msrc-blog

Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI) that could potentially allow a user to access other customers’ information in the ACI service. Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal.

Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI) that could potentially allow a user to access other customers’ information in the ACI service. Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal.

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s resources by using the account’s primary read-write key. We mitigated the vulnerability immediately. Our investigation indicates that no customer data was accessed because of this vulnerability by third parties or security researchers.

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s resources by using the account’s primary read-write key. We mitigated the vulnerability immediately. Our investigation indicates that no customer data was accessed because of this vulnerability by third parties or security researchers.

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft Azure. Qualified submissions are eligible for bounty rewards up to $60,000 USD, with additional awards for identifying innovative or novel attack patterns.

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft Azure. Qualified submissions are eligible for bounty rewards up to $60,000 USD, with additional awards for identifying innovative or novel attack patterns.

Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges.

2021 年 8 月 11 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし

Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges.

本記事は「Point and Print Default Behavior Change」の日本語抄訳です。 “PrintNightmare” と総称されるいくつかの脆弱性を調査した