Microsoft

Source: https://msrc-blog.microsoft.com/2022/08/11/microsoft-bug-bounty-programs-year-in-review-13-7-in-rewards/ The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize … Read more

Source: https://msrc-blog.microsoft.com/2022/08/09/security-update-guide-notification-system-news-create-your-profile-now/ Sharing information through the Security Update Guide (SUG) is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we … Read more

Source: https://msrc-blog.microsoft.com/2022/08/08/congratulations-to-the-msrc-2022-most-valuable-researchers/ The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.  Today, we … Read more

Source: https://msrc-blog.microsoft.com/2022/08/08/microsoft-office-to-publish-symbols-starting-august-2022/ We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols … Read more

Source: https://msrc-blog.microsoft.com/2022/07/28/anatomy-of-a-cloud-service-security-update/ Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update … Read more

Source: https://msrc-blog.microsoft.com/2022/07/19/congratulations-to-the-top-msrc-2022-q2-security-researchers/ Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top … Read more

Source: https://msrc-blog.microsoft.com/2022/07/18/mitigation-for-azure-storage-sdk-client-side-encryption-padding-oracle-vulnerability/ Summary: Google informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a padding oracle vulnerability that may affect customers using Azure Storage SDK (for Python, .NET, Java) client-side encryption (CVE-2022-30187). To … Read more

Source: https://msrc-blog.microsoft.com/2022/07/13/all-hands-on-deck-a-whole-of-society-approach-for-cybersecurity/ The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this … Read more

Source: https://msrc-blog.microsoft.com/2022/07/12/microsoft-mitigates-azure-site-recovery-vulnerabilities/ Summary: Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery (ASR) and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect … Read more

Source: https://msrc-blog.microsoft.com/2022/06/28/azure-service-fabric-privilege-escalation-from-containerized-workloads-on-linux/ Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access … Read more

Source: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. A remote code execution vulnerability exists when MSDT is called using the … Read more

Source: https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/ In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release … Read more

Source: https://msrc-blog.microsoft.com/2022/05/13/anatomy-of-a-security-update/ The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect … Read more

Source: https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/ Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to … Read more