Skip to main content
MSRC

Month Archives: October 2023

Congratulations to the Top MSRC 2023 Q3 Security Researchers!

Monday, October 16, 2023

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q3 Security Researcher Leaderboard are Wei, VictorV, and Anonymous! Check out the full list of researchers recognized this quarter here.

Introducing the Microsoft AI Bug Bounty Program featuring the AI-powered Bing experience

Thursday, October 12, 2023

Today at BlueHat we announced the new Microsoft AI bug bounty program with awards up to $15,000. This new bounty program features the AI-powered Bing experience as the first in scope product. The following products and integrations are eligible for bounty awards: AI-powered Bing experiences on bing.com in Browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator) AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise AI-powered Bing integration in the Microsoft Start Application (iOS and Android) AI-powered Bing integration in the Skype Mobile Application (iOS and Android) Full details can be found on our bounty program website.

HTTP/2に対する分散型サービス拒否 (DDoS) 攻撃に対するマイクロソフトの対応について 

Tuesday, October 10, 2023

本ブログは、Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2 の抄訳版です。最新の情報は原文を参照してください。

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Tuesday, October 10, 2023

Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.

Cybersecurity Awareness Month 2023: Elevating Security Together

Thursday, October 05, 2023

As the 20th anniversary of Cybersecurity Awareness Month begins, I find myself reflecting on the strides made since its inception. The journey to enhance and improve cybersecurity is ongoing and extends beyond October. It’s not merely a technological challenge; it is fundamentally about people. It’s about the customers and communities that we at Microsoft work tirelessly to safeguard and defend.

Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217

Monday, October 02, 2023

Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below: CVE-2023-4863 Microsoft Edge Microsoft Teams for Desktop Skype for Desktop Webp Image Extensions (Released on Windows and updates through Microsoft Store) CVE-2023-5217