How Brad Schlintz built a life of freedom and impact through security research

At Microsoft Security Response Center MSRC, we celebrate the diverse paths that bring researchers to our community. Brad Schlintz’s story is one of curiosity, resilience, and a relentless drive to learn, spanning rural beginnings, career pivots, and a life shaped by both technology and travel. In...

Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards

We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this...

Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs

We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potentia...

Public Exploit Released for Windows 10 Bug

Security teams might have skipped January’s Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It’s a bug that now has a...

Celebrating 20 Years of Trustworthy Computing

20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing TwC initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees. Gates’ memo...

A week in security (January 27 – February 2)

Last week on Malwarebytes Labs, we looked at the strengths and weaknesses of the Zero Trust model, gave you the low-down on spear phishing, and took a delve into the world of securing the managed service provider MSP. Other cybersecurity news UN compromised via Sharepoint hack: An extraordinary...

Threat Source newsletter (May 23)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Election security is a touchy — and oftentimes depressing — topic of conversation. So why not let Beer with Talos bring some levity...

Recognizing Q4 Top 5 Bounty Hunters

We have tabulated the results from April-June 2018. The Top 5 Bounty Hunters for Q4 are now in. As with our list from Q3, we want to recognize both the leaders in payouts and in number of successful submissions. We appreciate the hard work and dedication of the following individuals and companies...

Recognizing Q3 Top 5 Bounty Hunters

Throughout the year, security researchers submit some amazing work to us under the Microsoft Bug Bounty program. Starting this quarter, we want to give a shout out to and acknowledge the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft...

September 7, 2017 – Morning Cyber Coffee Headlines – “NFL Kickoff” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! September 7, 2017 - Headlines Carbon Black in the News: Milton Security Announc...

As Bug Bounties Become the Norm, Challenges Remain

SEATTLE–For many years, Microsoft and other large software vendors resisted the idea of providing bug bounties or other financial incentives for researchers to report vulnerabilities. That changed when the landscape began to shift and more researchers began reporting vulnerabilities through broke...

Dennis Fisher and Mike Mimoso Discuss Bug Bounties, Bitcoin and the Apple Report

Dennis Fisher and Mike Mimoso talk about the major stories from the last couple of weeks, including the changes to the Microsoft bug bounty program, the new Internet bug bounty, the Apple transparency report and a new paper on a weakness in Bitcoin. Download: digitalunderground133.mp3...

MSN messenger improper file transfer ip-address field parsing

MSN Messenger bug Release Date: 20/11/03 Discovery date: Sometime around 2001 or 2000 Versions Affected: ------------------ Msn messenger 1.0 - msn messenger 6.0.0602 Windows messenger all versions Not Affected: ------------ Msn Messenger 6.1, trillian, gaim Description: ----------- A bug exists ...

nt4+sp4.y2k.txt

Date: Tue, 23 Mar 1999 18:31:34 -0500 From: Ilya Slavin To: [email protected] Subject: NT Y2K issue post SP4 Those of you who are in the process of deploying SP4 or are planning to do so should be aware that a new Y2K problem was discovered in this service pack. Here's the scoop. I...