Category: Microsoft Security Response Center

The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this modern engineering marvel. Each day, approx. 100,000 vehicles travel over…

Read more →

Summary: Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery (ASR) and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect all ASR on-premises customers using a VMware/Physical to Azure scenario…

Read more →

Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control…

Read more →

Hidden Talents: He was a competitive swimmer for many years. Instrument of Choice: His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life: The Office, World…

Read more →

This article has been indexed from Microsoft Security Response Center On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. A remote code execution vulnerability exists when MSDT is called using the…

Read more →

This article has been indexed from Microsoft Security Response Center On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. A remote code execution vulnerability exists when MSDT is called using the…

Read more →

This article has been indexed from Microsoft Security Response Center In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release…

Read more →

This article has been indexed from Microsoft Security Response Center “The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking…

Read more →

This article has been indexed from Microsoft Security Response Center The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect…

Read more →

This article has been indexed from Microsoft Security Response Center Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to…

Read more →

This article has been indexed from Microsoft Security Response Center MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized…

Read more →

This article has been indexed from Microsoft Security Response Center Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for…

Read more →

This article has been indexed from Microsoft Security Response Center Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted…

Read more →

This article has been indexed from Microsoft Security Response Center Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization (KASLR) that increases the cost of exploitation, particularly for remote code execution exploits. Many kernel virtual address…

Read more →

This article has been indexed from Microsoft Security Response Center Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program.  Through this expanded program, we…

Read more →

This article has been indexed from Microsoft Security Response Center Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a…

Read more →

This article has been indexed from Microsoft Security Response Center The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One…

Read more →

This article has been indexed from Microsoft Security Response Center Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration…

Read more →

This article has been indexed from Microsoft Security Response Center On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identities tokens for authorization and an Azure Sandbox for job runtime…

Read more →

This article has been indexed from Microsoft Security Response Center UPDATE 02 MAR 2022: See Updated malware details and Microsoft security product detections below for additional insights and protections specific to the evolving threats we have identified impacting organizations with…

Read more →

This article has been indexed from Microsoft Security Response Center Microsoft has been monitoring escalating cyber activity in Ukraine and has published analysis on observed activity in order to give organizations the latest intelligence to guide investigations into potential attacks…

Read more →

This article has been indexed from Microsoft Security Response Center “There are few jobs where I can say, I make two billion people more secure on the internet every single day.” Childhood Look: Goth kid, all in black Current Look:…

Read more →

This article has been indexed from Microsoft Security Response Center Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers…

Read more →

This article has been indexed from Microsoft Security Response Center The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we…

Read more →

This article has been indexed from Microsoft Security Response Center Today, Arm announced the first silicon supporting the Morello prototype architecture, a research project led by Arm, Microsoft, University of Cambridge and others, is now available on a limited run…

Read more →

This article has been indexed from Microsoft Security Response Center Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we…

Read more →

This article has been indexed from Microsoft Security Response Center MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the…

Read more →

This article has been indexed from Microsoft Security Response Center “When you find the things I find, they really matter. They affect everybody’s security.” Currently streaming: The Expanse and Lost in Space on Netflix Currently listening to: Amorphis, Architects, and…

Read more →

This article has been indexed from Microsoft Security Response Center Published on: 2021 Dec 11 SUMMARY Microsoft is investigating the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9…

Read more →

This article has been indexed from Microsoft Security Response Center Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentials property of an Azure Active Directory (Azure…

Read more →

This article has been indexed from Microsoft Security Response Center After a short hiatus, BlueHat is coming back with a vengeance! And we’ve got big plans for the entire researcher community. But first, I must apologize. It’s been a while…

Read more →

This article has been indexed from Microsoft Security Response Center We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case…

Read more →

This article has been indexed from Microsoft Security Response Center Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased…

Read more →

This article has been indexed from Microsoft Security Response Center Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top…

Read more →

This article has been indexed from Microsoft Security Response Center Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover…

Read more →

This article has been indexed from Microsoft Security Response Center On September 14, 2021, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework:  CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively.  Open Management Infrastructure (OMI)…

Read more →

This article has been indexed from Microsoft Security Response Center Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI). Our investigation surfaced no unauthorized access to customer data. Out of an abundance of…

Read more →

This article has been indexed from Microsoft Security Response Center On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s…

Read more →

This article has been indexed from Microsoft Security Response Center Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security…

Read more →

This article has been indexed from Microsoft Security Response Center Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required…

Read more →

This article has been indexed from Microsoft Security Response Center The MSRC Researcher Recognition Program offers public thanks and acknowledgement to the researchers who help protect customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited…

