MSRC

Disclosure of Vulnerability in Azure Automation Managed Identity Tokens

Monday, March 07, 2022

On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identitiestokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens. Microsoft has notified customers with affected Automation accounts. Microsoft recommends following the security best practices herefor the Azure Automation service

Read More

• MSRC

July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server

Tuesday, July 14, 2020

Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

Read More

• DNS
• MSRC
• Windows
• Worm

Announcing the Microsoft Edge Insider Bounty

Tuesday, August 20, 2019

This week, we released the first Beta preview of the next version of Microsoft Edge. Alongside this, Microsoft is excited to announce the launch of the Microsoft Edge Insider Bounty Program. We welcome researchers to seek out and disclose any high impact vulnerabilities they may find in the next version of Microsoft Edge, based on Chromium, and offer rewards up to US$30,000 for eligible vulnerabilities in Dev and Beta channels.

Read More

• Bounty
• Community-based Defense
• Microsoft Edge
• MSRC
• Security Research

Recognizing Q3 Top 5 Bounty Hunters

Friday, April 20, 2018

Throughout the year, security researchers submit some amazing work to us under the Microsoft Bug Bounty program. Starting this quarter, we want to give a shout out to and acknowledge the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft’s products and services over our third quarter (January-March 2018).

Read More

• Bug Bounty Programs
• MSRC

Security Advisory 2953095: recommendation to stay protected and for detections

Monday, March 24, 2014

Today, Microsoft released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. This blog will discuss mitigations and temporary defensive strategies that will help customers to protect themselves while we are working on a security update.

Read More

• 0day
• 2953095
• CVE-2014-1761
• EMET
• MSRC
• RTF

Behind the Curtain of Second Tuesdays

Wednesday, December 01, 2010

Handle: Mando Picker IRL: Dustin Childs Rank: Security Program Manager Likes: Protecting customers, working with security researchers, second Tuesdays, bourbon, mandolins Dislikes: Using “It’s hard” as an excuse, quitting when it gets tough, banjos Hello All, I enjoy telling stories. Perhaps, in a former life, I spent time as a bard telling stories of Robin Hood and Maid Marian as I travelled from town to town.

Read More

• BlueHat Security Briefings
• MSRC
• MSRC Ecosystem Strategy
• Security Bulletin

Hack.lu: Why it’s all about building bridges

Thursday, November 04, 2010

Handle: Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni “We want to remain what we are” (“Mir wëlle bleiwe wat mir sinn”) is the national motto of the Grand Duchy of Luxembourg.

Read More

• Community-based Defense
• EcoStrat
• Hallway Tracks
• Mitigations
• MSRC
• MSRC Ecosystem Strategy
• Risk Assessment
• Security Conference Engagement
• Security Ecosystem
• Security Engineering
• Security Research
• Security Tools
• Watering Hole

Something Old, Something New, True Blue

Friday, October 15, 2010

This year marks the tenth BlueHat at Microsoft, and my sixth round in participating in the event that has been so instrumental in keeping Microsoft developers and executives in touch with the pulse of security research outside Microsoft, and serves as one of the key crossroads for the exchange of ideas from our internal security experts to the outside world.

Read More

• BlueHat Security Briefings
• EcoStrat
• Hallway Tracks
• Microsoft Vulnerability Research (MSVR)
• MSRC
• MSRC Ecosystem Strategy
• Security Advisory
• Security Conference Engagement
• Security Ecosystem
• Security Engineering
• Security Research
• Security Tools
• Watering Hole

BlueHat v10 Shipping!

Thursday, October 14, 2010

Handle: Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns I’m here playing MC at the tenth edition (!!!) of the BlueHat Security Briefings on the Microsoft Campus in Redmond.

Read More

• BlueHat Security Briefings
• Community-based Defense
• EcoStrat
• End to End Trust
• Hallway Tracks
• MSRC
• MSRC Ecosystem Strategy
• Security Conference Engagement
• Security Ecosystem
• Security Engineering
• Security Research
• Security Tools
• Watering Hole

Internet troubles in Korea? E-call center 118 is there to help.

Thursday, September 16, 2010

Handle: Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni Microsoft often has the pleasure of welcoming foreign government officials to our headquarters. MSR

Read More

• Attack
• Community-based Defense
• EcoStrat
• Malicious Software (Malware)
• MSRC
• Risk Assessment
• Security Assurance
• Security Engineering
• Security Research
• Security Tools