Lucene search
K
MsrcMost viewed

1366 matches found

MSRC
MSRC
added 2013/10/13 7:0 a.m.7 views

October 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the October 2013 Security Bulletin Webcast Questions & Answers page. We fielded 11 questions during the webcast, with specific bulletin questions focusing primarily on the SharePoint MS13-084 and Kernel-Mode Drivers MS13-081 bulletins. There was one additional question that...

7.2AI score
Exploits0
MSRC
MSRC
added 2013/09/05 7:0 a.m.7 views

Advance Notification Service for September 2013 Security Bulletin Release

In celebration of kids heading back to school, today we’re providing advance notification for the release of 14 bulletins, four Critical and 10 Important, for September 2013. The Critical updates address issues in Internet Explorer, Outlook, SharePoint and Windows. As always, we’ve scheduled the...

7AI score
Exploits0
MSRC
MSRC
added 2013/07/29 7:0 a.m.7 views

Announcing the 2013 MSRC Progress Report featuring MAPP expansions

Over the years, our customers have come to expect a certain regularity and transparency in both our security updates and the guidance that goes with them. One regular piece of communication about our work is a yearly progress report, which provides a look into the program updates and bulletin...

6.8AI score
Exploits0
MSRC
MSRC
added 2013/06/19 7:0 a.m.7 views

New Bounty Program Details

Today we announced the upcoming Mitigation Bypass Bounty, the BlueHat Bonus for Defense, and the Internet Explorer 11 Preview Bug Bounty program. It’s very exciting to finally take the wraps off of these initiatives and we are anticipating some great submissions from the security research...

7AI score
Exploits0
MSRC
MSRC
added 2025/12/09 12:0 a.m.6 views

How Brad Schlintz built a life of freedom and impact through security research

At Microsoft Security Response Center MSRC, we celebrate the diverse paths that bring researchers to our community. Brad Schlintz’s story is one of curiosity, resilience, and a relentless drive to learn, spanning rural beginnings, career pivots, and a life shaped by both technology and travel. In...

6.9AI score
Exploits0
MSRC
MSRC
added 2025/11/18 12:0 a.m.6 views

Weaponizing cross site scripting: When one bug isn’t enough

Cross-Site Scripting XSS is often underestimated as a minor vulnerability. In reality, XSS can open the door to more severe attacks when combined with other vulnerabilities...

6.1AI score
Exploits0
MSRC
MSRC
added 2025/10/22 12:0 a.m.6 views

Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond

Microsoft is now publishing standard attestations about third-party CVEs through the Vulnerability Exploitability eXchange VEX standard including vulnerabilities in embedded open-source software in Microsoft products and services and starting with the Azure Linux Distribution formerly CBL-Mariner...

6.9AI score
Exploits0
MSRC
MSRC
added 2025/04/21 7:0 a.m.6 views

Zero Day Quest 2025: $1.6 million awarded for vulnerability research

This month, the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact securit...

7.3AI score
Exploits0
MSRC
MSRC
added 2022/11/16 8:0 a.m.6 views

Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning ML systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security...

7AI score
Exploits0
MSRC
MSRC
added 2022/10/13 7:0 a.m.6 views

BlueHat 2023 Call for Papers is Now Open!

For nearly 20 years, BlueHat has been where the security research community, and Microsoft security professionals come together as peers, to share, debate, challenge, learn, and exchange ideas in the interest of creating a safer and more secure world for all. We are extremely excited to announce...

6.8AI score
Exploits0
MSRC
MSRC
added 2022/09/20 7:0 a.m.6 views

Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance

Summary Summary Today, Microsoft released new versions of the Azure Key Vault libraries and Azure Identity libraries as part of the Azure Software Development Kit SDK that includes defense-in-depth feature improvements. We also published best practice guidance to help protect applications and...

1.6AI score
Exploits0
MSRC
MSRC
added 2022/09/12 7:0 a.m.6 views

好奇心旺盛、革新的、創造的、コミュニティ主導型:Cyb3rWard0g、ロベルトロドリケスに会う

本ブログは、Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez の抄訳版です。最新の情報は原文を参照してください。 大きく...

2.1AI score
Exploits0
MSRC
MSRC
added 2022/08/11 7:0 a.m.6 views

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the...

7AI score
Exploits0
MSRC
MSRC
added 2022/08/09 7:0 a.m.6 views

Security Update Guide Notification System News: Create your profile now

Sharing information through the Security Update Guide SUG is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers to receive email notifications about new Microsoft product...

6.7AI score
Exploits0
MSRC
MSRC
added 2022/08/08 7:0 a.m.6 views

Microsoft Office to publish symbols starting August 2022

We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve security and performance for customers and partners. Key...

7.3AI score
Exploits0
MSRC
MSRC
added 2022/07/28 7:0 a.m.6 views

Anatomy of a Cloud-Service Security Update

Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update is ensuring customers apply the protections promptly. We recently discussed the work that goes...

7.1AI score
Exploits0
MSRC
MSRC
added 2022/05/16 7:0 a.m.6 views

セキュリティ更新プログラムのアナトミー

本ブログは、Anatomy of a Security Update の抄訳版です。最新の情報は原文を参照してください。 マイクロソフト セ...

1.1AI score
Exploits0
MSRC
MSRC
added 2022/04/07 7:0 a.m.6 views

オンプレミスサーバー製品追加! アプリケーションとオンプレミス サーバーのバグ報奨金プログラムの紹介

本ブログは、On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program の抄訳版です。最新の情報は原文を参照して...

3.5AI score
Exploits0
MSRC
MSRC
added 2022/02/11 8:0 a.m.6 views

Researcher Spotlight: Cyber Viking Nate Warfield is Here to Help

“There are few jobs where I can say, I make two billion people more secure on the internet every single day.” Childhood Look: Goth kid, all in black Current Look: Cyber Viking Childhood hobby: Head banging to Metallica, Marilyn Manson, and Guns N’ Roses Current hobby: n0x08 DJ’s Live events aroun...

0.3AI score
Exploits0
MSRC
MSRC
added 2022/01/20 8:0 a.m.6 views

An Armful of CHERIs

Today, Arm announced that the first silicon supporting the Morello prototype architecture, a research project led by Arm, Microsoft, University of Cambridge and others, is now available on a limited run of demonstration boards, which are being shipped from today to industry partners for testing...

6.9AI score
Exploits0
MSRC
MSRC
added 2021/07/19 7:0 a.m.6 views

Introducing Bounty Awards for Teams Mobile Applications Security Research

We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to seek out and disclose any high impact security vulnerabilities they may find in Teams mobile...

7AI score
Exploits0
MSRC
MSRC
added 2021/06/25 7:0 a.m.6 views

Investigating and Mitigating Malicious Drivers

The security landscape continues to rapidly evolve as threat actors find new and innovative methods to gain access to environments across a wide range of vectors. As the industry moves closer to the adoption of a Zero Trust security posture with broad and layered defenses, we remain committed to...

7.2AI score
Exploits0
MSRC
MSRC
added 2021/06/25 7:0 a.m.6 views

New Nobelium activity

The Microsoft Threat Intelligence Center is tracking new activity from the NOBELIUM threat actor. Our investigation into the methods and tactics being used continues, but we have seen password spray and brute-force attacks and want to share some details to help our customers and communities prote...

7.1AI score
Exploits0
MSRC
MSRC
added 2021/02/01 8:0 a.m.6 views

New and Improved Report Abuse Portal and API!

The Report Abuse CERT Portal and Report Abuse API have played a significant role in MSRC’s response to suspected cyberattacks, privacy issues, and abuse originating from Microsoft Online Services. With the contributions from our wonderful community of reporters, we continue to gain insightful...

2.7AI score
Exploits0
MSRC
MSRC
added 2021/01/13 8:0 a.m.6 views

Security Update Guide Supports CVEs Assigned by Industry Partners

Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA. First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a cybersecurity vulnerability. The CVE program was...

1.8AI score
Exploits0
MSRC
MSRC
added 2020/12/21 8:0 a.m.6 views

Nobelium Resource Center - updated March 4, 2021

UPDATE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. Microsoft previously used ‘Solorigate’ as the primary...

7AI score
Exploits0
MSRC
MSRC
added 2020/12/14 8:0 a.m.6 views

Customer Guidance on Recent Nation-State Cyber Attacks

Note: we are updating as the investigation continues. Revision history listed at the bottom. This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activit...

6.9AI score
Exploits0
MSRC
MSRC
added 2020/12/08 8:0 a.m.6 views

2020 年 12 月のセキュリティ更新プログラム (月例)

2020 年 12 月 9 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/11/09 8:0 a.m.6 views

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

6.9AI score
Exploits0
MSRC
MSRC
added 2020/09/08 7:0 a.m.6 views

2020 年 9 月のセキュリティ更新プログラム (月例)

2020 年 9 月 9 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新情報を公開しました。 Microsoft...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/08/03 7:0 a.m.6 views

より安全な TLS 設定を利用しましょう

データを暗号化し安全にやり取りを行う Transport Layer Security TLS。本ブログでも、過去に何度かお知らせしてきたよう...

