC that affects our customers and research partners. We weren’t expecting to get an opportunity to demonstrate this commitment quite so soon. Back in June 2018, Microsoft updated the terms and conditions of our mitigation bypass bounty. As Joe Bialek of MSRC’s Vulnerabilities & Mitigations Team explained in a blog about the scope change, we’ve learned a lot from the great research into CFG bypasses and what we need to do to harden it, so we removed it from the [ more… ]

No Image

September 2018 Security Update Release

2018-09-12 KENNETH 0

September 2018 Security Update Release Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team Source: September 2018 Security Update Release

Inside MSRC: Sharing Our Story & Customer Tips

2018-09-08 KENNETH 0

Inside MSRC: Sharing Our Story & Customer Tips For the last 20 years, the Microsoft Security Response Center has been an integral part of Microsoft’s commitment to customer security.  We are often called on to talk about the work we do and how customers can apply the lessons we have learned over that period to better their security posture.  Today we are releasing a series of videos that support that customer-driven story on our YouTube channel: https://www.youtube.com/playlist?list=PLXkmvDo4Mfut_ejSGJkLXDSUsH0uUtBC5.     This set of short video clips gives customers a glance into the commitment we put into our daily work and suggests ways they can incorporate similar principles into their work.  Security is a joint effort and together we can make a difference.   Videos released:   The Microsoft Security Response Center video delivers a brief introduction on the current state of [ more… ]