What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-08 00:00:00 | Vers une plus grande transparence: adopter la norme CWE pour Microsoft CVE Toward greater transparency: Adopting the CWE standard for Microsoft CVEs (lien direct) |
Au Microsoft Security Response Center (MSRC), notre mission est de protéger nos clients, nos communautés et Microsoft contre les menaces actuelles et émergentes à la sécurité et à la confidentialité.Une façon dont nous y parvenons est de déterminer la cause profonde des vulnérabilités de sécurité dans les produits et services Microsoft.Nous utilisons ces informations pour identifier les tendances de vulnérabilité et fournir ces données à nos équipes d'ingénierie de produits pour leur permettre de comprendre et d'éradiquer systématiquement les risques de sécurité.
At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by determining the root cause of security vulnerabilities in Microsoft products and services. We use this information to identify vulnerability trends and provide this data to our Product Engineering teams to enable them to systematically understand and eradicate security risks. |
Vulnerability | ★★★ | |
|
2024-02-27 00:00:00 | Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and an expanded scope (lien direct) | À partir d'aujourd'hui, nous doublons la récompense maximale pour le programme de primes de bug d'initié Microsoft 365 à 30 000 USD pour des scénarios à fort impact, tels que l'exécution de code non sandbox non authentifiée sans interaction utilisateur.Nous élargissons également la portée de notre programme de primes pour inclure plus de types et de produits de vulnérabilité.
Starting today, we are doubling the maximum bounty award for the Microsoft 365 Insider Bug Bounty Program to $30,000 USD for high impact scenarios, such as unauthenticated non-sandboxed code execution with no user interaction. We are also expanding the scope of our bounty program to include more vulnerability types and products. |
Vulnerability | ★★★ | |
|
2023-12-07 00:00:00 | Microsoft atténue trois vulnérabilités dans Azure Hdinsight Microsoft Mitigates Three Vulnerabilities in Azure HDInsight (lien direct) |
Résumé Résumé Microsoft a récemment corrigé un déni de service et deux vulnérabilités de privilèges affectant les composantes tierces d'Azure Hdinsight.L'accès au cluster cible en tant qu'utilisateur authentifié était une condition préalable à l'exploitation dans les trois cas.Une escalade de privilège réussie pourrait entraîner l'attaquant en assumant le rôle de l'administrateur du cluster.
Summary Summary Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. Access to the target cluster as an authenticated user was a prerequisite for exploitation in all three cases. A successful privilege escalation could result in the attacker assuming the Cluster Administrator role. |
Vulnerability | ★★★ | |
|
2023-11-21 00:00:00 | Présentation du programme Bounty Microsoft Defender Introducing the Microsoft Defender Bounty Program (lien direct) |
Nous sommes ravis d'annoncer le nouveau programme Microsoft Defender Bounty avec des prix allant jusqu'à 20 000 USD.
La marque Microsoft Defender comprend une variété de produits et services conçus pour améliorer la sécurité de l'expérience client Microsoft.Le programme Microsoft Defender Bounty invite des chercheurs à travers le monde à identifier les vulnérabilités dans les produits et services de défenseur et les partager avec notre équipe.
We are excited to announce the new Microsoft Defender Bounty Program with awards of up to $20,000 USD. The Microsoft Defender brand encompasses a variety of products and services designed to enhance the security of the Microsoft customer experience. The Microsoft Defender Bounty Program invites researchers across the globe to identify vulnerabilities in Defender products and services and share them with our team. |
Vulnerability | ★★ | |
|
2023-11-20 00:00:00 | Célébrer dix ans du programme Bounty Microsoft Bug et plus de 60 millions de dollars Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded (lien direct) |
Cette année marque le dixième anniversaire du programme Bounty Microsoft Bug, une partie essentielle de notre stratégie proactive pour protéger les clients contre les menaces de sécurité.Depuis sa création en 2013, Microsoft a attribué plus de 60 millions de dollars à des milliers de chercheurs en sécurité de 70 pays.Ces individus ont découvert et signalé des vulnérabilités sous une divulgation de vulnérabilité coordonnée, aidant Microsoft à naviguer dans le paysage et les technologies émergentes des menaces de sécurité en constante évolution.
This year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70 countries. These individuals have discovered and reported vulnerabilities under Coordinated Vulnerability Disclosure, aiding Microsoft in navigating the continuously evolving security threat landscape and emerging technologies. |
Vulnerability Threat | ★★★ | |
|
2023-11-14 00:00:00 | Microsoft Guidance concernant les informations d'identification divulguées aux journaux de GitHub Actions via Azure CLI Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI (lien direct) |
Résumé Résumé Le Microsoft Security Response Center (MSRC) a été informé d'une vulnérabilité où l'interface de ligne de commande (CLI) Azure pourrait exposer des informations sensibles, y compris les informations d'identification, via les journaux des actions GitHub.Le chercheur, du cloud Prisma de Palo Alto \\, a constaté que les commandes Azure CLI pouvaient être utilisées pour montrer les données sensibles et la sortie à l'intégration continue et aux journaux de déploiement continu (CI / CD).
