Skip to main content
MSRC

Month Archives: July 2023

BlueHat October 2023 Call for Papers is Now Open!

Thursday, July 27, 2023

As you may have seen on social media, the next BlueHat conference will be October 11 – 12, 2023, on Microsoft’s Redmond campus in Washington state, USA. The Call for Papers (CFP) is now open through August 18, 2023. The BlueHat community is a unique blend of security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and learnings in the interest of creating a safer and more secure world for all.

Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form

Thursday, July 20, 2023

Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends across multiple reported security vulnerabilities. The additional fields are not mandatory fields to submit a report.

From Bounty Leaderboards to Microsoft Security Researcher, Meet Cameron Vincent!

Monday, July 17, 2023

Fun Facts: Game you binged: Guitar Hero and Rock Band fanatic. Go to snack: Nutri-Grain Bars. Favorite Drink: Soda – Coca Cola specifically. Favorite Place: Singapore – stayed an extra week after a hacking collaboration and truly fell in love and hopes to get back as soon as possible. Favorite Movie/Genre: Parasite – Korean Cinema, had been watching Koren Cinema before it became a thing.

What to expect when reporting vulnerabilities to Microsoft

Friday, July 14, 2023

At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by working with security researchers to identify and fix security vulnerabilities in our services and products that could pose a threat to our customers.

Congratulations to the Top MSRC 2023 Q2 Security Researchers!

Friday, July 14, 2023

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q2 Security Researcher Leaderboard are: Yuki Chen, HAO LI, wkai! Check out the full list of researchers recognized this quarter here.

Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email

Tuesday, July 11, 2023

UPDATE: Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our technical investigation has concluded, and on September 6, 2023, we published our investigation findings. Microsoft has released threat analysis on Storm-0558 activity here. Microsoft additionally released additional defense-in-depth security fixes to help customers improve token validation in their custom applications.