| 1. |
Congratulations to the Top MSRC 2024 Q1 Security Researchers! |
|
|
| 2. |
Toward greater transparency: Adopting the CWE standard for Microsoft CVEs |
|
|
| 3. |
Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team |
|
|
| 4. |
Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard |
|
|
| 5. |
Faye’s Journey: From Security PM to Diversity Advocate at Microsoft |
|
|
| 6. |
Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and an expanded scope |
|
|
| 7. |
From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin |
|
|
| 8. |
An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career at Microsoft |
|
|
| 9. |
New Security Advisory Tab Added to the Microsoft Security Update Guide |
|
|
| 10. |
Congratulations to the Top MSRC 2023 Q4 Security Researchers! |
|
|
| 11. |
Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard |
|
|
| 12. |
BlueHat India Call for Papers is Now Open! |
|
|
| 13. |
Microsoft addresses App Installer abuse |
|
|
| 14. |
Azure Serial Console Attack and Defense - Part 2 |
|
|
| 15. |
Introducing the Microsoft Defender Bounty Program |
|
|
| 16. |
Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded |
|
|
| 17. |
Reflecting on 20 years of Patch Tuesday |
|
|
| 18. |
Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI |
|
|
| 19. |
Congratulations to the Top MSRC 2023 Q3 Security Researchers! |
|
|
| 20. |
Introducing the Microsoft AI Bug Bounty Program featuring the AI-powered Bing experience |
|
|
| 21. |
Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2 |
|
|
| 22. |
Cybersecurity Awareness Month 2023: Elevating Security Together |
|
|
| 23. |
Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217 |
|
|
| 24. |
Journey Down Under: How Rocco Became Australia’s Premier Hacker |
|
|
| 25. |
Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token |
|
|
| 26. |
Results of Major Technical Investigations for Storm-0558 Key Acquisition |
|
|
| 27. |
Azure Serial Console Attack and Defense - Part 1 |
|
|
| 28. |
Updating our Vulnerability Severity Classification for AI Systems |
|
|
| 29. |
Congratulations to the MSRC 2023 Most Valuable Security Researchers! |
|
|
| 30. |
Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards |
|
|
| 31. |
Microsoft mitigates Power Platform Custom Code information disclosure vulnerability |
|
|
| 32. |
BlueHat October 2023 Call for Papers is Now Open! |
|
|
| 33. |
Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form |
|
|
| 34. |
From Bounty Leaderboards to Microsoft Security Researcher, Meet Cameron Vincent! |
|
|
| 35. |
What to expect when reporting vulnerabilities to Microsoft |
|
|
| 36. |
Congratulations to the Top MSRC 2023 Q2 Security Researchers! |
|
|
| 37. |
Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email |
|
|
| 38. |
Breaking Barriers: Aditi’s Journey Through Sight Loss to Microsoft AI Innovator |
|
|
| 39. |
Potential Risk of Privilege Escalation in Azure AD Applications |
|
|
| 40. |
Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks |
|
|
| 41. |
Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry |
|
|
| 42. |
Hey Yara, find some vulnerabilities |
|
|
| 43. |
Announcing The BlueHat Podcast: Listen and Subscribe Now! |
|
|
| 44. |
Guidance related to Secure Boot Manager changes associated with CVE-2023-24932 |
|
|
| 45. |
Microsoft Vulnerability Severity Classification for Online Services Publication |
|
|
| 46. |
Congratulations to the Top MSRC 2023 Q1 Security Researchers! |
|
|
| 47. |
Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access |
|
|
| 48. |
Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD |
|
|
| 49. |
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability |
|
|
| 50. |
Configuring host-level audit logging for AKS VMSS |
|
|
| 51. |
Azure Kubernetes Service (AKS) Threat Hunting |
|
|
| 52. |
First steps in CHERIoT Security Research |
|
|
| 53. |
New MSRC Blog Site |
|
|
| 54. |
BlueHat 2023: Connecting the security research community with Microsoft |
|
|
| 55. |
Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process |
|
|
| 56. |
Congratulations to the Top MSRC 2022 Q4 Security Researchers! |
