Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2014/09/09 7:0 a.m.14 views

The September 2014 Security Updates

Today, as a part of our regular Update Tuesday process, we released four security bulletins – one rated Critical and three rated Important in severity – to address 42 Common Vulnerabilities & Exposures CVEs in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. We encourage you...

7.3AI score
Exploits0
MSRC
MSRC
added 2013/08/13 7:0 a.m.14 views

Assessing risk for the August 2013 security updates

Today we released eight security bulletins addressing 23 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...

7AI score
Exploits0
MSRC
MSRC
added 2026/02/20 12:0 a.m.13 views

From arcades to Azure: Felix’s security research journey

When you talk with Felix, you quickly get the sense that he has always been propelled by curiosity and by a need for something that truly challenges him. Today, he is a successful independent security researcher who uncovers vulnerabilities across Microsoft cloud services. However, his path into...

5.6AI score
Exploits0
MSRC
MSRC
added 2026/01/05 12:0 a.m.13 views

Congratulations to the top MSRC 2025 Q4 security researchers!

Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...

7AI score
Exploits0
MSRC
MSRC
added 2025/10/30 12:0 a.m.13 views

A deep dive into MUTZ

AtDEF CON 33, we shared our research into MapUrlToZone, a critical Windows security component that determines whether a given path is local, on the intranet, or on the broader Internet. This classification drives several security decisions across Windows, for example, preventing a CreateFile call...

7.1AI score
Exploits0
MSRC
MSRC
added 2024/11/19 8:0 a.m.13 views

Securing AI and Cloud with the Zero Day Quest

Our security teams work around the clock to help protect every person and organization on the planet from security threats. We also know that security is a team sport, and that’s why we also partner with the global security community through our bug bounty programs to proactively identify and...

7.4AI score
Exploits0
MSRC
MSRC
added 2024/07/31 7:0 a.m.13 views

Introducing the MSRC Researcher Resource Center

Microsoft partners with the global security researcher community to surface and report security vulnerabilities to protect all users of Microsoft products and services. Researcher submissions help us address immediate threats while also identifying trends and insights to holistically improve the...

7.5AI score
Exploits0
MSRC
MSRC
added 2023/11/20 8:0 a.m.13 views

Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded

This year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70 countries. These...

7.5AI score
Exploits0
MSRC
MSRC
added 2023/10/05 7:0 a.m.13 views

Cybersecurity Awareness Month 2023: Elevating Security Together

As the 20th anniversary of Cybersecurity Awareness Month begins, I find myself reflecting on the strides made since its inception. The journey to enhance and improve cybersecurity is ongoing and extends beyond October. It’s not merely a technological challenge; it is fundamentally about people...

6.8AI score
Exploits0
MSRC
MSRC
added 2023/06/14 7:0 a.m.13 views

Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry

Summary Summary Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry ACR. Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target users session within the...

6.8AI score
Exploits0
MSRC
MSRC
added 2023/03/29 7:0 a.m.13 views

Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD

Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of our internal applications. The misconfiguration allowed external parties read and write access...

7.1AI score
Exploits0
MSRC
MSRC
added 2023/01/17 8:0 a.m.13 views

Microsoft resolves four SSRF vulnerabilities in Azure cloud services

Summary Summary Microsoft recently fixed a set of Server-Side Request Forgery SSRF vulnerabilities in four Azure services Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins reported by Orca Security. These SSRF vulnerabilities were determined to be low risk as...

2.7AI score
Exploits0
MSRC
MSRC
added 2022/12/13 8:0 a.m.13 views

2022 年 12 月のセキュリティ更新プログラム (月例)

2022 年 12 月 13 日 米国時間 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/10/13 7:0 a.m.13 views

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you...

7.1AI score
Exploits0
MSRC
MSRC
added 2022/10/12 7:0 a.m.13 views

Improvements in Security Update Notifications Delivery - And a New Delivery Method

At MSRC, we are passionate about ensuring our customers have a positive experience when they use the Microsoft Security Update Guide SUG. A big part of improving that experience is ensuring that customers have timely and easily accessible notifications. As such we have two important announcements...

6.8AI score
Exploits0
MSRC
MSRC
added 2022/09/20 7:0 a.m.13 views

Azure Identity SDK と Azure Key Vault SDKに関する多層防御のためのアップデートとベストプラクティスの実装ガイダンス

本ブログは、Defense-in-Depth Updates for Azure Identity SDK and Azure Key Vault SDK plus Best Practice Implementation Guidance の抄訳版です。最新の情報は...

