What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-09 00:00:00 | Mai 2023 Programme de mise à jour de sécurité (mensuellement) 2023 年 5 月のセキュリティ更新プログラム (月例) (lien direct) |
Le 9 mai 2023 (US Time), Microsoft est Seki pour corriger les vulnérabilités affectant les produits Microsoft.
2023 年 5 月 9 日 (米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ |
★★ | ||
|
2023-05-09 00:00:00 | Les directives liées aux modifications sécurisées du gestionnaire de démarrage associées au CVE-2023-24932 Guidance related to Secure Boot Manager changes associated with CVE-2023-24932 (lien direct) |
Résumé Résumé Aujourd'hui, Microsoft publie le CVE-2023-24932 du CVE-2023-2432 et le guidage de configuration associé, pour aborder une vulnérabilité de contournement de démarrage sécurisée utilisée par le BlackLotus Bootkit pour exploiter CVE-2022-21894.Les clients devront suivre de près les directives de configuration pour protéger pleinement contre cette vulnérabilité.
Cette vulnérabilité permet à un attaquant d'exécuter du code auto-signé au niveau Unified Extensible Firmware Interface (UEFI) tandis que Secure Boot est activé.
Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this vulnerability. This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware Interface (UEFI) level while Secure Boot is enabled. |
Vulnerability | ★★★ | |
|
2023-04-18 00:00:00 | Classification publique de vulnérabilité dans les services en ligne de Microsoft マイクロソフトのオンラインサービスにおける、脆弱性の深刻度分類の公開 (lien direct) |
Ce blog est Microsoft VuClassification de gravité de la lnerabilité pour la publication des services en ligne の 抄訳 版 です。 最新 の 情報Voir le texte original.microphone
本ブログは、Microsoft Vulnerability Severity Classification for Online Services Publication の抄訳版です。最新の情報は原文を参照してください。 マイク |
Vulnerability | ★★ | |
|
2023-04-18 00:00:00 | Classification de gravité de la vulnérabilité Microsoft pour la publication des services en ligne Microsoft Vulnerability Severity Classification for Online Services Publication (lien direct) |
Le Microsoft Security Response Center (MSRC) est toujours à la recherche de moyens de clarter et de transparence sur la façon dont nous évaluons l'impact des vulnérabilités rapportées dans nos produits et services.Nous avons publié une nouvelle classification de gravité de la vulnérabilité Microsoft pour les services en ligne afin de fournir des informations supplémentaires sur notre approche des services en ligne et des applications Web.
The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provide additional information about our approach to online services and web applications. |
Vulnerability | ★★ | |
|
2023-04-13 00:00:00 | Félicitations aux meilleurs chercheurs en sécurité MSRC 2023 Q1! Congratulations to the Top MSRC 2023 Q1 Security Researchers! (lien direct) |
Félicitations à tous les chercheurs reconnus dans ce classement du programme de reconnaissance des chercheurs Microsoft de Trimith \\!Merci à tous pour votre travail acharné et votre partenariat continu pour sécuriser les clients.Les trois principaux chercheurs du classement des chercheurs en sécurité 2023 est: Kai Lu (@ k3vinlusec), Yuki Chen et WH1TC & amp;EdwardzPeng!Consultez la liste complète des chercheurs reconnus ce trimestre ici.
Congratulations to all the researchers recognized in this quarter\'s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q1 Security Researcher Leaderboard are: Kai Lu (@K3vinLuSec), Yuki Chen, and wh1tc & Edwardzpeng! Check out the full list of researchers recognized this quarter here. |
★★ | ||
|
2023-04-11 00:00:00 | Clés de stockage Azure, fonctions azure, rôle azurmeilleur entrainement Azure Storage Keys、Azure Functions、Azure Role Based Access に関するベスト プラクティス (lien direct) |
Ce blog est les meilleures pratiquesES concernant les clés de stockage azure, les fonctions azurVoir le texte original.Contour
本ブログは、Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access の抄訳版です。最新の情報は原文を参照してください。 概要 概 |
★★ | ||
|
2023-04-11 00:00:00 | Programme de mise à jour de sécurité avril 2023 (mensuellement) 2023 年 4 月のセキュリティ更新プログラム (月例) (lien direct) |
Le 11 avril 2023 (US Time), Microsoft est Seki pour corriger les vulnérabilités qui affectent les produits Microsoft.
2023 年 4 月 11 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ |
★★ | ||
|
2023-04-11 00:00:00 | Meilleures pratiques concernant les clés de stockage Azure, les fonctions azure et l'accès basé sur les rôles Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access (lien direct) |
Résumé Résumé Azure fournit aux développeurs et au personnel des opérations de sécurité un large éventail d'options de sécurité configurables pour répondre aux besoins organisationnels.Tout au long du cycle de vie de développement logiciel, il est important pour les clients de comprendre le modèle de responsabilité partagée, ainsi que de se familiariser avec diverses meilleures pratiques de sécurité.Ceci est particulièrement important dans le déploiement des fonctions Azure et dans l'approvisionnement du contrôle d'accès basé sur les rôles Azure, car les clients sont responsables de la configuration et de la gestion des applications, de l'identité et des données.
Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with various security best practices. This is particularly important in deploying Azure Functions and in provisioning Azure Role Based Access Control as customers are responsible for configuring and managing applications, identity, and data. |
★★★ | ||
|
2023-03-30 00:00:00 | AzurConseils sur la possibilité d'erreurs de configuration concernant l'approbation des applications multi-locataires à l'aide de l'annonce [Azure ADを使用するマルチテナント アプリケーションの承認に関する構成ミスの可能性に関するガイダンス] (lien direct) | Ce blog est des conseils surMerfection potentielle de l'autorisation des applications multi-locataires qui utilisent Azure AD の 抄訳 版 です。 最新 の の 情報Voir le texte original
本ブログは、Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD の抄訳版です。最新の情報は原文を参照してください |
General Information | ★★ | |
|
2023-03-29 00:00:00 | Conseils sur la mauvaise configuration potentielle de l'autorisation des applications multi-locataires qui utilisent Azure AD [Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD] (lien direct) | Résumé Le résumé, Microsoft a abordé une erreur d'autorisation pour les applications multi-locataires qui utilisent Azure AD, initialement découverte par Wiz, et signalée à Microsoft, qui a eu un petit nombre de nos applications internes.La mauvaise configuration a permis aux parties externes de lire et d'écrire un accès aux applications touchées.Microsoft a immédiatement corrigé la mauvaise configuration et ajouté des vérifications d'autorisation supplémentaires pour résoudre le problème et a confirmé qu'aucun accès involontaire ne s'était produit.
Summary Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of our internal applications. The misconfiguration allowed external parties read and write access to the impacted applications. Microsoft immediately corrected the misconfiguration and added additional authorization checks to address the issue and confirmed that no unintended access had occurred. |
★★ | ||
|
2023-03-14 06:00:00 | Microsoft Mitigates Outlook Elevation of Privilege Vulnerability (lien direct) | Summary Summary Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure. | Vulnerability Threat | ★★★ | |
|
2023-03-14 00:00:00 | マイクロソフトは Outlook の 特権昇格の脆弱性を緩和します (lien direct) | 本ブログは、Microsoft Mitigates Outlook Elevation of Privilege Vulnerability の抄訳版です。最新の情報は原文を参照してください。 Microsoft Threat Intelligence は | Vulnerability Threat | ★ | |
|
2023-03-14 00:00:00 | 2023 年 3 月のセキュリティ更新プログラム (月例) (lien direct) | 2023 年 3 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ | ★ | ||
|
2023-03-01 00:00:00 | Azure Kubernetes Service (AKS) Threat Hunting (lien direct) | As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also extended to adversaries. As adversaries leverage Kubernetes to run their workloads, their understanding of how these platforms work and can be exploited increases. | Threat | Uber | ★★★ |
|
2023-03-01 00:00:00 | Configuring host-level audit logging for AKS VMSS (lien direct) | This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service (AKS) Virtual Machine Scale Set (VMSS) using the Linux auditing subsystem, also known as auditd. Warning The information provided below is accurate as of the release date of this blog post (2023-03) and guidance may change in future. | Uber | ★★★ | |
|
2023-02-28 00:00:00 | First steps in CHERIoT Security Research (lien direct) | First steps in CHERIoT Security Research First steps in CHERIoT Security Research At Microsoft, we invest a lot of time researching and investigating possibilities in our journey to memory safety. Because the massive majority of existing codebases are written in unsafe programming languages, the task of protecting legacy code is very important. | ★★ | ||
|
2023-02-14 00:00:00 | 2023 年 2 月のセキュリティ更新プログラム (月例) (lien direct) | 2023 年 2 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ | ★ | ||
|
2023-02-09 13:14:00 | 新しい MSRCのブログサイト (lien direct) | 2023 年 2 月 9 日 (米国時間) から MSRC のブログサイトが新しくなりました。 2023 年 2 月 9 日 (米国時間) 以降は https://msrc.microsoft.com/blog をご | ★★ | ||
|
2023-02-08 18:12:51 | New MSRC Blog Site (lien direct) | > New MSRC Blog Site Read More » | ★★★ | ||
|
2023-02-07 00:24:00 | BlueHat 2023: Connecting the security research community with Microsoft (lien direct) | > BlueHat 2023: Connecting the security research community with Microsoft Read More » | General Information | ★★ | |
|
2023-01-31 10:15:00 | Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process (lien direct) | > Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process Read More » | Threat | ★★ | |
|
2023-01-26 18:00:00 | (Déjà vu) Congratulations to the Top MSRC 2022 Q4 Security Researchers! (lien direct) | > Congratulations to the Top MSRC 2022 Q4 Security Researchers! Read More » | ★★★ | ||
|
2023-01-17 14:00:00 | Microsoft resolves four SSRF vulnerabilities in Azure cloud services (lien direct) | > Microsoft resolves four SSRF vulnerabilities in Azure cloud services Read More » | ★★★ | ||