Read more →

This article has been indexed from Microsoft Security Response Center The MSRC Researcher Recognition Program offers public thanks and acknowledgement to the researchers who help protect customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited…

Read more →

This article has been indexed from Microsoft Security Response Center We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to…

Read more →

This article has been indexed from Microsoft Security Response Center We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to…

Read more →

This article has been indexed from Microsoft Security Response Center We’re excited to announce the top contributing researchers for the 2021 Second Quarter (Q2)! Congratulations to all the researchers recognized in this quarter’s leaderboard and thank you to everyone who…

Read more →

This article has been indexed from Microsoft Security Response Center On Tuesday July 6, 2021, Microsoft issued CVE-2021-34527 regarding a Windows Print Spooler vulnerability. Updates were released on July 6 and 7 which addressed the vulnerability for all supported Windows…

Read more →

This article has been indexed from Microsoft Security Response Center Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. Bug bounty programs are one part of this partnership. By discovering…

Read more →

This article has been indexed from Microsoft Security Response Center Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, which is being discussed externally as PrintNightmare. This is a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your…

Read more →

This article has been indexed from Microsoft Security Response Center The Microsoft Threat Intelligence Center is tracking new activity from the NOBELIUM threat actor. Our investigation into the methods and tactics being used continues, but we have seen password spray and brute-force attacks and want to…

Read more →

This article has been indexed from Microsoft Security Response Center The security landscape continues to rapidly evolve as threat actors find new and innovative methods to gain access to environments across a wide range of vectors. As the industry moves…

Read more →

Read the original article: “BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of…

Read more →

Read the original article: Congratulating Our Top MSRC 2021 Q1 Security Researchers! We’re excited to announce the top contributing researchers for the 2021 First Quarter (Q1)! Congratulations to all the researchers recognized in this quarter’s leaderboard and thank you to…

Read more →

Read the original article: April 2021 Update Tuesday packages now available Today is Update Tuesday – our commitment to provide a predictable monthly schedule to release updates and provide the latest protection to our customers. Update Tuesday is a monthly…

Read more →

Read the original article: Introducing Bounty Awards for Teams Desktop Client Security Research Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to…

Read more →

Read the original article: Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065. Microsoft will continue…

Read more →

Read the original article: Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065. Microsoft will continue…

Read more →

Read the original article: One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021 We have been actively working with customers through our customer support teams, third-party hosters, and partner network to help them secure their environments and respond to associated…

Read more →

Read the original article: Microsoft Exchange Server Vulnerabilities Mitigations – updated March 6, 2021 Microsoft previously blogged our strong recommendation that customers upgrade their on-premises Exchange environments to the latest supported version. For customers that are not able to quickly…

Read more →

Read the original article: Microsoft Exchange Server Vulnerabilities Mitigations – March 2021 Microsoft previously blogged our strong recommendation that customers upgrade their on-premises Exchange environments to the latest supported version. For customers that are not able to quickly apply updates,…

Read more →

Read the original article: A new experience for reporting copyright or trademark infringement on Microsoft Services The Notice of Copyright or Trademark Infringement Portal has helped protect Microsoft’s users and customers from intellectual property infringement across online services like Microsoft…

Read more →

Read the original article: Multiple Security Updates Released for Exchange Server Today we are releasing several security updates for Microsoft Exchange Server to address vulnerabilities that have been used in limited targeted attacks.  Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems…

Read more →

Read the original article: Microsoft Internal Solorigate Investigation – Final Update We believe the Solorigate incident is an opportunity to work with the community, to share information, strengthen defenses and respond to attacks. We have now completed our internal investigation…

Read more →

Read the original article: MSRC Security Researcher Recognition: 2021 Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different…

Read more →

Read the original article: Continuing to Listen: Good News about the Security Update Guide API! Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF…

Read more →

Read the original article: Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to…

Read more →

Read the original article: New and Improved Report Abuse Portal and API! The Report Abuse (CERT) Portal and Report Abuse API have played a significant role in MSRC’s response to suspected cyberattacks, privacy issues, and abuse originating from Microsoft Online Services. With the contributions from our wonderful community of reporters,…

Read more →

Read the original article: New and Improved Report Abuse Portal and API! The Report Abuse (CERT) Portal and Report Abuse API have played a significant role in MSRC’s response to suspected cyberattacks, privacy issues, and abuse originating from Microsoft Online Services. With the contributions from our wonderful community of reporters,…

Read more →

Read the original article: Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020.  We are reminding our customers that…

