Source: https://msrc.microsoft.com/blog/2025/01/scaling-dynamic-application-security-testing-dast/ Introduction Microsoft engineering teams use the Security Development Lifecycle to ensure our products are built in alignment with Microsoft’s Secure Future Initiative security principles: Secure by Design, Secure by Default, … Read more

Source: https://msrc.microsoft.com/blog/2025/01/congratulations-to-the-top-msrc-2024-q4-security-researchers/ Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top … Read more

Source: https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/ Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new … Read more

Source: https://msrc.microsoft.com/blog/2024/11/securing-ai-and-cloud-with-the-zero-day-quest/ Our security teams work around the clock to help protect every person and organization on the planet from security threats. We also know that security is a team sport, and … Read more

Source: https://msrc.microsoft.com/blog/2024/11/toward-greater-transparency-publishing-machine-readable-csaf-files/ Welcome to the third installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we talk about our commitment to providing comprehensive vulnerability … Read more

Source: https://msrc.microsoft.com/blog/2024/10/congratulations-to-the-top-msrc-2024-q3-security-researchers/ Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top … Read more

Source: https://msrc.microsoft.com/blog/2024/10/announcing-the-bluehat-2024-sessions/ 34 sessions from 54 presenters representing 20 organizations! We are thrilled to reveal the lineup of speakers and presentations for the 23rd BlueHat Security Conference, in Redmond WA from Oct … Read more

Source: https://msrc.microsoft.com/blog/2024/08/announcing-bluehat-2024-call-for-papers-now-open/ The 23rd edition of Microsoft’s BlueHat security conference will be hosted by the Microsoft Security Response Center (MSRC) at the Redmond, WA corporate campus, October 29 and 30, 2024. BlueHat brings … Read more

Source: https://msrc.microsoft.com/blog/2024/08/congratulations-to-the-msrc-2024-most-valuable-security-researchers/ The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we … Read more

Source: https://msrc.microsoft.com/blog/2024/08/microsoft-bounty-program-year-in-review-16.6m-in-rewards/ We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership … Read more

Source: https://msrc.microsoft.com/blog/2024/07/introducing-the-msrc-researcher-resource-center/ Microsoft partners with the global security researcher community to surface and report security vulnerabilities to protect all users of Microsoft products and services. Researcher submissions help us address immediate threats … Read more

Source: https://msrc.microsoft.com/blog/2024/07/congratulations-to-the-top-msrc-2024-q2-security-researchers/ Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top … Read more

Source: https://msrc.microsoft.com/blog/2024/07/announcing-the-cvrf-api-3.0-upgrade/ At the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited … Read more

Source: https://msrc.microsoft.com/blog/2024/07/whats-new-in-the-msrc-report-abuse-portal-and-api/ The Microsoft Security Response Center (MSRC) has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we … Read more

Source: https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/ Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information … Read more

Source: https://msrc.microsoft.com/blog/2024/06/mitigating-ssrf-vulnerabilities-impacting-azure-machine-learning/ Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning (AML) service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, … Read more

Source: https://msrc.microsoft.com/blog/2024/06/improved-guidance-for-azure-network-service-tags/ Summary Microsoft Security Response Center (MSRC) was notified in January 2024 by our industry partner, Tenable Inc., about the potential for cross-tenant access to web resources using the service tags … Read more

Source: https://msrc.microsoft.com/blog/2024/04/congratulations-to-the-top-msrc-2024-q1-security-researchers/ Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top … Read more

Source: https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/ At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve … Read more