|
|
| 57. |
Microsoft resolves four SSRF vulnerabilities in Azure cloud services |
|
|
| 58. |
Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API |
|
|
| 59. |
Security Update Guide Improvement – Representing Hotpatch Updates |
|
|
| 60. |
BlueHat 2023: Applications to Attend NOW OPEN! |
|
|
| 61. |
A Ride on the Wild Side with Hacking Heavyweight Sick Codes |
|
|
| 62. |
Announcing the Microsoft Machine Learning Membership Inference Competition (MICO) |
|
|
| 63. |
Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602) |
|
|
| 64. |
Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB |
|
|
| 65. |
Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People |
|
|
| 66. |
Congratulations to the Top MSRC 2022 Q3 Security Researchers! |
|
|
| 67. |
Investigation Regarding Misconfigured Microsoft Storage Location |
|
|
| 68. |
Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk |
|
|
| 69. |
Hunting for Cobalt Strike: Mining and plotting for fun and profit |
|
|
| 70. |
BlueHat 2023 Call for Papers is Now Open! |
|
|
| 71. |
Improvements in Security Update Notifications Delivery - And a New Delivery Method |
|
|
| 72. |
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server |
|
|
| 73. |
Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance |
|
|
| 74. |
Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez |
|
|
| 75. |
What’s the smallest variety of CHERI? |
|
|
| 76. |
Vulnerability Fixed in Azure Synapse Spark |
|
|
| 77. |
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards |
|
|
| 78. |
Security Update Guide Notification System News: Create your profile now |
|
|
| 79. |
Microsoft Office to publish symbols starting August 2022 |
|
|
| 80. |
Congratulations to the MSRC 2022 Most Valuable Researchers! |
|
|
| 81. |
Anatomy of a Cloud-Service Security Update |
|
|
| 82. |
Congratulations to the Top MSRC 2022 Q2 Security Researchers! |
|
|
| 83. |
Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability |
|
|
| 84. |
All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity |
|
|
| 85. |
Microsoft Mitigates Azure Site Recovery Vulnerabilities |
|
|
| 86. |
Service Fabric Privilege Escalation from Containerized Workloads on Linux |
|
|
| 87. |
A Man of Action: Meet Callum Carney |
|
|
| 88. |
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability |
|
|
| 89. |
New Research Paper: Pre-hijacking Attacks on Web User Accounts |
|
|
| 90. |
Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards |
|
|
| 91. |
Anatomy of a Security Update |
|
|
| 92. |
Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) |
|
|
| 93. |
Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution |
|
|
| 94. |
Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers! |
|
|
| 95. |
Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs |
|
|
| 96. |
Randomizing the KUSER_SHARED_DATA Structure on Windows |
|
|
| 97. |
On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program |
|
|
| 98. |
Microsoft’s Response to CVE-2022-22965 Spring Framework |
|
|
| 99. |
Increasing Representation of Women in Security Research |
|
|
| 100. |
Randomizing the KUSER_SHARED_DATA Structure on Windows |
|
|
| 101. |
Exploring a New Class of Kernel Exploit Primitive |
|
|
| 102. |
Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint |
|
|
| 103. |
Disclosure of Vulnerability in Azure Automation Managed Identity Tokens |
|
|
| 104. |
Cyber threat activity in Ukraine: analysis and resources |
|
|
| 105. |
Researcher Spotlight: Cyber Viking Nate Warfield is Here to Help |
|
|
| 106. |
Expanding the Microsoft Researcher Recognition Program |
|
|
| 107. |
Congratulations to the Top MSRC 2021 Q4 Security Researchers! |
|
|
| 108. |
An Armful of CHERIs |
|
|
| 109. |
Coming Soon: New Security Update Guide Notification System |
|
|
| 110. |
Azure App Service Linux source repository exposure |
|
|
| 111. |
Researcher Spotlight: Dr. Nestori Syynimaa’s Constant Mission Protecting Identities |
|
|
| 112. |
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 |
|
|
| 113. |
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs |
|
|
| 114. |
BlueHat is Back! |
|
|
| 115. |
