MSRC

Microsoft Joins Open Source Security Foundation

Monday, August 03, 2020

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings together work from the Linux Foundation-initiated Core Infrastructure Initiative (CII), the GitHub-initiated Open Source Security Coalition (OSSC), and other open source security efforts to improve the security of open source software by building a broader community, targeted initiatives, and best practices.

• Linux
• Open Source
• OpenSSF
• Security

Black Hat 2020: See you in the Cloud!

Thursday, July 30, 2020

It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the chance to catch up with security researchers, industry partners, and customers in person, an opportunity we look forward to every year. We’ll still be there though, and look forward to the great talks and chatting in the virtual conference platform.

• Black Hat
• Bug Bounty Programs
• Community-based Defense
• Researcher Recognition
• Security Researcher

Updates to the Windows Insider Preview Bounty Program

Friday, July 24, 2020

Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to encourage and reward vulnerability research focused on the highest impact to customer security. The Windows Insider Preview (WIP) Bounty Program is a key program for Microsoft and researchers.

• Bounty
• Community-based Defense
• Security
• Security Research
• Windows
• Windows Insider Preview

Top MSRC 2020 Q2 Security Researchers Announced – Congratulations!

Wednesday, July 15, 2020

We are excited to announce the top contributing researchers for the 2020 Second Quarter (Q2)! Congratulations to all the researchers who continue to rock the leaderboard, and a big thank you to everyone for your contribution to securing our customers and the ecosystem. The top three researchers of the 2020

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server

Tuesday, July 14, 2020

Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

• DNS
• MSRC
• Windows
• Worm

Solving Uninitialized Kernel Pool Memory on Windows

Thursday, July 02, 2020

This blog post outlines the work that Microsoft is doing to eliminate uninitialized kernel pool memory vulnerabilities from Windows and why we’re on this path. For a background on why uninitialized memory matters and what options have been used in the past to tackle this issue, please see our previous blog post.

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

Monday, June 01, 2020

Machine learning (ML) is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud, adversaries have been busy developing malware designed to evade ML models.

• Artificial intelligence
• Community-based Defense
• Security Research

Azure Sphere Security Research Challenge Now Open

Tuesday, May 05, 2020

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact security research in Azure Sphere, a comprehensive IoT security solution delivering end to end security across hardware, OS and the cloud.

• Bounty
• Community-based Defense
• Security Research
• Security Researcher

Congratulating Our Top 2020 Q1 Security Researchers!

Thursday, April 23, 2020

Following the second Security Researcher Quarterly Leaderboard and the 2020 MSRC Most Valuable Security Researchers criteria we published in February 2020, we are excited to announce the 2020 First Quarter (Q1) Security Researcher Leaderboard, listing our top contributing researchers for the last quarter. The top three researchers of the last quarter are: Zhiniang Peng (2870 points), Yuki Chen (1550 points), and Ashar Javed (1520 points).

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

March 2020 security updates are available

Tuesday, March 10, 2020

We have released the March security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide.