Microsoft

Source: https://msrc-blog.microsoft.com/2021/11/17/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/ Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentials property of an Azure Active Directory (Azure … Read more

Source: https://msrc-blog.microsoft.com/2021/10/25/comms-hub/ We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case … Read more

Source: https://msrc-blog.microsoft.com/2021/10/18/new-high-impact-scenarios-and-awards-for-the-azure-bounty-program/ Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased … Read more

Source: https://msrc-blog.microsoft.com/2021/10/14/congratulations-to-the-top-msrc-2021-q3-security-researchers/ Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top … Read more

Source: https://msrc-blog.microsoft.com/2021/10/13/power-platform-is-here-introducing-the-dynamics-365-and-power-platform-bug-bounty-program/ Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover … Read more

Source: https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/ On September 14, 2021, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework:  CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively.  Open Management Infrastructure (OMI) … Read more

Source: https://msrc-blog.microsoft.com/2021/09/08/coordinated-disclosure-of-vulnerability-in-azure-container-instances-service/ Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI). Our investigation surfaced no unauthorized access to customer data. Out of an abundance of … Read more

Source: https://msrc-blog.microsoft.com/2021/08/27/update-on-vulnerability-in-the-azure-cosmos-db-jupyter-notebook-feature/ On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s … Read more

Source: https://msrc-blog.microsoft.com/2021/08/19/announcing-the-launch-of-the-azure-ssrf-security-research-challenge/ Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security … Read more

Source: https://msrc-blog.microsoft.com/2021/08/10/point-and-print-default-behavior-change/ Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required … Read more

Source: https://msrc-blog.microsoft.com/2021/08/04/congratulations-to-the-msrc-2021-most-valuable-security-researchers/ The MSRC Researcher Recognition Program offers public thanks and acknowledgement to the researchers who help protect customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited … Read more

Source: https://msrc-blog.microsoft.com/2021/07/19/introducing-bounty-awards-for-teams-mobile-applications-security-research/ We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to … Read more

Source: https://msrc-blog.microsoft.com/2021/07/15/announcing-the-top-msrc-2021-q2-security-researchers-congratulations/ We’re excited to announce the top contributing researchers for the 2021 Second Quarter (Q2)! Congratulations to all the researchers recognized in this quarter’s leaderboard and thank you to everyone who … Read more