Read more →

Read the original article: Top MSRC 2020 Q4 Security Researchers – Congratulations! We’re excited to announce the top contributing researchers for the 2020 Fourth Quarter (Q4)! Congratulations to all of the researchers who made this quarter’s leaderboard and a huge…

Read more →

Read the original article: Security Update Guide Supports CVEs Assigned by Industry Partners Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA.  First let me back up…

Read more →

Read the original article: Building Faster AMD64 Memset Routines Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most…

Read more →

Read the original article: Microsoft Internal Solorigate Investigation Update As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Like…

Read more →

Read the original article: Solorigate Resource Center – updated December 22nd, 2020 Alongside our industry partners and the security community, Microsoft continues to investigate the extent of the recent nation-state attack on SolarWinds. Our goal is to provide the latest threat intelligence, Indicators of Compromise (IOC)s, and guidance across our products and solutions…

Read more →

Read the original article: December 21st, 2020 – Solorigate Resource Center Alongside our industry partners and the security community, Microsoft continues to investigate the extent of the recent nation-state attack on SolarWinds. Our goal is to provide the latest threat intelligence, Indicators of Compromise (IOC)s, and guidance across our products and solutions to…

Read more →

Read the original article: Customer Guidance on Recent Nation-State Cyber Attacks This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community…

Read more →

Read the original article: Customer Guidance on Recent Nation-State Cyber Attacks This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community…

Read more →

Read the original article: Security Update Guide: Let’s keep the conversation going Hi Folks,   We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have…

Read more →

Read the original article: Security Update Guide: Let’s keep the conversation going Hi Folks,   We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have…

Read more →

Read the original article: Vulnerability Descriptions in the New Version of the Security Update Guide With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with…

Read more →

Read the original article: Attacks exploiting Netlogon vulnerability (CVE-2020-1472) Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August…

Read more →

Read the original article: Announcing the Top MSRC 2020 Q3 Security Researchers Following the MSRC’s 2020 Most Valuable Security Researchers announced during this year’s Black Hat, we’re excited to announce the top contributing researchers for the 2020 Third Quarter (Q3)!…

Read more →

Read the original article: Security Analysis of CHERI ISA Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI (Capability Hardware Enhanced…

Read more →

Read the original article: Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand…

Read more →

Read the original article: Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand…

Read more →

Read the original article: New and improved Security Update Guide! We’re excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive…

Read more →

Read the original article: What to Expect When Reporting Vulnerabilities to Microsoft At the Microsoft Security Response Center’s (MSRC), our primary mission is to help protect our customers. One of the ways we do this is by working with security…

Read more →

Read the original article: Control Flow Guard for Clang/LLVM and Rust As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard (CFG) support is now available in the Clang C/C++ compiler…

Read more →

Read the original article: Congratulations to the MSRC’s 2020 Most Valuable Security Researchers Today we announce our Most Valuable Security Researchers for 2020! The MSRC Researcher Recognition program is an integral aspect of recognizing the ongoing partnerships with our community…

Read more →

Read the original article: Congratulations to the MSRC’s 2020 Most Valuable Security Researchers Today we announce our Most Valuable Security Researchers for 2020! The MSRC Researcher Recognition program is an integral aspect of recognizing the ongoing partnerships with our community…

Read more →

Read the original article: Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering…

Read more →

Read the original article: Microsoft Joins Open Source Security Foundation Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source…

Read more →

Read the original article: Black Hat 2020: See you in the Cloud! It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the…

Read more →

Read the original article: Updates to the Windows Insider Preview Bounty Program Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to…

Read more →

Read the original article: Top MSRC 2020 Q2 Security Researchers Announced – Congratulations! We are excited to announce the top contributing researchers for the 2020 Second Quarter (Q2)! Congratulations to all the researchers who continue to rock the leaderboard, and…

Read more →

Read the original article: Top MSRC 2020 Q2 Security Researchers Announced – Congratulations! We are excited to announce the top contributing researchers for the 2020 Second Quarter (Q2)! Congratulations to all the researchers who continue to rock the leaderboard, and…

Read more →

Read the original article: July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS…

Read more →

Read the original article: Solving Uninitialized Kernel Pool Memory on Windows This blog post outlines the work that Microsoft is doing to eliminate uninitialized kernel pool memory vulnerabilities from Windows and why we’re on this path. For a background on…

Read more →

Read the original article: Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack Machine learning (ML) is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine…

Read more →

Read the original article: Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack Machine learning (ML) is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine…

Read more →

Read the original article: Solving Uninitialized Stack Memory on Windows This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path. This blog post will be broken…

Read more →