We’re Excited to Announce the Launch of Comms Hub! |
|
|
| 116. |
New High Impact Scenarios and Awards for the Azure Bounty Program |
|
|
| 117. |
Congratulations to the Top MSRC 2021 Q3 Security Researchers! |
|
|
| 118. |
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program |
|
|
| 119. |
Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions |
|
|
| 120. |
Coordinated disclosure of vulnerability in Azure Container Instances Service |
|
|
| 121. |
Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature |
|
|
| 122. |
Announcing the Launch of the Azure SSRF Security Research Challenge |
|
|
| 123. |
Point and Print Default Behavior Change |
|
|
| 124. |
Congratulations to the MSRC 2021 Most Valuable Security Researchers! |
|
|
| 125. |
Introducing Bounty Awards for Teams Mobile Applications Security Research |
|
|
| 126. |
Announcing the Top MSRC 2021 Q2 Security Researchers - Congratulations! |
|
|
| 127. |
Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards |
|
|
| 128. |
Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability |
|
|
| 129. |
Out-of-Band (OOB) Security Update available for CVE-2021-34527 |
|
|
| 130. |
New Nobelium activity |
|
|
| 131. |
Investigating and Mitigating Malicious Drivers |
|
|
| 132. |
“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks |
|
|
| 133. |
Congratulating Our Top MSRC 2021 Q1 Security Researchers! |
|
|
| 134. |
April 2021 Update Tuesday packages now available |
|
|
| 135. |
Introducing Bounty Awards for Teams Desktop Client Security Research |
|
|
| 136. |
Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities |
|
|
| 137. |
One-Click Microsoft Exchange On-Premises Mitigation Tool - March 2021 |
|
|
| 138. |
Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021 |
|
|
| 139. |
A new experience for reporting copyright or trademark infringement on Microsoft Services |
|
|
| 140. |
On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021 |
|
|
| 141. |
Microsoft Internal Solorigate Investigation - Final Update |
|
|
| 142. |
MSRC Security Researcher Recognition: 2021 |
|
|
| 143. |
Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 |
|
|
| 144. |
Continuing to Listen: Good News about the Security Update Guide API! |
|
|
| 145. |
New and Improved Report Abuse Portal and API! |
|
|
| 146. |
Top MSRC 2020 Q4 Security Researchers – Congratulations! |
|
|
| 147. |
Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 |
|
|
| 148. |
Security Update Guide Supports CVEs Assigned by Industry Partners |
|
|
| 149. |
Building Faster AMD64 Memset Routines |
|
|
| 150. |
Microsoft Internal Solorigate Investigation Update |
|
|
| 151. |
Nobelium Resource Center - updated March 4, 2021 |
|
|
| 152. |
Customer Guidance on Recent Nation-State Cyber Attacks |
|
|
| 153. |
Security Update Guide: Let's keep the conversation going |
|
|
| 154. |
Vulnerability Descriptions in the New Version of the Security Update Guide |
|
|
| 155. |
Attacks exploiting Netlogon vulnerability (CVE-2020-1472) |
|
|
| 156. |
Announcing the Top MSRC 2020 Q3 Security Researchers |
|
|
| 157. |
Security Analysis of CHERI ISA |
|
|
| 158. |
Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community |
|
|
| 159. |
New and improved Security Update Guide! |
|
|
| 160. |
Control Flow Guard for Clang/LLVM and Rust |
|
|
| 161. |
Congratulations to the MSRC’s 2020 Most Valuable Security Researchers |
|
|
| 162. |
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards |
|
|
| 163. |
Microsoft Joins Open Source Security Foundation |
|
|
| 164. |
Black Hat 2020: See you in the Cloud! |
|
|
| 165. |
Updates to the Windows Insider Preview Bounty Program |
|
|
| 166. |
Top MSRC 2020 Q2 Security Researchers Announced – Congratulations! |
|
|
| 167. |
July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server |
|
|
| 168. |
Solving Uninitialized Kernel Pool Memory on Windows |
|
|
| 169. |
Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack |
|
|
| 170. |
Solving Uninitialized Stack Memory on Windows |
|
|
| 171. |
Azure Sphere Security Research Challenge Now Open |
|
|
| 172. |
The Safety Boat: Kubernetes and Rust |
|
|
| 173. |
Congratulating Our Top 2020 Q1 Security Researchers! |
|
|
| 174. |
March 2020 security updates are available |
|
|
| 175. |
Calling for security research in Azure Sphere, now generally available |
|
|
| 176. |
February 2020 security updates are available |
|
|
| 177. |
Recognizing Security Researchers in 2020 |
|
|
| 178. |
Announcing the Xbox Bounty program |
|
|
| 179. |
Access Misconfiguration for Customer Support Database |
|
|
| 180. |
Announcing MSRC 2019 Q4 Security Researcher Leaderboard |
|
|
| 181. |
January 2020 Security Updates: CVE-2020-0601 |
|
|
| 182. |
January 2020 security updates are available! |
|
|
| 183. |
Announcing the Microsoft Identity Research Project Grant |
|
|
| 184. |
December 2019 security updates are available |
|
|
| 185. |
Customer Guidance for the Dopplepaymer Ransomware |
|
|
| 186. |
BlueHat Seattle videos are online! |
|
|
| 187. |
November 2019 security updates are available! |
|
|
| 188. |
Using Rust in Windows |
|
|
| 189. |
Vulnerability hunting with Semmle QL: DOM XSS |
|
|
| 190. |
Time for day 2 of briefings at BlueHat Seattle! |
|
|
| 191. |
Welcome to the second stage of BlueHat! |
|
|
| 192. |
Microsoft Identity Bounty Improvements |
|
|
| 193. |
Introducing the ElectionGuard Bounty program |
|
|
| 194. |
Announcing the Security Researcher Quarterly Leaderboard |
|
|
| 195. |
An intern's experience with Rust |
|
|
| 196. |
October 2019 security updates are available! |
|
|
| 197. |
Designing a COM library for Rust |
|
|
| 198. |
Building the Azure IoT Edge Security Daemon in Rust |
|
|
| 199. |
MSRC is going to ROOTCON! |
|
|
| 200. |
Meet the BlueHat Content Advisory Board |
|
|
| 201. |
Calling all breakers & builders: BlueHat Seattle registration is open! |
|
|
| 202. |
Attacking the VM Worker Process |
|
|
| 203. |
September 2019 Security Updates |
|
|
| 204. |
Acquiring a VHD to Investigate |
|
|
| 205. |
BlueHat Seattle 2019 Call for Papers is Now Open! |
|
|
| 206. |
Scalable infrastructure for investigations and incident response |
|
|
| 207. |
Announcing the Microsoft Edge Insider Bounty |
|
|
| 208. |
Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) |
|
|
| 209. |
August 2019 Security Updates |
|
|
| 210. |
Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP) |
|
|
| 211. |
Announcing 2019 MSRC Most Valuable Security Researchers |
|
|
| 212. |
Corporate IoT - a path to intrusion |
|
|
| 213. |
Azure Security Lab: a new space for Azure research and collaboration |
|
|
| 214. |
Recognizing Security Researchers in 2019 |
|
|
| 215. |
Meet the MSRC at Black Hat 2019 |
|
|
| 216. |
It’s Official – The Way We Recognize Our Security Researchers |
|
|
| 217. |
Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP) |
|
|
| 218. |
Why Rust for safe systems programming |
|
|
| 219. |
We need a safer systems programming language |
|
|
| 220. |
Announcing the Microsoft Dynamics 365 Bounty program |
|
|
| 221. |
A proactive approach to more secure code |
|
|
| 222. |
July 2019 Security Update Release |
|
|
| 223. |
Inside the MSRC – Building your own security incident response process |
|
|
| 224. |
Inside the MSRC – Anatomy of a SSIRP incident |
|
|
| 225. |
Inside the MSRC – Customer-centric incident response |
|
|
| 226. |
Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149) |
|
|
| 227. |
June 2019 security update release |
|
|
| 228. |
BlueHat Shanghai 2019: Amplifying the power of defensive partnerships around the world |
|
|
| 229. |
A Reminder to Update Your Systems to Prevent a Worm |
|
|
| 230. |
Microsoft Launches a New Recognition Program for MAPP Partners |
|
|
| 231. |
Time travel debugging: It’s a blast! (from the past) |
|
|
| 232. |
Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) |
|
|
| 233. |
May 2019 Security Update Release |
|
|
| 234. |
April 2019 Security Update Release |
|
|
| 235. |
Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards |
|
|
| 236. |
Vulnerability hunting with Semmle QL, part 2 |
|
|
| 237. |
Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec! |
|
|
| 238. |
Local privilege escalation via the Windows I/O Manager: a variant finding collaboration |
