Microsoft

Source: https://msrc-blog.microsoft.com/2022/04/28/azure-database-for-postgresql-flexible-server-privilege-escalation-and-remote-code-execution/ MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized … Read more

Source: https://msrc-blog.microsoft.com/2022/04/21/congratulations-and-new-swag-awards-for-the-top-msrc-2022-q1-security-researchers/ Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for … Read more

Source: https://msrc-blog.microsoft.com/2022/04/14/expanding-high-impact-scenario-awards-for-microsoft-bug-bounty-programs/ We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, … Read more

Source: https://msrc-blog.microsoft.com/2022/04/05/microsofts-response-to-cve-2022-22965-spring-framework/ Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted … Read more

Source: https://msrc-blog.microsoft.com/2022/04/05/on-premises-servers-products-are-here-introducing-the-applications-and-on-premises-servers-bug-bounty-program/ Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program.  Through this expanded program, we … Read more

Source: https://msrc-blog.microsoft.com/2022/03/31/increasing-representation-of-women-in-security-research/ Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a … Read more

Source: https://msrc-blog.microsoft.com/2022/03/22/exploring-a-new-class-of-kernel-exploit-primitive/ The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One … Read more

Source: https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/ Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration … Read more

Source: https://msrc-blog.microsoft.com/2022/03/07/13943/ On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identities tokens for authorization and an Azure Sandbox for job runtime … Read more

Source: https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/ UPDATE 02 MAR 2022: See Updated malware details and Microsoft security product detections below for additional insights and protections specific to the evolving threats we have identified impacting organizations with … Read more

Source: https://msrc-blog.microsoft.com/2022/02/01/congratulations-to-the-top-msrc-2021-q4-security-researchers/ Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers … Read more

Source: https://msrc-blog.microsoft.com/2022/02/01/expanding-the-microsoft-researcher-recognition-program/ The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we … Read more

Source: https://msrc-blog.microsoft.com/2022/01/11/coming-soon-new-security-update-guide-notification-system/ Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we … Read more

Source: https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/ MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the … Read more

Source: https://msrc-blog.microsoft.com/2021/12/14/researcher-spotlight-dr-nestori-syynimaas-constant-mission-protecting-identities/ “When you find the things I find, they really matter. They affect everybody’s security.” Currently streaming: The Expanse and Lost in Space on Netflix Currently listening to: Amorphis, Architects, and … Read more

Source: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ Published on: 2021 Dec 11 SUMMARY Microsoft is investigating the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 … Read more