1.9AI score
Exploits0
MSRC
MSRC
added 2022/08/12 7:0 a.m.13 views

1年間のバグ報奨金プログラム レビュー: 報奨金 $13.7M

本ブログは、Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards の抄訳版です。最新の情報は原文を参照してください。 Microsoft...

2.4AI score
Exploits0
MSRC
MSRC
added 2022/08/08 7:0 a.m.13 views

Congratulations to the MSRC 2022 Most Valuable Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most...

0.8AI score
Exploits0
MSRC
MSRC
added 2022/07/19 7:0 a.m.13 views

Azure Storage SDK でのクライアントサイド暗号化におけるパディング オラクル の脆弱性を軽減

本ブログは、Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability の抄訳版です。最新の情報は原文を参照してください。...

1.5AI score
Exploits0
MSRC
MSRC
added 2022/04/15 7:0 a.m.13 views

影響の大きいシナリオにおけるマイクロソフトのバグ報奨金プログラムの拡大

本ブログは、Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programsの抄訳版です。最新の情報は原文を参照し...

1.8AI score
Exploits0
MSRC
MSRC
added 2022/04/05 7:0 a.m.13 views

On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program

Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program. Through this expanded program, we encourage researchers to discover and report high-impact security...

1.1AI score
Exploits0
MSRC
MSRC
added 2022/03/30 7:0 a.m.13 views

Randomizing the KUSER_SHARED_DATA Structure on Windows

Opps, this post exists, but was actually published 4/5/2022. We're navigating you to the correct page now. If that doesn't work click the link below: Randomizing the KUSERSHAREDDATA Structure on Windows – Microsoft Security Response Center...

7.2AI score
Exploits0
MSRC
MSRC
added 2022/03/30 7:0 a.m.13 views

Randomizing the KUSER_SHARED_DATA Structure on Windows

Opps, this post exists, but was actually published 4/5/2022. Were navigating you to the correct page now. If that doesnt work click the link below: Randomizing the KUSERSHAREDDATA Structure on Windows – Microsoft Security Response Center...

1.7AI score
Exploits0
MSRC
MSRC
added 2021/11/17 8:0 a.m.13 views

アプリケーションおよびサービス プリンシパル API での Azure Active Directory (AD) keyCredential プロパティの情報漏えいに関するガイダンス

本ブログは、“Guidance for Azure Active Directory AD keyCredential property Information Disclosure in Application and Service Principal APIs” の抄訳版です。最新の情報は、原本...

2.1AI score
Exploits0
MSRC
MSRC
added 2021/04/29 7:0 a.m.13 views

“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks

Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These...

3.4AI score
Exploits0
MSRC
MSRC
added 2021/02/10 8:0 a.m.13 views

MSRC Security Researcher Recognition: 2021

Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different paths you can take to get into the top researcher tiers. The MSRC Most Valuable Security Researcher MVR and MSRC...

1.8AI score
Exploits0
MSRC
MSRC
added 2021/02/09 8:0 a.m.13 views

Continuing to Listen: Good News about the Security Update Guide API!

Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. Were happy to make this valuable public...

3.2AI score
Exploits0
MSRC
MSRC
added 2020/11/10 8:0 a.m.13 views

セキュリティ更新プログラム リリース スケジュール (2021 年)

2021 年のセキュリティ更新プログラムの公開予定日は下記のとおりです。更新プログラムの評価、テスト、適用の...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/04/21 7:0 a.m.13 views

安心・安全に利用するために : 基本のセキュリティ設定を確認しましょう (Windows 10)

昨今は、リモートワークのために、企業や組織で新たに持ち出し用デバイスを展開したり、あるいは、個人で所...

1.8AI score
Exploits0
MSRC
MSRC
added 2020/04/09 7:0 a.m.13 views

リモート環境における更新プログラム適用の考慮事項

マイクロソフトは通常通り、4 月の月例セキュリティ更新日 2020 年 4 月 15 日 日本時間 に、定例のセキュリティ更...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/02/11 8:0 a.m.13 views

2020 年 2 月のセキュリティ更新プログラム (月例)

2020 年 2 月 12 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/02/11 8:0 a.m.13 views

February 2020 security updates are available

We have released the February security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...