|
2023-01-06 17:25:09 | Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API (lien direct) | > Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API Read More » | ★★★ | ||
|
2022-12-29 21:21:27 | Security Update Guide Improvement – Representing Hotpatch Updates (lien direct) | > Security Update Guide Improvement – Representing Hotpatch Updates Read More » | ★★ | ||
|
2022-12-02 21:58:21 | BlueHat 2023: Applications to Attend NOW OPEN! (lien direct) | > BlueHat 2023: Applications to Attend NOW OPEN! Read More » | ★★ | ||
|
2022-11-29 18:16:55 | A Ride on the Wild Side with Hacking Heavyweight Sick Codes (lien direct) | > A Ride on the Wild Side with Hacking Heavyweight Sick Codes Read More » | ★★★ | ||
|
2022-11-16 18:58:00 | Announcing the Microsoft Machine Learning Membership Inference Competition (MICO) (lien direct) | > Announcing the Microsoft Machine Learning Membership Inference Competition (MICO) Read More » | |||
|
2022-11-03 00:46:06 | Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602) (lien direct) | > Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602) Read More » | |||
|
2022-11-01 13:00:00 | Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB (lien direct) | > Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB Read More » | Vulnerability | ||
|
2022-10-31 16:50:00 | Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People (lien direct) | > Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People Read More » | |||
|
2022-10-24 17:10:00 | (Déjà vu) Congratulations to the Top MSRC 2022 Q3 Security Researchers! (lien direct) | > Congratulations to the Top MSRC 2022 Q3 Security Researchers! Read More » | ★★★ | ||
|
2022-10-19 14:04:00 | Investigation Regarding Misconfigured Microsoft Storage Location (lien direct) | > Investigation Regarding Misconfigured Microsoft Storage Location Read More » | |||
|
2022-10-19 13:01:00 | Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk (lien direct) | > Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk Read More » | |||
|
2022-10-13 16:00:00 | Hunting for Cobalt Strike: Mining and plotting for fun and profit (lien direct) | > Hunting for Cobalt Strike: Mining and plotting for fun and profit Read More » | |||
|
2022-10-13 14:00:00 | BlueHat 2023 Call for Papers is Now Open! (lien direct) | > BlueHat 2023 Call for Papers is Now Open! Read More » | |||
|
2022-10-12 17:05:11 | Improvements in Security Update Notifications Delivery – And a New Delivery Method (lien direct) | > Improvements in Security Update Notifications Delivery – And a New Delivery Method Read More » | |||
|
2022-09-30 06:55:00 | Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (lien direct) | > Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server Read More » | |||
|
2022-09-20 17:17:00 | Defense-in-Depth Updates for Azure Identity SDK and Azure Key Vault SDK plus Best Practice Implementation Guidance (lien direct) | > Defense-in-Depth Updates for Azure Identity SDK and Azure Key Vault SDK plus Best Practice Implementation Guidance Read More » | |||
|
2022-09-07 20:56:09 | Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez (lien direct) | > Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez Read More » | |||
|
2022-09-06 08:09:36 | What\'s the smallest variety of CHERI? (lien direct) | > What's the smallest variety of CHERI? Read More » | |||
|
2022-09-01 15:00:11 | Vulnerability Fixed in Azure Synapse Spark (lien direct) | > Vulnerability Fixed in Azure Synapse Spark Read More » | |||
|
2022-08-11 16:00:00 | Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards (lien direct) | > Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards Read More » | |||
|
2022-08-09 17:20:21 | Security Update Guide Notification System News: Create your profile now (lien direct) | > Security Update Guide Notification System News: Create your profile now Read More » | |||
|
2022-08-08 17:30:00 | Congratulations to the MSRC 2022 Most Valuable Researchers! (lien direct) | > Congratulations to the MSRC 2022 Most Valuable Researchers! Read More » | |||
|
2022-08-08 09:30:00 | Microsoft Office to publish symbols starting August 2022 (lien direct) | > Microsoft Office to publish symbols starting August 2022 Read More » | |||
|
2022-07-28 17:00:00 | Anatomy of a Cloud-Service Security Update (lien direct) | > Anatomy of a Cloud-Service Security Update Read More » | |||
|
2022-07-19 16:15:00 | Congratulations to the Top MSRC 2022 Q2 Security Researchers! (lien direct) | > Congratulations to the Top MSRC 2022 Q2 Security Researchers! Read More » | |||
|
2022-07-18 13:40:00 | Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability (lien direct) | > Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability Read More » | Vulnerability | ||
|
2022-07-13 14:35:02 | All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity (lien direct) | > All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity Read More » |
To see everything:
Our RSS (filtrered)
