Lucene search
+L

1371 matches found

MSRC
MSRC
added 2 days ago3 views

Congratulations to the top MSRC 2026 Q2 security researchers!

Congratulations to the researchers recognized in the MSRC 2026 Q2 Security Researcher Leaderboard. This quarter marks the final quarterly points-based leaderboard as we transition to our updated researcher recognition program. We are grateful for the contributions of the security research communi...

5.5AI score
Exploits0
MSRC
MSRC
added 2026/07/06 12:0 a.m.6 views

Congratulations to the MSRC 2026 Most Valuable Security Researchers

We are grateful to every security researcher who partnered with us over the past year. Through their reports and collaboration, they helped us identify and address vulnerabilities across our products and services...

6AI score
Exploits0
MSRC
MSRC
added 2026/06/30 12:0 a.m.8 views

Exploring the cloud: How Matthew Jensen approaches Azure security research

For Matthew Jensen, a career in security wasn't part of some carefully planned roadmap...

5.8AI score
Exploits0
MSRC
MSRC
added 2026/05/27 12:0 a.m.14 views

A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure

In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk...

5.8AI score
Exploits0
MSRC
MSRC
added 2026/05/22 12:0 a.m.28 views

From sixteen to methodical: Firas Fatnassi’s evolution as a security researcher

Firas has been interested in technology for as long as he can remember. Growing up in Tunisia, he was drawn to mobile phones, gaming consoles, and anything that hinted at how systems worked beneath the surface. But for a long time, security research did not feel accessible...

5.9AI score
Exploits0
MSRC
MSRC
added 2026/05/22 12:0 a.m.11 views

From sixteen to methodical: Firas Fatnassi’s evolution as a security researcher

Firas has been interested in technology for as long as he can remember. Growing up in Tunisia, he was drawn to mobile phones, gaming consoles, and anything that hinted at how systems worked beneath the surface. But for a long time, security research did not feel accessible...

6AI score
Exploits0
MSRC
MSRC
added 2026/05/12 12:0 a.m.11 views

A note on this month's Patch Tuesday

Each Patch Tuesday looks a little different. Some months are quieter, others are larger. This month's release sits on the larger side of a hotpatch month, and we expect releases to continue trending larger for some time. Every update reflects investments we have made across the development...

5.8AI score
Exploits0
MSRC
MSRC
added 2026/04/22 12:0 a.m.8 views

From first report to MVR: Harun’s path in cloud security research

Harun’s relationship with technology began early, driven by curiosity rather than obligation. While still in high school, he taught himself Pascal and C simply because he wanted to understand how things worked. Those languages never became central to his professional career, but they shaped how h...

5.7AI score
Exploits0
MSRC
MSRC
added 2026/04/13 12:0 a.m.6 views

Zero Day Quest 2026: $2.3 million awarded for vulnerability research

Protecting customers is at the core of Zero Day Quest. During the 2026 live hacking event, Microsoft partnered with the global security research community, representing more than 20 countries and a wide range of professional backgrounds, from high school students to college professors. Together,...

5.8AI score
Exploits0
MSRC
MSRC
added 2026/04/07 12:0 a.m.11 views

Strengthening secure software at global scale: How MSRC is evolving with AI

Cybersecurity has always been a race between defenders and attackers, constrained by human time, attention, and scale. What is changing now is the level of capability available to apply security fundamentals with far greater reach and speed...

5.8AI score
Exploits0
MSRC
MSRC
added 2026/04/06 12:0 a.m.5 views

Congratulations to the top MSRC 2026 Q1 security researchers!

Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...

5.9AI score
Exploits0
MSRC
MSRC
added 2026/03/04 12:0 a.m.9 views

The research never stops: Zhiniang Peng’s security research story

Some security researchers discover hacking early. Others discover it accidentally. For Zhiniang Peng, it started with curiosity and cybersecurity magazines...

5.9AI score
Exploits0
MSRC
MSRC
added 2026/02/20 12:0 a.m.14 views

From arcades to Azure: Felix’s security research journey

When you talk with Felix, you quickly get the sense that he has always been propelled by curiosity and by a need for something that truly challenges him. Today, he is a successful independent security researcher who uncovers vulnerabilities across Microsoft cloud services. However, his path into...