6.7AI score
Exploits0
MSRC
MSRC
added 2020/01/15 8:0 a.m.13 views

Announcing MSRC 2019 Q4 Security Researcher Leaderboard

Following the first Security Researcher Quarterly Leaderboard we published in October 2019, we are excited to announce the MSRC Q4 2019 Security Researcher Leaderboard, which shows the top contributing researchers for the last quarter. In each quarterly leaderboard, we recognize the security...

2.7AI score
Exploits0
MSRC
MSRC
added 2019/11/06 8:0 a.m.13 views

Vulnerability hunting with Semmle QL: DOM XSS

In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­...

6.5AI score
Exploits0
MSRC
MSRC
added 2019/10/23 7:0 a.m.13 views

セキュリティ更新プログラム リリース スケジュール (2020 年)

2019 年のリリース スケジュールは「セキュリティ更新プログラム リリース スケジュール 2019 年」をご覧ください。...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/09/03 7:0 a.m.13 views

Acquiring a VHD to Investigate

In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating and maintaining a VM image which can be...

2.1AI score
Exploits0
MSRC
MSRC
added 2019/07/22 7:0 a.m.13 views

Why Rust for safe systems programming

In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represen...

2.6AI score
Exploits0
MSRC
MSRC
added 2019/07/16 7:0 a.m.13 views

A proactive approach to more secure code

What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre MSRC has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019...

1AI score
Exploits0
MSRC
MSRC
added 2019/06/25 9:21 p.m.13 views

Inside the MSRC – Customer-centric incident response

The Microsoft Security Response Center MSRC is an integral part of Microsoft’s Cyber Defense Operations Center CDOC that brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with dedicated teams 24×7, the CDOC has...

0.7AI score
Exploits0
MSRC
MSRC
added 2019/06/11 11:48 p.m.13 views

2019 年 6 月のセキュリティ更新プログラム (月例)

2019 年 6 月 12 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/06/11 7:0 a.m.13 views

June 2019 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

2.9AI score
Exploits0
MSRC
MSRC
added 2019/05/31 7:0 a.m.13 views

BlueHat Shanghai 2019: Amplifying the power of defensive partnerships around the world

Earlier this week BlueHat Shanghai brought together security researchers and hundreds of cybersecurity professionals from China and across Asia to explore the latest topics in cybersecurity research. Including presentations from Qihoo 360, Baidu, Alibaba and the Chinese Academy of Sciences, BlueH...

0.8AI score
Exploits0
MSRC
MSRC
added 2019/05/29 5:33 p.m.13 views

Time travel debugging: It’s a blast! (from the past)

The Microsoft Security Response Center MSRC works to assess vulnerabilities that are externally reported to us as quickly as possible, but time can be lost if we have to confirm details of the repro steps or environment with the researcher to reproduce the vulnerability. Microsoft has made our...

1.5AI score
Exploits0
MSRC
MSRC
added 2019/01/17 8:0 a.m.13 views

Announcing the Microsoft Azure DevOps Bounty program

The Microsoft Security Response Center MSRC is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities i...

2.4AI score
Exploits0
MSRC
MSRC
added 2018/09/11 7:0 a.m.13 views

September 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...

2.7AI score
Exploits0
MSRC
MSRC
added 2018/02/13 8:0 a.m.13 views

2018 年 2 月のセキュリティ更新プログラム (月例)

更新履歴 2018/2/15 更新: ADV180005 の公開に関する情報を追記しました。 -------------------- 2018 年 2 月 14 日 日本時間、マイクロソフトは以下...

0.3AI score
Exploits0
MSRC
MSRC
added 2018/01/09 6:16 p.m.13 views

January 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
MSRC
MSRC
added 2017/07/26 7:0 a.m.13 views

Announcing the Windows Bounty Program

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...

1.3AI score
Exploits0
MSRC
MSRC
added 2017/05/09 7:0 a.m.13 views

Coming together to address Encapsulated PostScript (EPS) attacks

Today’s security updates include three updates that exemplify how the security ecosystem can come together to help protect consumers and enterprises. We would like to thank FireEye and ESET for working with us. Customers that have the latest security updates installed are protected against the...

1.7AI score
Exploits0
MSRC
MSRC
added 2016/05/10 7:0 a.m.13 views

May 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

6.7AI score
Exploits0
Total number of security vulnerabilities1366