|
|
| 239. |
Call for Papers | Microsoft BlueHat Shanghai 2019 |
|
|
| 240. |
Practical advice for earning higher Microsoft bounty awards |
|
|
| 241. |
March 2019 Security Update Release |
|
|
| 242. |
BlueHat Shanghai 2019 Call for Papers is Now Open! |
|
|
| 243. |
February 2019 Security Update Release |
|
|
| 244. |
Fuzzing para-virtualized devices in Hyper-V |
|
|
| 245. |
Microsoft’s Cyber Defense Operations Center shares best practices |
|
|
| 246. |
Announcing the Microsoft Azure DevOps Bounty program |
|
|
| 247. |
January 2019 Security Update Release |
|
|
| 248. |
December 2018 Security Update Release |
|
|
| 249. |
December 2018 Security Update Release |
|
|
| 250. |
First Steps in Hyper-V Research |
|
|
| 251. |
November 2018 Security Update Release |
|
|
| 252. |
Should You Send Your Pen Test Report to the MSRC? |
|
|
| 253. |
BlueHat v18 Content Now Available |
|
|
| 254. |
October 2018 Security Update Release |
|
|
| 255. |
Standing behind “MSRC Listens” |
|
|
| 256. |
Behind BlueHat: The Art |
|
|
| 257. |
September 2018 Security Update Release |
|
|
| 258. |
Microsoft Security Servicing Criteria for Windows |
|
|
| 259. |
Inside MSRC: Sharing Our Story & Customer Tips |
|
|
| 260. |
Vulnerability hunting with Semmle QL, part 1 |
|
|
| 261. |
August 2018 Security Update Release |
|
|
| 262. |
Analysis and mitigation of L1 Terminal Fault (L1TF) |
|
|
| 263. |
Microsoft’s Top 100 Security Researchers – Black Hat 2018 Edition |
|
|
| 264. |
Announcing the BlueHat v18 Schedule |
|
|
| 265. |
The Making of the Top 100 Researcher List |
|
|
| 266. |
Recognizing Q4 Top 5 Bounty Hunters |
|
|
| 267. |
Microsoft launches Identity Bounty program |
|
|
| 268. |
July 2018 Security Update Release |
|
|
| 269. |
Announcing Changes to Microsoft’s Mitigation Bypass Bounty |
|
|
| 270. |
June 2018 Security Update Release |
|
|
| 271. |
Draft of Microsoft Security Servicing Commitments for Windows |
|
|
| 272. |
Analysis and mitigation of speculative store bypass (CVE-2018-3639) |
|
|
| 273. |
May 2018 security update release |
|
|
| 274. |
BlueHat v18 Announced & Call for Papers Opens |
|
|
| 275. |
Hyper-V Debugging Symbols Are Publicly Available |
|
|
| 276. |
Recognizing Q3 Top 5 Bounty Hunters |
|
|
| 277. |
April 2018 security update release |
|
|
| 278. |
Triaging a DLL planting vulnerability |
|
|
| 279. |
KVA Shadow: Mitigating Meltdown on Windows |
|
|
| 280. |
Speculative Execution Bounty Launch |
|
|
| 281. |
Mitigating speculative execution side channel hardware vulnerabilities |
|
|
| 282. |
March 2018 security update release |
|
|
| 283. |
Inside the MSRC– The Monthly Security Update Releases |
|
|
| 284. |
February 2018 security update release |
|
|
| 285. |
Inside the MSRC – How we recognize our researchers |
|
|
| 286. |
January 2018 security update release |
|
|
| 287. |
December 2017 security update release |
|
|
| 288. |
Clarifying the behavior of mandatory ASLR |
|
|
| 289. |
November 2017 security update release |
|
|
| 290. |
October 2017 security update release |
|
|
| 291. |
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues |
|
|
| 292. |
Extending the Microsoft Office Bounty Program |
|
|
| 293. |
September 2017 security update release |
|
|
| 294. |
Announcing the BlueHat v17 Schedule |
|
|
| 295. |
Moving Beyond EMET II – Windows Defender Exploit Guard |
|
|
| 296. |
August 2017 security update release |
|
|
| 297. |
The MSRC 2017 list of “Top 100” security researchers |
|
|
| 298. |
Announcing the Windows Bounty Program |
|
|
| 299. |
EnglishmansDentist Exploit Analysis |
|
|
| 300. |
Eternal Synergy Exploit Analysis |
|
|
| 301. |
July 2017 security update release |
|
|
| 302. |
Eternal Champion Exploit Analysis |
|
|
| 303. |
Update on Petya malware attacks |
|
|
| 304. |
Extending the Microsoft Edge Bounty Program |
|
|
| 305. |
Tales from the MSRC: from pixels to POC |
|
|
| 306. |
June 2017 security update release |
|
|
| 307. |
BlueHat v17 Call for Papers Opens |
|
|
| 308. |
Extending Microsoft Edge Bounty Program |
|
|
| 309. |
Customer Guidance for WannaCrypt attacks |
|
|
| 310. |
May 2017 security update release |
