Skip to main content
MSRC

Microsoft Security Response Center Blog

Azure Serial Console Attack and Defense - Part 1

Thursday, August 10, 2023

Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that’s available for free for everyone. While the primary intent of this feature is to assist users debug their machine, there are several interesting ways to abuse the features and compromise sensitive information.

Congratulations to the MSRC 2023 Most Valuable Security Researchers!

Tuesday, August 08, 2023

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most Valuable Researchers (MVRs) based on the total number of points earned for each valid report.

Updating our Vulnerability Severity Classification for AI Systems

Tuesday, August 08, 2023

The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. To this end, we are announcing the Microsoft Vulnerability Severity Classification for AI Systems, an update to Microsoft’s existing vulnerability severity classification (i.

Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards

Monday, August 07, 2023

We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this valuable collaboration, we have awarded $13.

Microsoft mitigates Power Platform Custom Code information disclosure vulnerability

Friday, August 04, 2023

Summary On 30 March 2023, Tenable informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a security issue concerning Power Platform Custom Connectors using Custom Code. This feature allows customers to write code for custom connectors. This issue has been fully addressed for all customers and no customer remediation action is required.

BlueHat October 2023 Call for Papers is Now Open!

Thursday, July 27, 2023

As you may have seen on social media, the next BlueHat conference will be October 11 – 12, 2023, on Microsoft’s Redmond campus in Washington state, USA. The Call for Papers (CFP) is now open through August 18, 2023. The BlueHat community is a unique blend of security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and learnings in the interest of creating a safer and more secure world for all.

Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form

Thursday, July 20, 2023

Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends across multiple reported security vulnerabilities. The additional fields are not mandatory fields to submit a report.

From Bounty Leaderboards to Microsoft Security Researcher, Meet Cameron Vincent!

Monday, July 17, 2023

Fun Facts: Game you binged: Guitar Hero and Rock Band fanatic. Go to snack: Nutri-Grain Bars. Favorite Drink: Soda – Coca Cola specifically. Favorite Place: Singapore – stayed an extra week after a hacking collaboration and truly fell in love and hopes to get back as soon as possible. Favorite Movie/Genre: Parasite – Korean Cinema, had been watching Koren Cinema before it became a thing.

What to expect when reporting vulnerabilities to Microsoft

Friday, July 14, 2023

At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by working with security researchers to identify and fix security vulnerabilities in our services and products that could pose a threat to our customers.

Congratulations to the Top MSRC 2023 Q2 Security Researchers!

Friday, July 14, 2023

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q2 Security Researcher Leaderboard are: Yuki Chen, HAO LI, wkai! Check out the full list of researchers recognized this quarter here.