Tuesday, November 12, 2024
Welcome to the third installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we talk about our commitment to providing comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities, and Microsoft, from current and emerging threats to security and privacy.
Tuesday, October 22, 2024
34 sessions from 54 presenters representing 20 organizations! We are thrilled to reveal the lineup of speakers and presentations for the 23rd BlueHat Security Conference, in Redmond WA from Oct 29-30. This year’s conference continues the BlueHat ethos and Secure Future Initiative mission of “Security Above All Else”. Security researchers and responders from inside and outside of Microsoft will gather on the Microsoft campus in Redmond, WA to share, debate, and challenge each other, with the shared goal of creating a safer and more secure world for all.
Wednesday, August 07, 2024
The 23rd edition of Microsoft’s BlueHat security conference will be hosted by the Microsoft Security Response Center (MSRC) at the Redmond, WA corporate campus, October 29 and 30, 2024. BlueHat brings together security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and best practices, all in the interest of creating a safer and more secure world for everyone.
Tuesday, August 06, 2024
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s 100 Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.
Monday, August 05, 2024
We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center (MSRC). Each year we identify over a thousand potential security issues together, safeguarding our customers from possible threats through the Microsoft Bounty Program.
Wednesday, July 31, 2024
Microsoft partners with the global security researcher community to surface and report security vulnerabilities to protect all users of Microsoft products and services. Researcher submissions help us address immediate threats while also identifying trends and insights to holistically improve the security of our products and services. We’re always looking for ways to build upon this partnership, and with that goal in mind, we are excited to announce the creation of the MSRC Researcher Resource Center.
Thursday, July 11, 2024
At the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common Vulnerability Reporting (CVRF) API. This update brings improvements in both security and performance, without requiring any changes to your existing invocation methods.
Wednesday, July 03, 2024
The Microsoft Security Response Center (MSRC) has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several updates to the Report Abuse Portal and API, which will significantly improve the way we handle and respond to abuse reports.
Thursday, June 27, 2024
Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities, and Microsoft, from current and emerging threats to security and privacy.
Monday, June 17, 2024
Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning (AML) service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries (SSRF) and a path traversal vulnerability, posed potential risks for information exposure and service disruption via Denial-of-Service (DOS).
