Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2014/02/10 8:0 a.m.10 views

Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release

Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be...

7AI score
Exploits0
MSRC
MSRC
added 2014/01/17 8:0 a.m.10 views

Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A

Today we’re publishing the January 2014 Security Bulletin Webcast Questions & Answers page. We answered 16 questions in total, with the majority of questions focusing on the Dynamics AX bulletin MS14-004, the update for Microsoft Word MS14-001 and the re-release of the Windows 7 and Windows Serve...

7.3AI score
Exploits0
MSRC
MSRC
added 2013/11/12 8:0 a.m.10 views

Security Advisory 2868725: Recommendation to disable RC4

In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations. Microsoft recommends TLS1.2 with AES-GCM as a more secur...

6.8AI score
Exploits0
MSRC
MSRC
added 2013/10/29 7:0 a.m.10 views

Software Defense: mitigating heap corruption vulnerabilities

Heap corruption vulnerabilities are the most common type of vulnerability that Microsoft addresses through security updates today. These vulnerabilities typically occur as a result of programming mistakes that make it possible to write beyond the bounds of a heap buffer a spatial issue or to plac...

7.3AI score
Exploits0
MSRC
MSRC
added 2013/10/08 7:0 a.m.10 views

Assessing risk for the October 2013 security updates

Today we released eight security bulletins addressing 25 CVE’s. Four bulletins have a maximum severity rating of Critical while the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...

7AI score
Exploits0
MSRC
MSRC
added 2013/10/07 7:0 a.m.10 views

The October 2013 security updates

This month we release eight bulletins – four Critical and four Important - which address 25 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080,...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/10/07 7:0 a.m.10 views

An update on the bounty programs

Back in June of this year, we announced three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview. This past Friday, we provided some...

7.2AI score
Exploits0
MSRC
MSRC
added 2013/10/04 7:0 a.m.10 views

Bounty News Update: Bountiful Harvest

Fall is a season traditionally associated with a harvest after planting the seeds and tending the crops. Today I’m proud to announce the names of six very smart people who have helped us make our products more secure by participating in our new bounty programs. When we launched our bounty program...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/08/19 7:0 a.m.10 views

August 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the August 2013 Security Bulletin Webcast Questions & Answers page. We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Exchange Server MS13-061 and Windows Kernel MS13-063. There were 3 additional questions...

7AI score
Exploits0
MSRC
MSRC
added 2013/08/06 7:0 a.m.10 views

The story of MS13-002: How incorrectly casting fat pointers can make your code explode

C++ supports developers in object-orientated programming and removes from the developer the responsibility of dealing with many object-oriented programming OOP paradigm problems. But these problems do not magically disappear. Rather it is the compiler that aims to provide a solution to many of th...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/07/09 7:0 a.m.10 views

Assessing risk for the July 2013 security updates

Today we released seven security bulletins addressing 34 CVE’s. Six bulletins have a maximum severity rating of Critical, and one has a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulleti...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/07/09 7:0 a.m.10 views

A new policy for store apps and the July 2013 security updates

There are those I’ve met who think my life is something akin to the classic comedy Groundhog Day. No, I don’t wake up to the musical stylings of Sonny and Cher each morning, but month after month after month, the second Tuesday rolls around and I’m involved in releasing security updates...

7AI score
Exploits0
MSRC
MSRC
added 2013/07/03 7:0 a.m.10 views

New Bounty Programs – One Week In

Two weeks ago, Microsoft made an important evolutionary step in our work with the security community when we announced our first-ever bounty programs for security issues. One week ago, the Windows 8.1 Preview and Internet Explorer 11 Preview became available for download, and the doors officially...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/06/14 7:0 a.m.10 views

June 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the June 2013 Security Bulletin Webcast Questions & Answers page. We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler MS13-050, Microsoft Office MS13-051, and the security advisory addressing digital certificate...

6.9AI score
Exploits0
MSRC
MSRC
added 2013/06/11 7:0 a.m.10 views

MS13-051: Get Out of My Office!

MS13-051 addresses a security vulnerability in Microsoft Office 2003 and Office for Mac. Newer versions of Microsoft Office for Windows are not affected by this vulnerability, but the newest version of Office for Mac 2011 is affected. We have seen this vulnerability exploited in targeted 0day...