Summary Summary The Microsoft Security Response Center (MSRC) was made aware of a vulnerability where Azure Command-Line Interface (CLI) could expose sensitive information, including credentials, through GitHub Actions logs. The researcher, from Palo Alto\'s Prisma Cloud, found that Azure CLI commands could be used to show sensitive data and output to Continuous Integration and Continuous Deployment (CI/CD) logs. |
Vulnerability Cloud | ★★★ | |
|
2023-10-10 00:00:00 | Réponse de Microsoft aux attaques de déni de service distribué (DDOS) contre HTTP / 2 Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2 (lien direct) |
Résumé Résumé À partir de septembre 2023, Microsoft a été informé par les partenaires de l'industrie d'une technique d'attaque de déni de service distribuée nouvellement identifiée (DDOS) utilisée dans le protocole Wild Cibunting HTTP / 2.Cette vulnérabilité (CVE-2023-44487) a un impact sur les points de terminaison HTTP / 2 exposés à Internet.En tant que leader de l'industrie, Microsoft a rapidement ouvert une enquête et a ensuite commencé à travailler avec des partenaires de l'industrie pour un plan de divulgation et d'atténuation coordonnée.
Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan. |
Vulnerability | ★★ | |
|
2023-10-02 00:00:00 | Réponse de Microsoft \\ aux vulnérabilités open source - CVE-2023-4863 et CVE-2023-5217 Microsoft\\'s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217 (lien direct) |
Microsoft est conscient et a publié des correctifs associés aux deux vulnérabilités de sécurité des logiciels open source, CVE-2023-4863 et CVE-2023-5217.Grâce à notre enquête, nous avons constaté que ceux-ci affectent un sous-ensemble de nos produits et à ce jour, nous les avons abordés dans nos produits comme indiqué ci-dessous: ** CVE-2023-4863 **
Microsoft Edge Microsoft Teams pour Desktop Skype pour les extensions d'image WebP de bureau (publiées sur Windows et mises à jour via Microsoft Store) ** CVE-2023-5217 **
Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below: **CVE-2023-4863 ** Microsoft Edge Microsoft Teams for Desktop Skype for Desktop Webp Image Extensions (Released on Windows and updates through Microsoft Store) **CVE-2023-5217 ** |
Vulnerability | ★★ | |
|
2023-09-18 00:00:00 | Microsoft a atténué l'exposition des informations internes dans un compte de stockage en raison de jeton SAS trop permissif Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token (lien direct) |
Résumé Résumé Dans le cadre d'un récent rapport de divulgation de vulnérabilité coordonnée (CVD) de Wiz.io, Microsoft a enquêté et a résolu un incident impliquant un employé de Microsoft qui a partagé une URL pour un magasin blob dans un référentiel de Github public tout en contribuant à l'ouverture de l'AI en Open AI Learning Learning Learning Learning Learning Learningdes modèles.Cette URL comprenait un jeton de signature d'accès partagé trop permissive (SAS) pour un compte de stockage interne.
Summary Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account. |
Vulnerability | ★★ | |
|
2023-08-08 00:00:00 | Mise à jour de notre classification de gravité de la vulnérabilité pour les systèmes d'IA Updating our Vulnerability Severity Classification for AI Systems (lien direct) |
Le Microsoft Security Response Center (MSRC) est toujours à la recherche de moyens de clarter et de transparence sur la façon dont nous évaluons l'impact des vulnérabilités rapportées dans nos produits et services.À cette fin, nous annonçons la classification de la gravité de la vulnérabilité Microsoft pour les systèmes d'IA, une mise à jour de la classification de la gravité de la vulnérabilité existante de Microsoft (i.
The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. To this end, we are announcing the Microsoft Vulnerability Severity Classification for AI Systems, an update to Microsoft’s existing vulnerability severity classification (i. |
Vulnerability | ★★ | |
|
2023-08-08 00:00:00 | Félicitations aux chercheurs en sécurité les plus précieux du PDSF 2023! Congratulations to the MSRC 2023 Most Valuable Security Researchers! (lien direct) |
Le programme de reconnaissance des chercheurs de Microsoft offre des remerciements et une reconnaissance publiques aux chercheurs en sécurité qui aident à protéger nos clients en découvrant et partageant des vulnérabilités de sécurité dans le cadre de la divulgation de vulnérabilité coordonnée.
Aujourd'hui, nous sommes ravis de reconnaître cette année les 100 meilleurs chercheurs (MVR) de cette année sur la base du nombre total de points gagnés pour chaque rapport valide.
