Microsoft Security Response Center Blog

Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms

Wednesday, September 28, 2016

On August 4, 2016 we launched a bounty program that targets Remote Code Execution (RCE) vulnerabilities in Microsoft Edge on the Windows Insider Preview Slow (WIP slow). Today, we will be making additions to this bounty program. Since security is a continuous effort and not a destination, we prioritize acquiring different types of vulnerabilities in different points of time.

September 2016 security update release

Tuesday, September 13, 2016

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC Team

• Security Advisory
• Security Update
• Update Tuesday

Announcing a Microsoft .NET Core and ASP.NET Core Bug Bounty

Thursday, September 01, 2016

It’s our pleasure to announce another exciting expansion of the Microsoft Bounty Programs. Today, we will be adding .NET Core and ASP.NET Core to our suite of ongoing bounty programs. We are offering a bounty on the Windows and Linux versions of .NET Core and ASP.NET Core starting on September 1, 2016.

• .NET
• Asp.Net
• Bug Bounty Programs

BlueHat v16 Schedule Announced

Thursday, September 01, 2016

Over the summer we had overwhelming response to our BlueHat v16 call for papers. We would like to give a special thanks to all who submitted papers for consideration. The range of content and quality of content was exceptional. So with that, today we are happy to announce our schedule for the general audience portion of the conference.

August 2016 security update release

Tuesday, August 09, 2016

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team

• Security Advisory Security Update Update Tuesday

Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty

Thursday, August 04, 2016

I’m very happy to announce another addition to the Microsoft Bounty Programs. Microsoft will be hosting a bounty for Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview builds. This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process.

July 2016 security update release

Tuesday, July 12, 2016

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team

• Security Advisory Security Update Update Tuesday

June 2016 security update release

Tuesday, June 14, 2016

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team

• Security Advisory
• Security Update
• Update Tuesday

Microsoft Bounty Program expansion - .NET Core and ASP.NET RC2 Beta Bounty

Tuesday, June 07, 2016

Today I have another exciting expansion of the Microsoft Bounty Program. Please visit https://aka.ms/BugBounty to find out more. As we approach release for .NET Core and ASP.NET, we would like to get even more feedback from the security research community. We are offering a bounty on the .NET Core and ASP.

BlueHat v16 Announced

Wednesday, June 01, 2016

Microsoft is pleased to announce our sixteenth BlueHat Security Conference set for November 3-4, 2016 at the Microsoft Conference Center here in Redmond. BlueHat is a unique opportunity for Microsoft engineers and the security community to come together learn about the current threat landscape and challenge the thinking and we actions we do in security.