5.6AI score
Exploits0
MSRC
MSRC
added 2026/02/13 12:0 a.m.20 views

Submit your research: BlueHat 2026 Call for Papers is open

The next BlueHat Conference will take placeMay 5 - 6, 2026, on Microsoft’s Redmond campus in Washington State, USA. TheCall for Papers CFP is now open and closes February 28, 2026...

5.5AI score
Exploits0
MSRC
MSRC
added 2026/02/12 12:0 a.m.9 views

Fixing the script: Journey to reduce XSS exposure

Cross‑site scripting XSS remains one of the most frequently reported web vulnerabilities—not because developers are unaware of it, but because many deployed mitigations address symptoms rather than root causes. Across vulnerability reports and incident response investigations, both within Microso...

5.5AI score
Exploits0
MSRC
MSRC
added 2026/02/09 12:0 a.m.11 views

How Asem Eleraky went from a shared family PC to finding critical vulnerabilities

In the world of vulnerability research, origin stories are rarely linear. For Asem Eleraky, the path to becoming a Microsoft MVR began not in a SOC lab or a university classroom, but with a single family PC and a short daily window to explore his growing interest in cybersecurity...

5.5AI score
Exploits0
MSRC
MSRC
added 2026/02/06 12:0 a.m.12 views

From points to payouts: The evolution of the Microsoft security researcher leaderboard

The global security research community plays a critical role in helping Microsoft protect customers. Through their deep technical expertise, coordinated disclosure, and collaboration, researchers help identify and remediate vulnerabilities, and shape how our security programs evolve. Many of the...

5.4AI score
Exploits0
MSRC
MSRC
added 2026/01/29 12:0 a.m.14 views

“The bugs pick you”: Inside Wouter’s security research journey

If you ask Wouter when his security journey began, he’ll take you back to a childhood in the Netherlands, tinkering with the 8086 PC his parents brought home when he was five or six. That early curiosity, fueled by racing games, trial-and-error exploration, and a tendency to pull things apart jus...

5.9AI score
Exploits0
MSRC
MSRC
added 2026/01/18 12:0 a.m.7 views

URL Threat Detection: How Scanning Code Comments Prevented a Supply Chain Attack

Software supply chain attacks have become one of the most dangerous vectors for compromising enterprise and government systems. In 2025, Microsoft's security infrastructure detected a subtle but dangerous threat: a typo squatted URL embedded in...

6AI score
Exploits0
MSRC
MSRC
added 2026/01/05 12:0 a.m.15 views

Congratulations to the top MSRC 2025 Q4 security researchers!

Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...

7AI score
Exploits0
MSRC
MSRC
added 2025/12/11 12:0 a.m.13 views

Evolving our approach to coordinated security research: In scope by default

Today at Black Hat Europe, I raised our commitment to customer security through our partnerships with the security research community...

7AI score
Exploits0
MSRC
MSRC
added 2025/12/09 12:0 a.m.7 views

How Brad Schlintz built a life of freedom and impact through security research

At Microsoft Security Response Center MSRC, we celebrate the diverse paths that bring researchers to our community. Brad Schlintz’s story is one of curiosity, resilience, and a relentless drive to learn, spanning rural beginnings, career pivots, and a life shaped by both technology and travel. In...

6.9AI score
Exploits0
MSRC
MSRC
added 2025/11/18 12:0 a.m.10 views

Weaponizing cross site scripting: When one bug isn’t enough

Cross-Site Scripting XSS is often underestimated as a minor vulnerability. In reality, XSS can open the door to more severe attacks when combined with other vulnerabilities...

6.1AI score
Exploits0
MSRC
MSRC
added 2025/11/09 12:0 a.m.11 views

INTERN(al) MSRC variant hunting: From multi-tenant authorization to Model Context Protocol

When security researchers submit a vulnerability report to MSRC, the Vulnerabilities and Mitigations V&M team reviews it, reproduces the issue, and determines severity. The team reviews all submissions from internal and external security researchers...