6.8AI score
Exploits0
MSRC
MSRC
added 2026/05/12 12:0 a.m.9 views

A note on this month's Patch Tuesday

Each Patch Tuesday looks a little different. Some months are quieter, others are larger. This month's release sits on the larger side of a hotpatch month, and we expect releases to continue trending larger for some time. Every update reflects investments we have made across the development...

5.8AI score
Exploits0
MSRC
MSRC
added 2026/04/07 12:0 a.m.9 views

Strengthening secure software at global scale: How MSRC is evolving with AI

Cybersecurity has always been a race between defenders and attackers, constrained by human time, attention, and scale. What is changing now is the level of capability available to apply security fundamentals with far greater reach and speed...

5.8AI score
Exploits0
MSRC
MSRC
added 2025/12/11 12:0 a.m.9 views

Evolving our approach to coordinated security research: In scope by default

Today at Black Hat Europe, I raised our commitment to customer security through our partnerships with the security research community...

7AI score
Exploits0
MSRC
MSRC
added 2025/11/09 12:0 a.m.9 views

INTERN(al) MSRC variant hunting: From multi-tenant authorization to Model Context Protocol

When security researchers submit a vulnerability report to MSRC, the Vulnerabilities and Mitigations V&M team reviews it, reproduces the issue, and determines severity. The team reviews all submissions from internal and external security researchers...

7AI score
Exploits0
MSRC
MSRC
added 2025/08/25 7:0 a.m.9 views

postMessaged and Compromised

At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the...

7.2AI score
Exploits0
MSRC
MSRC
added 2025/08/05 7:0 a.m.9 views

Microsoft Bounty Program year in review: $17 million in rewards

We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center MSRC, these security...

7.3AI score
Exploits0
MSRC
MSRC
added 2025/05/09 7:0 a.m.9 views

Congratulations to the Top MSRC 2025 Q1 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q1 Security Researcher Leaderboard are 0x140ce,...

7.2AI score
Exploits0
MSRC
MSRC
added 2025/03/13 7:0 a.m.9 views

Jailbreaking is (mostly) simpler than you think

Content warning: This blog post contains discussions of sensitive topics. These subjects may be distressing or triggering for some readers. Reader discretion is advised. Today, we are sharing insights on a simple, optimization-free jailbreak method called Context Compliance Attack CCA, that has...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/04/11 7:0 a.m.9 views

Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access

Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with vario...

7.3AI score
Exploits0
MSRC
MSRC
added 2023/02/28 8:0 a.m.9 views

First steps in CHERIoT Security Research

At Microsoft, we invest a lot of time researching and investigating possibilities in our journey to memory safety. Because the massive majority of existing codebases are written in unsafe programming languages, the task of protecting legacy code is very important. Hardware solutions are an...

7.1AI score
Exploits0
MSRC
MSRC
added 2022/12/02 8:0 a.m.9 views

BlueHat 2023: Applications to Attend NOW OPEN!

We are excited to announce that applications to attend BlueHat 2023 are now open We are excited to announce that applications to attend BlueHat 2023 are now open BlueHat 2023 will be the 20th version of the BlueHat conference and will once again be on the Microsoft campus in Redmond, WA, USA, fro...

2.9AI score
Exploits0
MSRC
MSRC
added 2022/11/01 7:0 a.m.9 views

Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB currently in preview reported by Orca Security. Customers not using Jupyter Notebooks 99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks were not susceptible to this...

7.5AI score
Exploits0
MSRC
MSRC
added 2022/09/30 7:0 a.m.9 views

Microsoft Exchange サーバーのゼロデイ脆弱性報告に関するお客様向けガイダンス

本ブログは、Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Serverの抄訳版です。最新の情報は原文を参照してくだ...

1.7AI score
Exploits0
MSRC
MSRC
added 2022/08/09 7:0 a.m.9 views

2022 年 8 月のセキュリティ更新プログラム (月例)

2022 年 8 月 9 日(米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/07/19 7:0 a.m.9 views

Congratulations to the Top MSRC 2022 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q2 Security Researcher Leaderboard are: Yuki Chen...

1.4AI score
Exploits0
MSRC
MSRC
added 2022/06/24 7:0 a.m.9 views

A Man of Action: Meet Callum Carney

Hidden Talents : He was a competitive swimmer for many years. Instrument of Choice : His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life : The Office, World War Z, The Matrix, Breaking Bad, The Thick of It...