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year\'s top 100 Most Valuable Researchers (MVRs) based on the total number of points earned for each valid report. |
Vulnerability | ★★ | |
|
2023-08-04 00:00:00 | Microsoft atténue la plate-forme d'alimentation Microsoft mitigates Power Platform Custom Code information disclosure vulnerability (lien direct) |
Résumé Résumé Le 30 mars 2023, Tenable a informé Microsoft sous la divulgation de vulnérabilité coordonnée (CVD) d'un problème de sécurité concernant les connecteurs personnalisés de la plate-forme d'alimentation à l'aide du code personnalisé.Cette fonction permet aux clients d'écrire du code pour les connecteurs personnalisés.Ce problème a été entièrement résolu pour tous les clients et aucune action de réparation des clients n'est requise.
Summary Summary On 30 March 2023, Tenable informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a security issue concerning Power Platform Custom Connectors using Custom Code. This feature allows customers to write code for custom connectors. This issue has been fully addressed for all customers and no customer remediation action is required. |
Vulnerability | ★★ | |
|
2023-07-14 02:00:00 | À quoi s'attendre lors de la signalement des vulnérabilités à Microsoft What to Expect When Reporting Vulnerabilities to Microsoft (lien direct) |
Au Microsoft Security Response Center (MSRC), notre mission est de protéger nos clients, nos communautés et Microsoft contre les menaces actuelles et émergentes à la sécurité et à la confidentialité.L'une des façons dont nous le faisons est de travailler avec des chercheurs en sécurité pour découvrir les vulnérabilités de sécurité dans nos services et nos produits, puis en s'assurant que ceux qui constituent une menace pour les clients sont réparés.
At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers get fixed. |
Vulnerability Threat | ★★ | |
|
2023-06-08 00:00:00 | Hey yara, trouvez des vulnérabilités Hey Yara, find some vulnerabilities (lien direct) |
Intro Intro Trouver des vulnérabilités dans le logiciel n'est pas une tâche facile en soi.Faire cela à l'échelle du cloud est très difficile à effectuer manuellement, et nous utilisons des outils pour nous aider à identifier les modèles ou les signatures de vulnérabilité.Yara est l'un de ces outils.
Yara est un outil très populaire avec des équipes bleues, des chercheurs de logiciels malveillants et pour une bonne raison.
Intro Intro Finding vulnerabilities in software is no easy task by itself. Doing this at cloud scale is very challenging to perform manually, and we use tools to help us identify patterns or vulnerability signatures. Yara is one of those tools. Yara is a very popular tool with Blue teams, malware researchers, and for good reason. |
Malware Tool Vulnerability Cloud | ★★ | |
|
2023-05-09 00:00:00 | Les directives liées aux modifications sécurisées du gestionnaire de démarrage associées au CVE-2023-24932 Guidance related to Secure Boot Manager changes associated with CVE-2023-24932 (lien direct) |
Résumé Résumé Aujourd'hui, Microsoft publie le CVE-2023-24932 du CVE-2023-2432 et le guidage de configuration associé, pour aborder une vulnérabilité de contournement de démarrage sécurisée utilisée par le BlackLotus Bootkit pour exploiter CVE-2022-21894.Les clients devront suivre de près les directives de configuration pour protéger pleinement contre cette vulnérabilité.
Cette vulnérabilité permet à un attaquant d'exécuter du code auto-signé au niveau Unified Extensible Firmware Interface (UEFI) tandis que Secure Boot est activé.
Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this vulnerability. This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware Interface (UEFI) level while Secure Boot is enabled. |
Vulnerability | ★★★ | |
|
2023-04-18 00:00:00 | Classification publique de vulnérabilité dans les services en ligne de Microsoft マイクロソフトのオンラインサービスにおける、脆弱性の深刻度分類の公開 (lien direct) |
Ce blog est Microsoft VuClassification de gravité de la lnerabilité pour la publication des services en ligne の 抄訳 版 です。 最新 の 情報Voir le texte original.microphone
本ブログは、Microsoft Vulnerability Severity Classification for Online Services Publication の抄訳版です。最新の情報は原文を参照してください。 マイク |
Vulnerability | ★★ | |
|
2023-04-18 00:00:00 | Classification de gravité de la vulnérabilité Microsoft pour la publication des services en ligne Microsoft Vulnerability Severity Classification for Online Services Publication (lien direct) |
Le Microsoft Security Response Center (MSRC) est toujours à la recherche de moyens de clarter et de transparence sur la façon dont nous évaluons l'impact des vulnérabilités rapportées dans nos produits et services.Nous avons publié une nouvelle classification de gravité de la vulnérabilité Microsoft pour les services en ligne afin de fournir des informations supplémentaires sur notre approche des services en ligne et des applications Web.
