LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

A proof-of-concept PoC exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol LDAP that could trigger a denial-of-service DoS condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 CVSS score: 7.5. It was addressed ...

Congratulations to the Top MSRC 2024 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q2 Security Researcher Leaderboard are Yuki Chen,...

Congratulations to the Top MSRC 2023 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q4 Security Researcher Leaderboard are Yuki Chen,...

Congratulations to the Top MSRC 2023 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q2 Security Researcher Leaderboard are: Yuki Chen...

Congratulations to the Top MSRC 2022 Q3 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi...

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researche...

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researche...

Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime

Microsoft’s April 2022 Patch Tuesday introduced patches to more than a hundred new vulnerabilities in various components. Three critical vulnerabilities were found and patched in Windows RPC Remote Procedure Call runtime: CVE-2022-24492 and CVE-2022-24528 discovered by Yuki Chen with Cyber KunLun...

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities

Microsoft's Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. 10 of the 128 bugs fixed are rated...

Top MSRC 2020 Q4 Security Researchers – Congratulations!

We’re excited to announce the top contributing researchers for the 2020 Fourth Quarter Q4! Congratulations to all of the researchers who made this quarter’s leaderboard and a huge thank you to everyone who continues to help secure our customers and the ecosystem. The top three researchers of the...

Congratulating Our Top 2020 Q1 Security Researchers!

Following the second Security Researcher Quarterly Leaderboard and the 2020 MSRC Most Valuable Security Researchers criteria we published in February 2020, we are excited to announce the 2020 First Quarter Q1 Security Researcher Leaderboard, listing our top contributing researchers for the last...

Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin https://helpx.adobe.com/security/products/flash-player/apsb15-32.html, most likely...