Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2013/08/13 7:0 a.m.9 views

Cryptographic Improvements in Microsoft Windows

You might remember that in June 2013 we released Security Advisory 2854544 announcing additional options for enterprise customers to manage their digital certificate handling configuration on the Windows platform. The particular functionality announced in Security Advisory 2854544 was first built...

7AI score
Exploits0
MSRC
MSRC
added 2013/07/17 7:0 a.m.9 views

Attention Bounty Hunters – The Ramp Up to Black Hat

We’re three weeks into our new world of bounties for Microsoft products now, and as the clock ticks down on one program, we’re prepping for some live excitement with one of the others. First, the Internet Explorer 11 Preview Bounty is entering its final 10 days; the bounty period for that program...

7AI score
Exploits0
MSRC
MSRC
added 2013/07/12 7:0 a.m.9 views

July 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the July 2013 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 10 questions covering all updates. All questions are included on the Q&A page. We invite our customers to join us for the next scheduled webcast on Wednesday, August 14th at 11...

7AI score
Exploits0
MSRC
MSRC
added 2013/07/10 7:0 a.m.9 views

Filling A Gap In the Vulnerability Market – First Bounty Notification

When Microsoft decided to offer not one but three new bounties, paying outside researchers directly for security research on some of our latest products, we put a lot of thought into developing those bounty programs. We developed a customized set of programs designed to create a win-win between t...

7AI score
Exploits0
MSRC
MSRC
added 2013/07/10 7:0 a.m.9 views

Running in the wild, not for so long

Over the weekend we received a report from our partners about a possible unpatched Internet Explorer vulnerability being exploited in the wild. The exploit code uses a memory corruption bug triggered from a webpage but it deeply leverages a Flash SWF file in order to achieve reliable exploitation...

7.5AI score
Exploits0
MSRC
MSRC
added 2013/06/11 7:0 a.m.9 views

Improved cryptography infrastructure and the June 2013 bulletins

It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year- and I’ve dealt with some interesting issues during my tenure - but our goal o...

6.8AI score
Exploits0
MSRC
MSRC
added 2013/06/06 7:0 a.m.9 views

Advanced Notification Service for the June 2013 Security Bulletin Release

Today we’re providing Advance Notification of five bulletins for release on Tuesday, June 11, 2013. This release brings one Critical- and four Important-class bulletins. The Critical-rated bulletin addresses issues in Internet Explorer, and the Important-rated bulletins address issues in Microsof...

7AI score
Exploits0
MSRC
MSRC
added 2026/03/04 12:0 a.m.8 views

The research never stops: Zhiniang Peng’s security research story

Some security researchers discover hacking early. Others discover it accidentally. For Zhiniang Peng, it started with curiosity and cybersecurity magazines...

5.9AI score
Exploits0
MSRC
MSRC
added 2026/02/09 12:0 a.m.8 views

How Asem Eleraky went from a shared family PC to finding critical vulnerabilities

In the world of vulnerability research, origin stories are rarely linear. For Asem Eleraky, the path to becoming a Microsoft MVR began not in a SOC lab or a university classroom, but with a single family PC and a short daily window to explore his growing interest in cybersecurity...

5.5AI score
Exploits0
MSRC
MSRC
added 2026/02/09 12:0 a.m.8 views

Fixing the script: Journey to reduce XSS exposure

Cross‑site scripting XSS remains one of the most frequently reported web vulnerabilities—not because developers are unaware of it, but because many deployed mitigations address symptoms rather than root causes. Across vulnerability reports and incident response investigations, both within Microso...

5.5AI score
Exploits0
MSRC
MSRC
added 2025/01/21 8:0 a.m.8 views

Scaling Dynamic Application Security Testing (DAST)

Introduction Microsoft engineering teams use the Security Development Lifecycle to ensure our products are built in alignment with Microsoft’s Secure Future Initiative security principles: Secure by Design, Secure by Default, and Secure Operations. A key component of the Security Development...

7.4AI score
Exploits0
MSRC
MSRC
added 2023/05/17 7:0 a.m.8 views

Announcing The BlueHat Podcast: Listen and Subscribe Now!

Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference session recordings available to watch here. Since 2005, BlueHat has been where the security research community, an...

6.9AI score
Exploits0
MSRC
MSRC
added 2023/01/26 8:0 a.m.8 views

Congratulations to the Top MSRC 2022 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q4 Security Researcher Leaderboard are:...

6.8AI score
Exploits0
MSRC
MSRC
added 2022/12/29 8:0 a.m.8 views

Security Update Guide Improvement – Representing Hotpatch Updates

Today we are updating the way Microsoft Security Update Guide SUG represents the Windows Hotpatch feature to make it easier for users to identify the hotpatch and security updates. Hotpatching was introduced a year ago as a new way to install updates on supported Windows Server Azure Edition...