The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provide additional information about our approach to online services and web applications. |
Vulnerability | ★★ | |
|
2023-03-14 06:00:00 | Microsoft Mitigates Outlook Elevation of Privilege Vulnerability (lien direct) | Summary Summary Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure. | Vulnerability Threat | ★★★ | |
|
2023-03-14 00:00:00 | マイクロソフトは Outlook の 特権昇格の脆弱性を緩和します (lien direct) | 本ブログは、Microsoft Mitigates Outlook Elevation of Privilege Vulnerability の抄訳版です。最新の情報は原文を参照してください。 Microsoft Threat Intelligence は | Vulnerability Threat | ★ | |
|
2022-11-01 13:00:00 | Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB (lien direct) | > Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB Read More » | Vulnerability | ||
|
2022-07-18 13:40:00 | Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability (lien direct) | > Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability Read More » | Vulnerability | ||
|
2022-05-30 23:25:16 | Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability (lien direct) | > Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability Read More » | Tool Vulnerability | ||
|
2022-05-09 16:01:49 | Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) (lien direct) | Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole. The vulnerability could … Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) Read More » | Vulnerability | ★★★★ | |
|
2022-04-28 12:30:00 | Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution (lien direct) | MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user … Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution Read More » | Vulnerability | ||
|
2022-03-08 18:10:24 | Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint (lien direct) | Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure. Cybercriminals are looking for any opening to tamper with security protections in order to blind, confuse, or … Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint Read More » | Vulnerability | ||
|
2022-03-07 14:36:45 | Disclosure of Vulnerability in Azure Automation Managed Identity Tokens (lien direct) | On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identities tokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens. Microsoft has notified customers with affected Automation accounts. Microsoft recommends following the … Disclosure of Vulnerability in Azure Automation Managed Identity Tokens Read More » | Vulnerability | ||
|
2022-02-01 18:00:00 | Expanding the Microsoft Researcher Recognition Program (lien direct) | The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are expanding the program to recognize more security researchers in more ways for their contributions to protecting customers, and we published the first new leaderboard … Expanding the Microsoft Researcher Recognition Program Read More » | Vulnerability Guideline | ||
|
2021-12-22 18:07:24 | Azure App Service Linux source repository exposure (lien direct) | MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an application configured to serve static content, makes it possible … Azure App Service Linux source repository exposure Read More » | Vulnerability | ||
|
2021-12-12 05:28:18 | Microsoft\'s Response to CVE-2021-44228 Apache Log4j 2 (lien direct) | Published on: 2021 Dec 11 SUMMARY Microsoft is investigating the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. As we and the industry at large continue to gain a deeper understanding of the impact of this threat, we will publish technical … Microsoft's Response to CVE-2021-44228 Apache Log4j 2 Read More » | Tool Vulnerability | ||
|
2021-10-18 16:30:00 | New High Impact Scenarios and Awards for the Azure Bounty Program (lien direct) | Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft's holistic approach to defending … New High Impact Scenarios and Awards for the Azure Bounty Program Read More » | Vulnerability | ||
|
2021-09-08 22:00:00 | Coordinated disclosure of vulnerability in Azure Container Instances Service (lien direct) | Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI). Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal. If you did not receive a notification, no action is required with respect to this vulnerability. | Vulnerability | ||
|
2021-08-27 20:22:58 | Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature (lien direct) | On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s resources by using the account’s primary read-write key. We mitigated the vulnerability immediately. Our investigation indicates that no customer data was accessed because of this … Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature Read More » | Vulnerability | ||
|
2021-08-04 16:00:00 | Congratulations to the MSRC 2021 Most Valuable Security Researchers! (lien direct) | The MSRC Researcher Recognition Program offers public thanks and acknowledgement to the researchers who help protect customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year's Most Valuable Security Researchers (MVRs) based on the impact, accuracy, and volume of their reports. Congratulations to each of our MSRC … Congratulations to the MSRC 2021 Most Valuable Security Researchers! Read More » | Vulnerability | ||
|
2021-07-09 01:00:42 | Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability (lien direct) | On Tuesday July 6, 2021, Microsoft issued CVE-2021-34527 regarding a Windows Print Spooler vulnerability. Updates were released on July 6 and 7 which addressed the vulnerability for all supported Windows versions. We encourage customers to update as soon as possible. CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability. Following the out of band release … Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability Read More » | Vulnerability | ||
|
2021-07-08 16:00:00 | Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards (lien direct) | Partnering with the security research community is an important part of Microsoft's holistic approach to defending against security threats. Bug bounty programs are one part of this partnership. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), researchers continue to help us secure millions of customers. Over the past 12 months, Microsoft … Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards Read More » | Vulnerability |
1
We have: 35 articles.
We have: 35 articles.
To see everything:
Our RSS (filtrered)
