1366 matches found
A note on this month's Patch Tuesday
Each Patch Tuesday looks a little different. Some months are quieter, others are larger. This month's release sits on the larger side of a hotpatch month, and we expect releases to continue trending larger for some time. Every update reflects investments we have made across the development...
Evolving our approach to coordinated security research: In scope by default
Today at Black Hat Europe, I raised our commitment to customer security through our partnerships with the security research community...
INTERN(al) MSRC variant hunting: From multi-tenant authorization to Model Context Protocol
When security researchers submit a vulnerability report to MSRC, the Vulnerabilities and Mitigations V&M team reviews it, reproduces the issue, and determines severity. The team reviews all submissions from internal and external security researchers...
BlueHat Asia 2025: Closing soon: Submit your papers by September 14, 2025
The next chapter of the Microsoft Security Response Center’s MSRC BlueHat security conference is fast approaching. BlueHat Asia 2025 will take place in Bengaluru, India, on November 5 – 6, 2025 and the Call for Papers is now open. Submissions will be accepted through September 14, 2025. Now in it...
postMessaged and Compromised
At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the...
Microsoft Bounty Program year in review: $17 million in rewards
We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center MSRC, these security...
Congratulations to the Top MSRC 2025 Q1 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q1 Security Researcher Leaderboard are 0x140ce,...
Jailbreaking is (mostly) simpler than you think
Content warning: This blog post contains discussions of sensitive topics. These subjects may be distressing or triggering for some readers. Reader discretion is advised. Today, we are sharing insights on a simple, optimization-free jailbreak method called Context Compliance Attack CCA, that has...
Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access
Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with vario...
First steps in CHERIoT Security Research
At Microsoft, we invest a lot of time researching and investigating possibilities in our journey to memory safety. Because the massive majority of existing codebases are written in unsafe programming languages, the task of protecting legacy code is very important. Hardware solutions are an...
BlueHat 2023: Applications to Attend NOW OPEN!
We are excited to announce that applications to attend BlueHat 2023 are now open We are excited to announce that applications to attend BlueHat 2023 are now open BlueHat 2023 will be the 20th version of the BlueHat conference and will once again be on the Microsoft campus in Redmond, WA, USA, fro...
Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB
Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB currently in preview reported by Orca Security. Customers not using Jupyter Notebooks 99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks were not susceptible to this...
Microsoft Exchange サーバーのゼロデイ脆弱性報告に関するお客様向けガイダンス
本ブログは、Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Serverの抄訳版です。最新の情報は原文を参照してくだ...
2022 年 8 月のセキュリティ更新プログラム (月例)
2022 年 8 月 9 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...
Congratulations to the Top MSRC 2022 Q2 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q2 Security Researcher Leaderboard are: Yuki Chen...
A Man of Action: Meet Callum Carney
Hidden Talents : He was a competitive swimmer for many years. Instrument of Choice : His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life : The Office, World War Z, The Matrix, Breaking Bad, The Thick of It...
Anatomy of a Security Update
The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provid...
Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!
Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researche...
Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs
We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potentia...
ウクライナにおけるサイバー脅威アクティビティ: 分析とリソース
本ブログは、Cyber threat activity in Ukraine: analysis and resources – Microsoft Security Response Center の抄訳版です。最新の情報は原文を参照してください。 2022 年...
Coming Soon: New Security Update Guide Notification System
Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we have been working to make signing up for and receiving Security Update Guide notifications easier. We are...
Azure App Service Linux source repository exposure
MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...
セキュリティ更新プログラム リリース スケジュール (2022 年)
2022 年のセキュリティ更新プログラムの公開予定日は下記のとおりです。更新プログラムの評価、テスト、適用の...
New High Impact Scenarios and Awards for the Azure Bounty Program
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program
Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope ...
Congratulations to the MSRC 2021 Most Valuable Security Researchers!
The MSRC Researcher Recognition Program offers public thanks and acknowledgement to the researchers who help protect customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuable Security...
Security Update Validation Program (SUVP) に関するよくあるお問い合わせ
本記事は「Security Update Validation Program: the early bird tests the worm」の日本語抄訳です。 Security Update Validation Program SUVP、セキュリテ...
2021 年 7 月のセキュリティ更新プログラム (月例)
2021 年 7 月 14 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021
On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by applying the patches immediately to...
MSRC Security Researcher Recognition: 2021
Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different paths you can take to get into the top researcher tiers. The MSRC Most Valuable Security Researcher MVR and MSRC...
2021 年 2 月のセキュリティ更新プログラム (月例)
2021 年 2 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Top MSRC 2020 Q4 Security Researchers – Congratulations!
We’re excited to announce the top contributing researchers for the 2020 Fourth Quarter Q4! Congratulations to all of the researchers who made this quarter’s leaderboard and a huge thank you to everyone who continues to help secure our customers and the ecosystem. The top three researchers of the...
Microsoft Internal Solorigate Investigation Update
As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Like other SolarWinds customers, we have been actively looking for indicators of the Solorigate actor and want ...
[IT 管理者向け] CVSS を読み解いて脆弱性をより正しく理解する
新しいバージョンのセキュリティ更新プログラムについては下記の関連ブログもご覧ください。 「新しいセキュ...
2020 年 10 月のセキュリティ更新プログラム (月例)
2020 年 10 月 14 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community
The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. During the three-month Azure Sphere Security Research Challenge, researchers...
What to Expect When Reporting Vulnerabilities to Microsoft
At the Microsoft Security Response Center’s MSRC, our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers...
New and improved Security Update Guide!
We’re excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or...
What to Expect When Reporting Vulnerabilities to Microsoft
At the Microsoft Security Response Center’s MSRC, our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers...
Control Flow Guard for Clang/LLVM and Rust
As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard CFG support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? CFG is a platform security technology designed to enforce control flow...
Congratulations to the MSRC’s 2020 Most Valuable Security Researchers
Today we announce our Most Valuable Security Researchers for 2020! The MSRC Researcher Recognition program is an integral aspect of recognizing the ongoing partnerships with our community of talented security researchers who report through Coordinated Vulnerability Disclosure CVD. These...
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards
Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude. The...
Microsoft Joins Open Source Security Foundation
Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...
マルウェア感染が判明した場合の対応ステップ
昨今、働き方の変化に伴い、BYOD Bring Your Own Device 端末のご利用やリモートワークの必要性が増加しています。それ...
Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack
Machine learning ML is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud,...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...
2020 年 4 月のセキュリティ更新プログラム (月例)
2020 年 4 月 15 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...
Calling for security research in Azure Sphere, now generally available
Today, Microsoft released Azure Sphere into General Availability GA. Azure Sphere’s mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. Azure Sphere is an end-to-end solution for securely connecting existing equipment and for creating...
[サイバーセキュリティ月間2020] マイクロソフト セキュリティパッチのきほん②
※ 2020 年 11 月に、セキュリティ更新プログラム ガイドがリニューアルしています。新しいセキュリティ更新プログ...
カスタマー サポート データベースのアクセス構成の誤りについて
本記事は、Microsoft Security Response Center ブログ “Access Misconfiguration for Customer Support Database” 2020 年 1 月 22 日 米国時間...