Skip to main content
MSRC

2022

Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Tuesday, November 01, 2022

Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security. Customers not using Jupyter Notebooks (99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks) were not susceptible to this vulnerability. The bug was introduced on August 12th and fully patched worldwide on Oct 6th, two days after it was reported.

Read More

Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People

Monday, October 31, 2022

As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology problem, but at its core, it’s really about people: the customers and communities we work to protect and defend, the current and future cybersecurity professionals on the front lines of the fight, and the larger security community coming together to strengthen cybersecurity for all.

Read More

Congratulations to the Top MSRC 2022 Q3 Security Researchers!

Monday, October 24, 2022

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zhang , Yuki Chen , and Dang The Tuyen! Check out the full list of researchers recognized this quarter here.

Read More

Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk

Wednesday, October 19, 2022

Summary Microsoft was recently made aware of a Cross-Site Scripting (XSS) vulnerability (CVE-2022-35829), that under limited circumstances, affects older versions of Service Fabric Explorer (SFX). The current default SFX web client (SFXv2) is not vulnerable to this attack. However, customers can manually switch from the default web client (SFXv2) to an older vulnerable SFX web client version (SFXv1).

Read More

Investigation Regarding Misconfigured Microsoft Storage Location

Wednesday, October 19, 2022

October 28, 2022 update: Added a Customer FAQ section. Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.

Read More

BlueHat 2023 Call for Papers is Now Open!

Thursday, October 13, 2022

For nearly 20 years, BlueHat has been where the security research community, and Microsoft security professionals come together as peers, to share, debate, challenge, learn, and exchange ideas in the interest of creating a safer and more secure world for all. We are extremely excited to announce that BlueHat is back in-person and the 2023 Call for Papers (CFP) is now open through December 8!

Read More