|
|
| 311. |
Coming together to address Encapsulated PostScript (EPS) attacks |
|
|
| 312. |
Taking your feedback on the Security Update Guide |
|
|
| 313. |
Bountycraft at Nullcon 2017 |
|
|
| 314. |
Protecting customers and evaluating risk |
|
|
| 315. |
April 2017 security update release |
|
|
| 316. |
Microsoft BlueHat v17 Dates Announced - Update 4/3/2017 |
|
|
| 317. |
Announcing the new Bug Bounty Program for Office Insider Builds on Windows |
|
|
| 318. |
March 2017 security update release |
|
|
| 319. |
Office 365 security researchers: Double your bounties March-May 2017 |
|
|
| 320. |
SHA-1 Collisions Research |
|
|
| 321. |
Adobe Flash Player security vulnerability release |
|
|
| 322. |
February 2017 security update release |
|
|
| 323. |
EMET 5.52 update is now available |
|
|
| 324. |
January 2017 security update release |
|
|
| 325. |
December 2016 security update release |
|
|
| 326. |
November 2016 security update release |
|
|
| 327. |
Furthering our commitment to security updates |
|
|
| 328. |
Moving Beyond EMET |
|
|
| 329. |
BlueHat v16 Keynote announced |
|
|
| 330. |
October 2016 security update release |
|
|
| 331. |
Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms |
|
|
| 332. |
Security Engineering Evolution in Office 2016 for Mac |
|
|
| 333. |
BlueHat IL 2017 Announced |
|
|
| 334. |
September 2016 security update release |
|
|
| 335. |
BlueHat v16 Schedule Announced |
|
|
| 336. |
Announcing a Microsoft .NET Core and ASP.NET Core Bug Bounty |
|
|
| 337. |
August 2016 security update release |
|
|
| 338. |
Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty |
|
|
| 339. |
July 2016 security update release |
|
|
| 340. |
June 2016 security update release |
|
|
| 341. |
Microsoft Bounty Program expansion - .NET Core and ASP.NET RC2 Beta Bounty |
|
|
| 342. |
BlueHat v16 Announced |
|
|
| 343. |
May 2016 security update release |
|
|
| 344. |
Changes to Security Update Links |
|
|
| 345. |
Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty |
|
|
| 346. |
April 2016 Security Update Release |
|
|
| 347. |
Microsoft Bounty Programs Announce Expansion - Bounty for Microsoft OneDrive |
|
|
| 348. |
March 2016 Security Update Release |
|
|
| 349. |
February 2016 Security Update Release Summary |
|
|
| 350. |
Enhanced Mitigation Experience Toolkit (EMET) version 5.5 is now available |
|
|
| 351. |
Triaging the exploitability of IE/EDGE crashes |
|
|
| 352. |
January 2016 Security Update Release Summary |
|
|
| 353. |
December 2015 Security Update Release Summary |
|
|
| 354. |
BlueHat v15 Announces Schedule and Registration |
|
|
| 355. |
November 2015 Security Update Release Summary |
|
|
| 356. |
Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty |
|
|
| 357. |
EMET: To be, or not to be, A Server-Based Protection Mechanism |
|
|
| 358. |
Enhanced Mitigation Experience Toolkit (EMET) version 5.5 Beta is now available |
|
|
| 359. |
Announcing BlueHat v15 Conference |
|
|
| 360. |
October 2015 Security Update Release Summary |
|
|
| 361. |
What makes a good Microsoft Defense Bounty submission? |
|
|
| 362. |
September 2015 Security Update Release Summary |
|
|
| 363. |
Security Update Solution Further Protects Customer Devices |
|
|
| 364. |
Defending against CVE-2015-1769: a logical issue exploited via a malicious USB stick |
|
|
| 365. |
August 2015 Security Update Release Summary |
|
|
| 366. |
Microsoft Bounty Programs Expansion - Bounty for Defense, Authentication Bonus, and RemoteApp |
|
|
| 367. |
Out-of-band release for Security Bulletin MS15-078 |
|
|
| 368. |
July 2015 Security Updates |
|
|
| 369. |
Advances in Scripting Security and Protection in Windows 10 and PowerShell V5 |
|
|
| 370. |
June 2015 Updates |
|
|
| 371. |
May 2015 Updates |
|
|
| 372. |
Microsoft Bounty Programs Expansion – Azure and Project Spartan |
|
|
| 373. |
April 2015 Updates |
|
|
| 374. |
EMET 5.2 is available (update) |
|
|
| 375. |
March 2015 Updates |
|
|
| 376. |
Security Advisory 3046015 released |
|
|
| 377. |
MS15-011 & MS15-014: Hardening Group Policy |
|
|
| 378. |
February 2015 Updates |
|
|
| 379. |
January 2015 Updates |
|
|