7AI score
Exploits0
MSRC
MSRC
added 2025/10/31 12:0 a.m.6 views

You asked, we delivered: Introducing new features for an improved security experience

At the Microsoft Security Response Center MSRC, your feedback drives our innovation. Every enhancement we deliver starts with listening to the security community and our customers. Based on your input, we’ve introduced three new features designed to make your experience more efficient, transparen...

6.9AI score
Exploits0
MSRC
MSRC
added 2025/10/30 12:0 a.m.15 views

A deep dive into MUTZ

AtDEF CON 33, we shared our research into MapUrlToZone, a critical Windows security component that determines whether a given path is local, on the intranet, or on the broader Internet. This classification drives several security decisions across Windows, for example, preventing a CreateFile call...

7.1AI score
Exploits0
MSRC
MSRC
added 2025/10/28 12:0 a.m.14 views

Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know

On October 14, 2025, Microsoft released a security update addressingCVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, this security update addresses a scenario with a high CVSS score to help encourage mitigation actio...

9.9CVSS6.9AI score0.65838EPSS
Exploits5
MSRC
MSRC
added 2025/10/22 12:0 a.m.7 views

Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond

Microsoft is now publishing standard attestations about third-party CVEs through the Vulnerability Exploitability eXchange VEX standard including vulnerabilities in embedded open-source software in Microsoft products and services and starting with the Azure Linux Distribution formerly CBL-Mariner...

6.9AI score
Exploits0
MSRC
MSRC
added 2025/10/16 12:0 a.m.10 views

Congratulations to the top MSRC 2025 Q3 security researchers!

Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...

7AI score
Exploits0
MSRC
MSRC
added 2025/09/04 7:0 a.m.18 views

Why XSS still matters: MSRC’s perspective on a 25-year-old threat

Cross-Site Scripting XSS has been a known vulnerability class for two decades, yet it continues to surface in modern applications, including those built with the latest frameworks and cloud-native architectures. At Microsoft, we still receive a steady stream of XSS reports across our services, fr...

5.7AI score
Exploits0
MSRC
MSRC
added 2025/08/27 7:0 a.m.12 views

BlueHat Asia 2025: Closing soon: Submit your papers by September 14, 2025

The next chapter of the Microsoft Security Response Center’s MSRC BlueHat security conference is fast approaching. BlueHat Asia 2025 will take place in Bengaluru, India, on November 5 – 6, 2025 and the Call for Papers is now open. Submissions will be accepted through September 14, 2025. Now in it...

6.9AI score
Exploits0
MSRC
MSRC
added 2025/08/27 7:0 a.m.23 views

BlueHat Asia 2025: Closing soon: Submit your papers by September 5, 2025

The next chapter of the Microsoft Security Response Center’s MSRC BlueHat security conference is fast approaching. BlueHat Asia 2025 will take place in Bengaluru, India, on November 5 – 6, 2025 and the Call for Papers is now open. Submissions will be accepted through September 5, 2025. Now in its...

7.4AI score
Exploits0
MSRC
MSRC
added 2025/08/25 7:0 a.m.10 views

postMessaged and Compromised

At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the...

7.2AI score
Exploits0
MSRC
MSRC
added 2025/08/05 7:0 a.m.11 views

Microsoft Bounty Program year in review: $17 million in rewards

We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center MSRC, these security...

7.3AI score
Exploits0
MSRC
MSRC
added 2025/08/04 7:0 a.m.19 views

Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards

Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potenti...

7.4AI score
Exploits0
MSRC
MSRC
added 2025/07/31 7:0 a.m.9 views

.NET Bounty Program now offers up to $40,000 in awards

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impactin...

7.5AI score
Exploits0
MSRC
MSRC
added 2025/07/31 7:0 a.m.15 views

.NET Bounty Program now offers up to $40,000 in awards

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impactin...

