Microsoft

October 2019 security updates are available!

Source: https://msrc.microsoft.com/blog/2019/10/october-2019-security-updates-are-available/ We have released the October security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this … Read more

Building the Azure IoT Edge Security Daemon in Rust

Source: https://msrc.microsoft.com/blog/2019/09/building-the-azure-iot-edge-security-daemon-in-rust/ Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to … Read more

MSRC is going to ROOTCON!

Source: https://msrc.microsoft.com/blog/2019/09/msrc-is-going-to-rootcon/ The Microsoft Security Response Center (MSRC) works with partners all over the world to protect Microsoft customers. This week we’re headed to the Philippines to meet security researchers and bounty … Read more

Meet the BlueHat Content Advisory Board

Source: https://msrc.microsoft.com/blog/2019/09/meet-the-bluehat-content-advisory-board/ We couldn’t do BlueHat without the Content Advisory Board, the brain trust reviewing submissions to the CFP. Representing both Microsoft and other parts of security community, the CAB applies their … Read more

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Source: https://msrc.microsoft.com/blog/2019/08/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/ Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these … Read more

August 2019 Security Updates

Source: https://msrc.microsoft.com/blog/2019/08/august-2019-security-updates/ We have released the August security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this … Read more

Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP)

Source: https://msrc.microsoft.com/blog/2019/08/microsoft-announces-top-three-contributing-partners-in-the-microsoft-active-protections-program-mapp/ Today Microsoft announced the MAPP program Top Vulnerability Contributors, Top Threat Indicator Submitters, and Top Zero-Day Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft … Read more

Announcing 2019 MSRC Most Valuable Security Researchers

Source: https://msrc.microsoft.com/blog/2019/08/announcing-2019-msrc-most-valuable-security-researchers/ Earlier today we announced MSRC’s 2018-2019 Most Valuable Security Researchers at Black Hat. The following 75 researchers hail from all corners of the world and possess varied experience and skills, … Read more

Corporate IoT – a path to intrusion

Source: https://msrc.microsoft.com/blog/2019/08/corporate-iot-a-path-to-intrusion/ Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are … Read more

Recognizing Security Researchers in 2019

Source: https://msrc.microsoft.com/blog/2019/07/recognizing-security-researchers-in-2019/ Who’s going to be on the Most Valuable Security Researcher list at Black Hat USA 2019? We’re not announcing the names—yet—but this is how we’ll determine who’s there. How do … Read more

Meet the MSRC at Black Hat 2019

Source: https://msrc.microsoft.com/blog/2019/07/meet-the-msrc-at-black-hat-2019/ We’re getting close to Black Hat, and we hope to see you there. Here’s where you can find members of the Microsoft Security Response Center if you’d like to say … Read more

It’s Official – The Way We Recognize Our Security Researchers

Source: https://msrc.microsoft.com/blog/2019/07/the-way-we-recognize-our-security-researchers/ We deeply appreciate the partnership of the many talented security researchers who report vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure. We pay bounties for research in key areas, and each … Read more

We need a safer systems programming language

Source: https://msrc.microsoft.com/blog/2019/07/we-need-a-safer-systems-programming-language/ In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety … Read more

Announcing the Microsoft Dynamics 365 Bounty program

Source: https://msrc.microsoft.com/blog/2019/07/announcing-the-microsoft-dynamics-365-bounty-program/ One of Microsoft’s many security investments to protect customers is in the partnerships we build with the external security research community. We are excited to announce the launch of theDynamics … Read more

A proactive approach to more secure code

Source: https://msrc.microsoft.com/blog/2019/07/a-proactive-approach-to-more-secure-code/ What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre (MSRC) has triaged every reported Microsoft security vulnerability. From … Read more

Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec!

Source: https://msrc.microsoft.com/blog/2019/03/join-microsoft-security-response-at-the-product-security-operations-forum-at-locomocosec/ The MSRC is more than managing vulnerability reports, publishing Microsoft security updates, and defending the cloud. The MSRC is passionate about helping everyone improve internal engineering practices and supporting the … Read more