| 380. |
A Call for Better Coordinated Vulnerability Disclosure |
|
|
| 381. |
Evolving Microsoft's Advance Notification Service in 2015 |
|
|
| 382. |
December 2014 Updates |
|
|
| 383. |
Advance Notification Service for the December 2014 Security Bulletin Release |
|
|
| 384. |
Security Bulletin MS14-068 released |
|
|
| 385. |
Out-of-band release for Security Bulletin MS14-068 |
|
|
| 386. |
Additional information about CVE-2014-6324 |
|
|
| 387. |
November 2014 Updates |
|
|
| 388. |
MS14-072: .NET Remoting Elevation of Privilege Vulnerability |
|
|
| 389. |
Assessing Risk for the November 2014 Security Updates |
|
|
| 390. |
EMET 5.1 is available |
|
|
| 391. |
Advance Notification Service for the November 2014 Security Bulletin Release |
|
|
| 392. |
Security Advisory 3009008 updated |
|
|
| 393. |
Security Advisory 3010060 released |
|
|
| 394. |
October 2014 Updates |
|
|
| 395. |
More Details About CVE-2014-4073 Elevation of Privilege Vulnerability |
|
|
| 396. |
Assessing Risk for the October 2014 Security Updates |
|
|
| 397. |
Advance Notification Service for the October 2014 Security Bulletin Release |
|
|
| 398. |
BlueHat v14 is almost here |
|
|
| 399. |
Bug Bounty Evolution: Online Services |
|
|
| 400. |
September 2014 Security Bulletin Release Webcast and Q&A |
|
|
| 401. |
The September 2014 Security Updates |
|
|
| 402. |
Assessing risk for the September 2014 security updates |
|
|
| 403. |
Advance Notification Service for the September 2014 Security Bulletin Release |
|
|
| 404. |
Security Bulletin MS14-045 rereleased |
|
|
| 405. |
August 2014 Security Bulletin Webcast and Q&A |
|
|
| 406. |
August 2014 Security Updates |
|
|
| 407. |
Assessing risk for the August 2014 security updates |
|
|
| 408. |
Advance Notification Service for the August 2014 Security Bulletin Release |
|
|
| 409. |
General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0 |
|
|
| 410. |
Announcing EMET 5.0 |
|
|
| 411. |
July 2014 Security Bulletin Webcast and Q&A |
|
|
| 412. |
Security Advisory 2982792 released, Certificate Trust List updated |
|
|
| 413. |
July 2014 Security Bulletin Release |
|
|
| 414. |
Assessing risk for the July 2014 security updates |
|
|
| 415. |
Advance Notification Service for the July 2014 Security Bulletin Release |
|
|
| 416. |
Driving a Collectively Stronger Security Community with Microsoft Interflow |
|
|
| 417. |
Microsoft releases Security Advisory 2974294 |
|
|
| 418. |
June 2014 Security Bulletin Webcast and Q&A |
|
|
| 419. |
Theoretical Thinking and the June 2014 Bulletin Release |
|
|
| 420. |
Assessing risk for the June 2014 security updates |
|
|
| 421. |
An Overview of KB2871997 |
|
|
| 422. |
Advance Notification Service for the June 2014 Security Bulletin Release |
|
|
| 423. |
Meet myBulletins: an online security bulletin customization service |
|
|
| 424. |
May 2014 Security Bulletin Webcast and Q&A |
|
|
| 425. |
The May 2014 Security Updates |
|
|
| 426. |
MS14-025: An Update for Group Policy Preferences |
|
|
| 427. |
Load Library Safely |
|
|
| 428. |
Assessing risk for the May 2014 security updates |
|
|
| 429. |
Advance Notification Service for the May 2014 Security Bulletin Release |
|
|
| 430. |
Security Update Released to Address Recent Internet Explorer Vulnerability |
|
|
| 431. |
Out-of-Band Release to Address Microsoft Security Advisory 2963983 |
|
|
| 432. |
Protection strategies for the Security Advisory 2963983 IE 0day |
|
|
| 433. |
Continuing with Our Community Driven, Customer Focused Approach for EMET |
|
|
| 434. |
More Details about Security Advisory 2963983 IE 0day |
|
|
| 435. |
Microsoft releases Security Advisory 2963983 |
|
|
| 436. |
April 2014 Security Bulletin Webcast and Q&A |
|
|
| 437. |
MS14-019 – Fixing a binary hijacking via .cmd or .bat file |
|
|
| 438. |
Assessing risk for the April 2014 security updates |
|
|
| 439. |
The April 2014 Security Updates |
|
|
| 440. |
Advance Notification Service for the April 2014 Security Bulletin Release |
|
|
| 441. |
The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries |
|
|
| 442. |
Security Advisory 2953095: recommendation to stay protected and for detections |