7.5AI score
Exploits0
MSRC
MSRC
added 2025/07/29 7:0 a.m.71 views

How Microsoft defends against indirect prompt injection attacks

Summary The growing adoption of large language models LLMs in enterprise workflows has introduced a new class of adversarial techniques: indirect prompt injection. Indirect prompt injection can be used against systems that leverage large language models LLMs to process untrusted data...

7.7AI score
Exploits0
MSRC
MSRC
added 2025/07/19 7:0 a.m.25 views

Customer guidance for SharePoint vulnerability CVE-2025-53770

Revision Change Date 1.0 Information published 07/19/25 2.0 Clarified affected SharePoint product in summary 07/20/25 Added fix availability guidance Provided additional protections guidance regarding: Upgrade SharePoint products to supported versions if required Install July 2025 Security Update...

9.8CVSS6.4AI score0.99979EPSS
Exploits41
MSRC
MSRC
added 2025/07/15 7:0 a.m.39 views

Congratulations to the MSRC 2025 Most Valuable Security Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuabl...

7.5AI score
Exploits0
MSRC
MSRC
added 2025/07/07 7:0 a.m.26 views

Congratulations to the top MSRC 2025 Q2 security researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q2 Security Researcher Leaderboard are wkai, Brad...

7.2AI score
Exploits0
MSRC
MSRC
added 2025/07/01 7:0 a.m.16 views

Rising star: Meet Dylan, MSRC’s youngest security researcher

At just 13 years old, Dylan became the youngest security researcher to collaborate with the Microsoft Security Response Center MSRC. His journey into cybersecurity is inspiring—rooted in curiosity, resilience, and a deep desire to make a difference. Early beginnings: From scratch to security...

7.3AI score
Exploits0
MSRC
MSRC
added 2025/06/25 7:0 a.m.12 views

RedirectionGuard: Mitigating unsafe junction traversal in Windows

As attackers continue to evolve, Microsoft is committed to staying ahead by not only responding to vulnerabilities, but also by anticipating and mitigating entire classes of threats. One such threat, filesystem redirection attacks, has been a persistent vector for privilege escalation. In respons...

7.3AI score
Exploits0
MSRC
MSRC
added 2025/05/09 7:0 a.m.13 views

Congratulations to the Top MSRC 2025 Q1 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q1 Security Researcher Leaderboard are 0x140ce,...

7.2AI score
Exploits0
MSRC
MSRC
added 2025/04/21 7:0 a.m.9 views

Zero Day Quest 2025: $1.6 million awarded for vulnerability research

This month, the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact securit...

7.3AI score
Exploits0
MSRC
MSRC
added 2025/04/21 7:0 a.m.27 views

Zero Day Quest 2025: $1.6 million awarded for vulnerability research

This month, the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact securit...

7.3AI score
Exploits0
MSRC
MSRC
added 2025/03/14 7:0 a.m.29 views

Announcing the winners of the Adaptive Prompt Injection Challenge (LLMail-Inject)

We are excited to announce the winners of LLMail-Inject, our first Adaptive Prompt Injection Challenge! The challenge ran from December 2024 until February 2025 and was featured as one of the four official competitions of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning IEEE...

7.9AI score
Exploits0
MSRC
MSRC
added 2025/03/13 7:0 a.m.13 views

Jailbreaking is (mostly) simpler than you think

Content warning: This blog post contains discussions of sensitive topics. These subjects may be distressing or triggering for some readers. Reader discretion is advised. Today, we are sharing insights on a simple, optimization-free jailbreak method called Context Compliance Attack CCA, that has...

7.2AI score
Exploits0
MSRC
MSRC
added 2025/02/07 8:0 a.m.22 views

Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation

At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot AI Bounty Program. These changes are designed to enhance the program's effectiveness, incentivize...

7.2AI score
Exploits0
MSRC
MSRC
added 2025/01/21 8:0 a.m.11 views

Scaling Dynamic Application Security Testing (DAST)

Introduction Microsoft engineering teams use the Security Development Lifecycle to ensure our products are built in alignment with Microsoft’s Secure Future Initiative security principles: Secure by Design, Secure by Default, and Secure Operations. A key component of the Security Development...

7.4AI score
Exploits0
Total number of security vulnerabilities1371