MSRC

Attacks exploiting Netlogon vulnerability (CVE-2020-1472)

Thursday, October 29, 2020

Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to spoof a domain controller account that could be used to steal domain credentials and take over the domain.

Read More

• Active Directory
• EOP
• Patch
• Standard)
• Vulnerability
• Windows Server 2008 R2 Service Pack 1
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019 all editions
• Windows Server version 1809 (Datacenter
• Windows Server version 1903 all editions
• Windows Server version 1909 all editions

Announcing the Top MSRC 2020 Q3 Security Researchers

Thursday, October 15, 2020

Following the MSRC’s 2020 Most Valuable Security Researchers announced during this year’s Black Hat, we’re excited to announce the top contributing researchers for the 2020 Third Quarter (Q3)! The top three researchers of the 2020 Q3

Read More

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community

Tuesday, October 06, 2020

The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. During the three-month Azure Sphere Security Research Challenge, researchers surfaced 20 Critical or Important severity security vulnerabilities, with Microsoft awarding $374,300 in bounty awards for 16 bounty eligible reports.

Read More

• Bounty
• Community-based Defense
• Security Research
• Security Researcher

New and improved Security Update Guide!

Monday, September 21, 2020

We’re excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or services they use in their environment.

Read More

• Security Update
• Security Update Guide
• Update Tuesday

Congratulations to the MSRC’s 2020 Most Valuable Security Researchers

Wednesday, August 05, 2020

Today we announce our Most Valuable Security Researchers for 2020! The MSRC Researcher Recognition program is an integral aspect of recognizing the ongoing partnerships with our community of talented security researchers who report through Coordinated Vulnerability Disclosure (CVD). These recognitions run throughout specific periods of the year and provide regular

Read More

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Security Researcher

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

Tuesday, August 04, 2020

Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude. The security landscape is constantly changing with emerging technology and new threats.

Read More

• Black Hat
• Bug Bounty Programs
• Community-based Defense
• Researcher Recognition
• Security Researcher

Microsoft Joins Open Source Security Foundation

Monday, August 03, 2020

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings together work from the Linux Foundation-initiated Core Infrastructure Initiative (CII), the GitHub-initiated Open Source Security Coalition (OSSC), and other open source security efforts to improve the security of open source software by building a broader community, targeted initiatives, and best practices.

Read More

• Linux
• Open Source
• OpenSSF
• Security

Black Hat 2020: See you in the Cloud!

Thursday, July 30, 2020

It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the chance to catch up with security researchers, industry partners, and customers in person, an opportunity we look forward to every year. We’ll still be there though, and look forward to the great talks and chatting in the virtual conference platform.

Read More

• Black Hat
• Bug Bounty Programs
• Community-based Defense
• Researcher Recognition
• Security Researcher

Updates to the Windows Insider Preview Bounty Program

Friday, July 24, 2020

Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to encourage and reward vulnerability research focused on the highest impact to customer security. The Windows Insider Preview (WIP) Bounty Program is a key program for Microsoft and researchers.

Read More

• Bounty
• Community-based Defense
• Security
• Security Research
• Windows
• Windows Insider Preview

Top MSRC 2020 Q2 Security Researchers Announced – Congratulations!

Wednesday, July 15, 2020

We are excited to announce the top contributing researchers for the 2020 Second Quarter (Q2)! Congratulations to all the researchers who continue to rock the leaderboard, and a big thank you to everyone for your contribution to securing our customers and the ecosystem. The top three researchers of the 2020

Read More

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher