MSRC

On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021

Tuesday, March 02, 2021

On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by applying the patches immediately to affected systems. The vulnerabilities affect Exchange Server versions 2013, 2016, and 2019, while Exchange Server 2010 is also being updated for defense-in-depth purposes.

Microsoft Internal Solorigate Investigation - Final Update

Thursday, February 18, 2021

We believe the Solorigate incident is an opportunity to work with the community, to share information, strengthen defenses and respond to attacks. We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer data.

MSRC Security Researcher Recognition: 2021

Wednesday, February 10, 2021

Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different paths you can take to get into the top researcher tiers. The MSRC Most Valuable Security Researcher (MVR) and MSRC Contributor are tiers in the Researcher Recognition Program which annually recognize researchers for impactful contributions, considering report impact, accuracy and volume.

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

Continuing to Listen: Good News about the Security Update Guide API!

Tuesday, February 09, 2021

Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. We’re happy to make this valuable public information more freely available and accessible.

• Security Update Guide

Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

Tuesday, February 09, 2021

Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term.

• Exploitability
• Network protocol
• Risk Assessment
• Update Tuesday

New and Improved Report Abuse Portal and API!

Monday, February 01, 2021

The Report Abuse (CERT) Portal and Report Abuse API have played a significant role in MSRC’s response to suspected cyberattacks, privacy issues, and abuse originating from Microsoft Online Services. With the contributions from our wonderful community of reporters, we continue to gain insightful perspectives into the various types of attacks that threaten our online services, our cloud, and our customers.

• CARS
• CERT
• Microsoft Online Services
• Report Abuse
• Report Abuse API
• Report Abuse Portal

Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472

Thursday, January 14, 2021

Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default. This will block vulnerable connections from non-compliant devices. DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device.

• Active Directory
• EOP
• Patch
• Standard)
• Vulnerability
• Windows Server 2008 R2 Service Pack 1
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019 all editions
• Windows Server version 1809 (Datacenter
• Windows Server version 1903 all editions
• Windows Server version 1909 all editions

Top MSRC 2020 Q4 Security Researchers – Congratulations!

Thursday, January 14, 2021

We’re excited to announce the top contributing researchers for the 2020 Fourth Quarter (Q4)! Congratulations to all of the researchers who made this quarter’s leaderboard and a huge thank you to everyone who continues to help secure our customers and the ecosystem. The top three researchers of the 2020 Q4 Security Researcher Leaderboard are: Cameron Vincent (2065 points) , Yuki Chen (1535 points) , and Suresh C (862 points).

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Security Researcher

Security Update Guide Supports CVEs Assigned by Industry Partners

Wednesday, January 13, 2021

Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA. First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a cybersecurity vulnerability. The CVE program was started back in 1999 and is funded by the US federal government, currently out of the Cybersecurity and Infrastructure Security Agency (CISA).

• CVSS
• Security Update
• Security Update Guide
• Update Tuesday

Microsoft Internal Solorigate Investigation Update

Thursday, December 31, 2020

As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Like other SolarWinds customers, we have been actively looking for indicators of the Solorigate actor and want to share an update from our ongoing internal investigation.

• Investigation
• SolarWinds
• Solorigate