MSRC

Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability

Thursday, July 08, 2021

On Tuesday July 6, 2021, Microsoft issued CVE-2021-34527 regarding a Windows Print Spooler vulnerability. Updates were released on July 6 and 7 which addressed the vulnerability for all supported Windows versions. We encourage customers to update as soon as possible. CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability. Following the out of band release (OOB) we investigated claims regarding the effectiveness of the security update and questions around the suggested mitigations.

Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards

Thursday, July 08, 2021

Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. Bug bounty programs are one part of this partnership. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), researchers continue to help us secure millions of customers. Over the past 12 months, Microsoft awarded $13.

• Bug Bounty Programs
• Community-based Defense
• Researcher Recognition
• Security Researcher

Out-of-Band (OOB) Security Update available for CVE-2021-34527

Tuesday, July 06, 2021

Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, which is being discussed externally as PrintNightmare. This is a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your systems. The fix that we released today fully addresses the public vulnerability, and it also includes a new feature that allows customers to implement stronger protections.

Investigating and Mitigating Malicious Drivers

Friday, June 25, 2021

The security landscape continues to rapidly evolve as threat actors find new and innovative methods to gain access to environments across a wide range of vectors. As the industry moves closer to the adoption of a Zero Trust security posture with broad and layered defenses, we remain committed to sharing threat intelligence with the community to shine a light on the latest techniques and exploits of attackers so the industry can better protect itself.

New Nobelium activity

Friday, June 25, 2021

The Microsoft Threat Intelligence Center is tracking new activity from the NOBELIUM threat actor. Our investigation into the methods and tactics being used continues, but we have seen password spray and brute-force attacks and want to share some details to help our customers and communities protect themselves. This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised - we are aware of three compromised entities to date.

“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks

Thursday, April 29, 2021

Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology (OT), and industrial control systems.

• BadAlloc
• IoT
• OT
• RTOS

Congratulating Our Top MSRC 2021 Q1 Security Researchers!

Thursday, April 15, 2021

We’re excited to announce the top contributing researchers for the 2021 First Quarter (Q1)! Congratulations to all the researchers recognized in this quarter’s leaderboard and thank you to everyone who continues to help secure our customers and the

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

April 2021 Update Tuesday packages now available

Tuesday, April 13, 2021

Update August 25, 2021: Microsoft strongly recommends that you update your servers with the most recent security updates available. CVE-2021-34473 (ProxyShell) CVE-2021-34523 (ProxyShell) CVE-2021-33766 Today is Update Tuesday – our commitment to provide a predictable monthly schedule to release updates and provide the latest protection to our customers. Update Tuesday is a monthly cycle when Microsoft releases patches for vulnerabilities that we have found proactively or that have been disclosed to us through our security partnerships under a coordinated vulnerability disclosure.

• Microsoft Exchange

Introducing Bounty Awards for Teams Desktop Client Security Research

Wednesday, March 24, 2021

Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate remotely. Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration.

• Bounty
• Community-based Defense
• Security
• Security Research

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

Tuesday, March 16, 2021

This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise of your on-premises Exchange Server and, potentially, other parts of your internal network.