1.1AI score
Exploits0
MSRC
MSRC
added 2020/07/02 7:0 a.m.6 views

Solving Uninitialized Kernel Pool Memory on Windows

This blog post outlines the work that Microsoft is doing to eliminate uninitialized kernel pool memory vulnerabilities from Windows and why we’re on this path. For a background on why uninitialized memory matters and what options have been used in the past to tackle this issue, please see our...

4.6AI score
Exploits0
MSRC
MSRC
added 2020/01/30 8:0 a.m.6 views

Announcing the Xbox Bounty program

We are pleased to announce the launch of the Xbox Bounty program today. The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through...

6.9AI score
Exploits0
MSRC
MSRC
added 2020/01/14 8:0 a.m.6 views

January 2020 security updates are available!

We have released the January security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

3.7AI score
Exploits0
MSRC
MSRC
added 2019/11/20 8:0 a.m.6 views

Customer Guidance for the Dopplepaymer Ransomware

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymerransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP BlueKeep, as ways in which this malware spreads. Our security research teams have investigated and...

6.8AI score
Exploits0
MSRC
MSRC
added 2019/11/13 8:0 a.m.6 views

BlueHat Seattle videos are online!

Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone...

7.1AI score
Exploits0
MSRC
MSRC
added 2019/11/12 8:0 a.m.6 views

November 2019 security updates are available!

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

6.7AI score
Exploits0
MSRC
MSRC
added 2019/11/12 8:0 a.m.6 views

November 2019 security updates are available!

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

3.8AI score
Exploits0
MSRC
MSRC
added 2019/10/24 7:0 a.m.6 views

Welcome to the second stage of BlueHat!

We’ve finished two incredible days of security trainings at the Living Computer Museum in Seattle. Now it’s time for the second part of BlueHat: the briefings at ShowBox SoDo. We’ve got a big day planned, so head on down. Please join us for breakfast we have doughnuts! and bacon! and cereal!...

0.6AI score
Exploits0
MSRC
MSRC
added 2019/09/23 7:0 a.m.6 views

MSRC is going to ROOTCON!

The Microsoft Security Response Center MSRC works with partners all over the world to protect Microsoft customers. This week we’re headed to the Philippines to meet security researchers and bounty hunters at ROOTCON 13! Planning on attending ROOTCON? If you want to learn more about how you can ea...

1.4AI score
Exploits0
MSRC
MSRC
added 2019/08/20 7:0 a.m.6 views

Announcing the Microsoft Edge Insider Bounty

This week, we released the first Beta preview of the next version of Microsoft Edge. Alongside this, Microsoft is excited to announce the launch of the Microsoft Edge Insider Bounty Program. We welcome researchers to seek out and disclose any high impact vulnerabilities they may find in the next...

7AI score
Exploits0
MSRC
MSRC
added 2019/08/07 7:0 a.m.6 views

Announcing 2019 MSRC Most Valuable Security Researchers

Earlier today we announced MSRC’s 2018-2019 Most Valuable Security Researchers at Black Hat. The following 75 researchers hail from all corners of the world and possess varied experience and skills, yet all of them have contributed to securing the Microsoft’s customers and the broader ecosystem...

1.1AI score
Exploits0
MSRC
MSRC
added 2019/08/05 7:0 a.m.6 views

Azure Security Lab: a new space for Azure research and collaboration

Azure is exceptionally secure. To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000. But we aren’t stopping there. To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented...

7AI score
Exploits0
MSRC
MSRC
added 2019/08/05 7:0 a.m.6 views

Corporate IoT - a path to intrusion

Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable,...

3.2AI score
Exploits0
MSRC
MSRC
added 2019/06/11 7:0 a.m.6 views

2019 年 6 月のセキュリティ更新プログラム (月例)

2019 年 6 月 12 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/04/09 7:0 a.m.6 views

2019 年 4 月のセキュリティ更新プログラム (月例)

2019 年 4 月 10 日 日本時間、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しまし...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/04/02 7:0 a.m.6 views

Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards

In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...

0.3AI score
Exploits0
MSRC
MSRC
added 2019/03/19 7:0 a.m.6 views

Vulnerability hunting with Semmle QL, part 2

The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center MSRC are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware...

6.9AI score
Exploits0
MSRC
MSRC
added 2018/09/07 7:0 a.m.6 views

Inside MSRC: Sharing Our Story & Customer Tips

For the last 20 years, the Microsoft Security Response Center has been an integral part of Microsoft’s commitment to customer security. We are often called on to talk about the work we do and how customers can apply the lessons we have learned over that period to better their security posture...

1.9AI score
Exploits0
MSRC
MSRC
added 2018/08/14 7:0 a.m.6 views

August 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

6.7AI score
Exploits0
Total number of security vulnerabilities1366