1.8AI score
Exploits0
MSRC
MSRC
added 2022/05/13 7:0 a.m.9 views

Anatomy of a Security Update

The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provid...

6.9AI score
Exploits0
MSRC
MSRC
added 2022/04/21 7:0 a.m.9 views

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researche...

6.9AI score
Exploits0
MSRC
MSRC
added 2022/04/14 7:0 a.m.9 views

Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs

We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potentia...

0.8AI score
Exploits0
MSRC
MSRC
added 2022/03/01 8:0 a.m.9 views

ウクライナにおけるサイバー脅威アクティビティ: 分析とリソース

本ブログは、Cyber threat activity in Ukraine: analysis and resources – Microsoft Security Response Center の抄訳版です。最新の情報は原文を参照してください。 2022 年...

1.7AI score
Exploits0
MSRC
MSRC
added 2022/01/11 8:0 a.m.9 views

Coming Soon: New Security Update Guide Notification System

Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we have been working to make signing up for and receiving Security Update Guide notifications easier. We are...

0.8AI score
Exploits0
MSRC
MSRC
added 2022/01/11 8:0 a.m.9 views

Coming Soon: New Security Update Guide Notification System

Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we have been working to make signing up for and receiving Security Update Guide notifications easier. We are...

6.9AI score
Exploits0
MSRC
MSRC
added 2021/12/22 8:0 a.m.9 views

Azure App Service Linux source repository exposure

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...

1.9AI score
Exploits0
MSRC
MSRC
added 2021/11/21 8:0 a.m.9 views

セキュリティ更新プログラム リリース スケジュール (2022 年)

2022 年のセキュリティ更新プログラムの公開予定日は下記のとおりです。更新プログラムの評価、テスト、適用の...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/10/18 7:0 a.m.9 views

New High Impact Scenarios and Awards for the Azure Bounty Program

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...

6.8AI score
Exploits0
MSRC
MSRC
added 2021/10/13 7:0 a.m.9 views

Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program

Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope ...

7AI score
Exploits0
MSRC
MSRC
added 2021/08/04 7:0 a.m.9 views

Congratulations to the MSRC 2021 Most Valuable Security Researchers!

The MSRC Researcher Recognition Program offers public thanks and acknowledgement to the researchers who help protect customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuable Security...

1AI score
Exploits0
MSRC
MSRC
added 2021/07/29 7:0 a.m.9 views

Security Update Validation Program (SUVP) に関するよくあるお問い合わせ

本記事は「Security Update Validation Program: the early bird tests the worm」の日本語抄訳です。 Security Update Validation Program SUVP、セキュリテ...

1.5AI score
Exploits0
MSRC
MSRC
added 2021/07/13 7:0 a.m.9 views

2021 年 7 月のセキュリティ更新プログラム (月例)

2021 年 7 月 14 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/03/02 8:0 a.m.9 views

On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021

On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by applying the patches immediately to...

7.1AI score
Exploits0
MSRC
MSRC
added 2021/02/10 8:0 a.m.9 views

MSRC Security Researcher Recognition: 2021

Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different paths you can take to get into the top researcher tiers. The MSRC Most Valuable Security Researcher MVR and MSRC...

6.9AI score
Exploits0
MSRC
MSRC
added 2021/02/09 8:0 a.m.9 views

2021 年 2 月のセキュリティ更新プログラム (月例)

2021 年 2 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/01/14 8:0 a.m.9 views

Top MSRC 2020 Q4 Security Researchers – Congratulations!

We’re excited to announce the top contributing researchers for the 2020 Fourth Quarter Q4! Congratulations to all of the researchers who made this quarter’s leaderboard and a huge thank you to everyone who continues to help secure our customers and the ecosystem. The top three researchers of the...

6.9AI score
Exploits0
MSRC
MSRC
added 2020/12/31 8:0 a.m.9 views

Microsoft Internal Solorigate Investigation Update

As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Like other SolarWinds customers, we have been actively looking for indicators of the Solorigate actor and want ...

7.1AI score
Exploits0
MSRC
MSRC
added 2020/12/21 8:0 a.m.9 views

Nobelium Resource Center - updated March 4, 2021

UPDATE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. Microsoft previously used ‘Solorigate’ as the primary...

3.2AI score
Exploits0
Total number of security vulnerabilities1366