6.8AI score
Exploits0
MSRC
MSRC
added 2022/10/31 7:0 a.m.8 views

Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People

As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology...

6.9AI score
Exploits0
MSRC
MSRC
added 2022/10/19 7:0 a.m.8 views

Investigation Regarding Misconfigured Microsoft Storage Location

October 28, 2022 update: Added a Customer FAQ section. Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data correspondi...

7.3AI score
Exploits0
MSRC
MSRC
added 2022/07/12 7:0 a.m.8 views

Microsoft Mitigates Azure Site Recovery Vulnerabilities

Summary Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery ASR and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect all ASR on-premises customers using a VMware/Physical to Azure scenario and are fixed in the latest...

7.4AI score
Exploits0
MSRC
MSRC
added 2022/06/24 7:0 a.m.8 views

A Man of Action: Meet Callum Carney

Hidden Talents : He was a competitive swimmer for many years. Instrument of Choice : His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life : The Office, World War Z, The Matrix, Breaking Bad, The Thick of It...

7AI score
Exploits0
MSRC
MSRC
added 2022/05/23 7:0 a.m.8 views

New Research Paper: Pre-hijacking Attacks on Web User Accounts

In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researche...

7AI score
Exploits0
MSRC
MSRC
added 2022/04/05 7:0 a.m.8 views

On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program

Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program. Through this expanded program, we encourage researchers to discover and report high-impact security...

7.1AI score
Exploits0
MSRC
MSRC
added 2022/03/07 8:0 a.m.8 views

Disclosure of Vulnerability in Azure Automation Managed Identity Tokens

On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identitiestokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens...

7AI score
Exploits0
MSRC
MSRC
added 2022/02/28 8:0 a.m.8 views

Cyber threat activity in Ukraine: analysis and resources

UPDATE 27 Apr 2022: See Updated malware details and Microsoft security product detections below as discussed in the Special Report: Ukraine. UPDATE 02 MAR 2022: See Updated malware details and Microsoft security product detections below for additional insights and protections specific to the...

1.1AI score
Exploits0
MSRC
MSRC
added 2022/01/20 8:0 a.m.8 views

An Armful of CHERIs

Today, Arm announced that the first silicon supporting the Morello prototype architecture, a research project led by Arm, Microsoft, University of Cambridge and others, is now available on a limited run of demonstration boards, which are being shipped from today to industry partners for testing...

2.9AI score
Exploits0
MSRC
MSRC
added 2021/12/22 8:0 a.m.8 views

Azure App Service Linux source repository exposure

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...

6.5AI score
Exploits0
MSRC
MSRC
added 2021/10/25 7:0 a.m.8 views

We’re Excited to Announce the Launch of Comms Hub!

We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs case managers, attach additional files, track case and bug bounty status all in the Researcher...

6.9AI score
Exploits0
MSRC
MSRC
added 2021/10/12 7:0 a.m.8 views

2021 年 10 月のセキュリティ更新プログラム (月例)

2021 年 10 月 13 日 日本時間、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/09/08 7:0 a.m.8 views

Coordinated disclosure of vulnerability in Azure Container Instances Service

Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances ACI that could potentially allow a user to access other customers’ information in the ACI service. Our investigation surfaced no unauthorized access to customer data. Out of an abundanc...

3AI score
Exploits0
MSRC
MSRC
added 2021/07/15 7:0 a.m.8 views

Announcing the Top MSRC 2021 Q2 Security Researchers - Congratulations!

We’re excited to announce the top contributing researchers for the 2021 Second Quarter Q2! Congratulations to all the researchers recognized in this quarter’s leaderboard and thank you to everyone who continues to help secure our customers and the...

7AI score
Exploits0
MSRC
MSRC
added 2021/07/08 7:0 a.m.8 views

Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards

Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. Bug bounty programs are one part of this partnership. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure...

0.7AI score
Exploits0
MSRC
MSRC
added 2021/06/25 7:0 a.m.8 views

New Nobelium activity

The Microsoft Threat Intelligence Center is tracking new activity from the NOBELIUM threat actor. Our investigation into the methods and tactics being used continues, but we have seen password spray and brute-force attacks and want to share some details to help our customers and communities prote...

1.7AI score
Exploits0
MSRC
MSRC
added 2021/03/24 7:0 a.m.8 views

Introducing Bounty Awards for Teams Desktop Client Security Research

Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate...

6.9AI score
Exploits0
MSRC
MSRC
added 2021/03/21 7:0 a.m.8 views

サイバーセキュリティ月間期間の取り組みのおさらい

3 月 18 日に今年のサイバーセキュリティ月間が終わりました。この期間中、日本セキュリティチームは、Mic...

0.3AI score
Exploits0
MSRC
MSRC
added 2021/03/16 7:0 a.m.8 views

オンプレミス Exchange 緩和ツール (ワンクリックの緩和ツール)

「One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021」の日本語抄訳です。 最近のオンプレミスの Exchange Server を狙った攻撃に...