|
|
| 443. |
Microsoft Releases Security Advisory 2953095 |
|
|
| 444. |
March 2014 Security Bulletin Webcast and Q&A |
|
|
| 445. |
When ASLR makes the difference |
|
|
| 446. |
The March 2014 Security Updates |
|
|
| 447. |
Assessing risk for the March 2014 security updates |
|
|
| 448. |
Advance Notification Service for the March 2014 Security Bulletin Release |
|
|
| 449. |
Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview |
|
|
| 450. |
Announcing EMET 5.0 Technical Preview |
|
|
| 451. |
Microsoft Releases Security Advisory 2934088 |
|
|
| 452. |
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322 |
|
|
| 453. |
February 2014 Security Bulletin Webcast and Q&A |
|
|
| 454. |
Assessing risk for the February 2014 security updates |
|
|
| 455. |
Safer Internet Day 2014 and Our February 2014 Security Updates |
|
|
| 456. |
Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release |
|
|
| 457. |
Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A |
|
|
| 458. |
Assessing risk for the January 2014 security updates |
|
|
| 459. |
A Look Into the Future and the January 2014 Bulletin Release |
|
|
| 460. |
Advance Notification Service for the January 2014 Security Bulletin Release |
|
|
| 461. |
Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck |
|
|
| 462. |
Software defense: mitigating common exploitation techniques |
|
|
| 463. |
Omphaloskepsis and the December 2013 Security Update Release |
|
|
| 464. |
MS13-098: Update to enhance the security of Authenticode |
|
|
| 465. |
Assessing risk for the December 2013 security updates |
|
|
| 466. |
Security Advisory 2916652 released, Certificate Trust List updated |
|
|
| 467. |
MS13-106: Farewell to another ASLR bypass |
|
|
| 468. |
BlueHat v13 is Coming |
|
|
| 469. |
Advance Notification Service for December 2013 Security Bulletin Release |
|
|
| 470. |
Microsoft Releases Security Advisory 2914486 |
|
|
| 471. |
Security and policy surrounding bring your own devices (BYOD) |
|
|
| 472. |
MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck |
|
|
| 473. |
Technical details of the targeted attack using IE vulnerability CVE-2013-3918 |
|
|
| 474. |
Security Advisory 2880823: Recommendation to discontinue use of SHA-1 |
|
|
| 475. |
Security Advisory 2868725: Recommendation to disable RC4 |
|
|
| 476. |
Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1 |
|
|
| 477. |
Authenticity and the November 2013 Security Updates |
|
|
| 478. |
Assessing risk for the November 2013 security updates |
|
|
| 479. |
ActiveX Control issue being addressed in Update Tuesday |
|
|
| 480. |
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release |
|
|
| 481. |
Software defense: safe unlinking and reference count hardening |
|
|
| 482. |
Microsoft Releases Security Advisory 2896666 |
|
|
| 483. |
CVE-2013-3906: a graphics vulnerability exploited through Word documents |
|
|
| 484. |
Bounty Evolution: $100,000 for New Mitigation Bypass Techniques Wanted Dead or Alive |
|
|
| 485. |
Software Defense: mitigating heap corruption vulnerabilities |
|
|
| 486. |
Introduction: Chris Betz, new head of MSRC |
|
|
| 487. |
10 years of Update Tuesdays |
|
|
| 488. |
October 2013 Security Bulletin Webcast, Q&A, and Slide Deck |
|
|
| 489. |
MS13-080 addresses two vulnerabilities under limited, targeted attacks |
|
|
| 490. |
Congratulations to James Forshaw Recipient of Our First $100,000 Bounty for New Mitigation Bypass Techniques! |
|
|
| 491. |
Assessing risk for the October 2013 security updates |
|
|
| 492. |
The October 2013 security updates |
|
|
| 493. |
An update on the bounty programs |
|
|
| 494. |
Bounty News Update: Bountiful Harvest |
|
|
| 495. |
Advance Notification Service for October 2013 Security Bulletin Release |
|
|
| 496. |
Software Defense: mitigating stack corruption vulnerabilties |
|
|
| 497. |
Software Defense Series: Exploit mitigation and vulnerability detection |
|
|
| 498. |
Microsoft Releases Security Advisory 2887505 |
|
|
| 499. |
CVE-2013-3893: Fix it workaround available |
|
|
| 500. |
September 2013 Security Bulletin Webcast, Q&A, and Slide Deck |
|
|