1.1AI score
Exploits0
MSRC
MSRC
added 2021/03/05 8:0 a.m.8 views

Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021

Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously blogged our strong recommendation that customers...

6.9AI score
Exploits0
MSRC
MSRC
added 2021/03/03 8:0 a.m.8 views

A new experience for reporting copyright or trademark infringement on Microsoft Services

The Notice of Copyright or Trademark Infringement Portal has helped protect Microsoft's users and customers from intellectual property infringement across online services like Microsoft Azure, Office, Outlook, Skype, Stream, Microsoft News, Sway, Hotmail, NuGet, and Yammer. Microsoft's response t...

7.2AI score
Exploits0
MSRC
MSRC
added 2021/03/02 8:0 a.m.8 views

Exchange Server のセキュリティ更新プログラムの公開 (定例外)

2021 年 3 月 3 日 日本時間、マイクロソフトは限定的な標的型攻撃に使われた Exchange の脆弱性に対するセキュリティ...

0.5AI score
Exploits0
MSRC
MSRC
added 2021/02/18 8:0 a.m.8 views

Microsoft Internal Solorigate Investigation - Final Update

We believe the Solorigate incident is an opportunity to work with the community, to share information, strengthen defenses and respond to attacks. We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidenc...

7AI score
Exploits0
MSRC
MSRC
added 2021/01/13 8:0 a.m.8 views

Security Update Guide Supports CVEs Assigned by Industry Partners

Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA. First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a cybersecurity vulnerability. The CVE program was...

6.7AI score
Exploits0
MSRC
MSRC
added 2020/12/21 8:0 a.m.8 views

Nobelium Resource Center - updated March 4, 2021

UPDATE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. Microsoft previously used ‘Solorigate’ as the primary...

3.2AI score
Exploits0
MSRC
MSRC
added 2020/12/08 8:0 a.m.8 views

Security Update Guide: Let's keep the conversation going

Hi Folks, We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able...

1.8AI score
Exploits0
MSRC
MSRC
added 2020/11/10 8:0 a.m.8 views

2020 年 11 月のセキュリティ更新プログラム (月例)

2020 年 11 月 11 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/10/15 7:0 a.m.8 views

Announcing the Top MSRC 2020 Q3 Security Researchers

Following the MSRC’s 2020 Most Valuable Security Researchers announced during this year’s Black Hat, we’re excited to announce the top contributing researchers for the 2020 Third Quarter Q3! The top three researchers of the 2020 Q3...

2.5AI score
Exploits0
MSRC
MSRC
added 2020/10/06 7:0 a.m.8 views

Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community

The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. During the three-month Azure Sphere Security Research Challenge, researchers...

6.9AI score
Exploits0
MSRC
MSRC
added 2020/08/05 7:0 a.m.8 views

Congratulations to the MSRC’s 2020 Most Valuable Security Researchers

Today we announce our Most Valuable Security Researchers for 2020! The MSRC Researcher Recognition program is an integral aspect of recognizing the ongoing partnerships with our community of talented security researchers who report through Coordinated Vulnerability Disclosure CVD. These...

7AI score
Exploits0
MSRC
MSRC
added 2020/07/30 7:0 a.m.8 views

Black Hat 2020: See you in the Cloud!

It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the chance to catch up with security researchers, industry partners, and customers in person, an opportunity we look forward to every year. We’ll sti...

7AI score
Exploits0
MSRC
MSRC
added 2020/07/30 7:0 a.m.8 views

Black Hat 2020: See you in the Cloud!

It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the chance to catch up with security researchers, industry partners, and customers in person, an opportunity we look forward to every year. We’ll sti...

0.6AI score
Exploits0
MSRC
MSRC
added 2020/07/06 7:0 a.m.8 views

Security Update Validation Program (SUVP) のご紹介

本記事は、What is the Security Update Validation Program? の日本語抄訳です。 Security Update Validation Program は、マイクロソフトが毎月第二火曜 米国時間...

1.6AI score
Exploits0
MSRC
MSRC
added 2020/07/02 7:0 a.m.8 views

Solving Uninitialized Kernel Pool Memory on Windows

This blog post outlines the work that Microsoft is doing to eliminate uninitialized kernel pool memory vulnerabilities from Windows and why we’re on this path. For a background on why uninitialized memory matters and what options have been used in the past to tackle this issue, please see our...

6.9AI score
Exploits0
MSRC
MSRC
added 2020/02/11 8:0 a.m.8 views

February 2020 security updates are available

We have released the February security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...

3.3AI score
Exploits0
MSRC
MSRC
added 2020/01/22 8:0 a.m.8 views

Access Misconfiguration for Customer Support Database

Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be...

6.7AI score
Exploits0
Total number of security vulnerabilities1366