1. |
Congratulations to the Top MSRC 2024 Q1 Security Researchers! |
|
|
2. |
Toward greater transparency: Adopting the CWE standard for Microsoft CVEs |
|
|
3. |
Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team |
|
|
4. |
Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard |
|
|
5. |
Faye’s Journey: From Security PM to Diversity Advocate at Microsoft |
|
|
6. |
Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and an expanded scope |
|
|
7. |
From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin |
|
|
8. |
An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career at Microsoft |
|
|
9. |
New Security Advisory Tab Added to the Microsoft Security Update Guide |
|
|
10. |
Congratulations to the Top MSRC 2023 Q4 Security Researchers! |
|
|
11. |
Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard |
|
|
12. |
BlueHat India Call for Papers is Now Open! |
|
|
13. |
Microsoft addresses App Installer abuse |
|
|
14. |
Azure Serial Console Attack and Defense - Part 2 |
|
|
15. |
Introducing the Microsoft Defender Bounty Program |
|
|
16. |
Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded |
|
|
17. |
Reflecting on 20 years of Patch Tuesday |
|
|
18. |
Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI |
|
|
19. |
Congratulations to the Top MSRC 2023 Q3 Security Researchers! |
|
|
20. |
Introducing the Microsoft AI Bug Bounty Program featuring the AI-powered Bing experience |
|
|
21. |
Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2 |
|
|
22. |
Cybersecurity Awareness Month 2023: Elevating Security Together |
|
|
23. |
Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217 |
|
|
24. |
Journey Down Under: How Rocco Became Australia’s Premier Hacker |
|
|
25. |
Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token |
|
|
26. |
Results of Major Technical Investigations for Storm-0558 Key Acquisition |
|
|
27. |
Azure Serial Console Attack and Defense - Part 1 |
|
|
28. |
Updating our Vulnerability Severity Classification for AI Systems |
|
|
29. |
Congratulations to the MSRC 2023 Most Valuable Security Researchers! |
|
|
30. |
Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards |
|
|
31. |
Microsoft mitigates Power Platform Custom Code information disclosure vulnerability |
|
|
32. |
BlueHat October 2023 Call for Papers is Now Open! |
|
|
33. |
Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form |
|
|
34. |
From Bounty Leaderboards to Microsoft Security Researcher, Meet Cameron Vincent! |
|
|
35. |
What to expect when reporting vulnerabilities to Microsoft |
|
|
36. |
Congratulations to the Top MSRC 2023 Q2 Security Researchers! |
|
|
37. |
Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email |
|
|
38. |
Breaking Barriers: Aditi’s Journey Through Sight Loss to Microsoft AI Innovator |
|
|
39. |
Potential Risk of Privilege Escalation in Azure AD Applications |
|
|
40. |
Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks |
|
|
41. |
Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry |
|
|
42. |
Hey Yara, find some vulnerabilities |
|
|
43. |
Announcing The BlueHat Podcast: Listen and Subscribe Now! |
|
|
44. |
Guidance related to Secure Boot Manager changes associated with CVE-2023-24932 |
|
|
45. |
Microsoft Vulnerability Severity Classification for Online Services Publication |
|
|
46. |
Congratulations to the Top MSRC 2023 Q1 Security Researchers! |
|
|
47. |
Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access |
|
|
48. |
Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD |
|
|
49. |
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability |
|
|
50. |
Configuring host-level audit logging for AKS VMSS |
|
|
51. |
Azure Kubernetes Service (AKS) Threat Hunting |
|
|
52. |
First steps in CHERIoT Security Research |
|
|
53. |
New MSRC Blog Site |
|
|
54. |
BlueHat 2023: Connecting the security research community with Microsoft |
|
|
55. |
Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process |
|
|
56. |
Congratulations to the Top MSRC 2022 Q4 Security Researchers! |
|
|
57. |
Microsoft resolves four SSRF vulnerabilities in Azure cloud services |
|
|
58. |
Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API |
|
|
59. |
Security Update Guide Improvement – Representing Hotpatch Updates |
|
|
60. |
BlueHat 2023: Applications to Attend NOW OPEN! |
|
|
61. |
A Ride on the Wild Side with Hacking Heavyweight Sick Codes |
|
|
62. |
Announcing the Microsoft Machine Learning Membership Inference Competition (MICO) |
|
|
63. |
Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602) |
|
|
64. |
Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB |
|
|
65. |
Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People |
|
|
66. |
Congratulations to the Top MSRC 2022 Q3 Security Researchers! |
|
|
67. |
Investigation Regarding Misconfigured Microsoft Storage Location |
|
|
68. |
Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk |
|
|
69. |
Hunting for Cobalt Strike: Mining and plotting for fun and profit |
|
|
70. |
BlueHat 2023 Call for Papers is Now Open! |
|
|
71. |
Improvements in Security Update Notifications Delivery - And a New Delivery Method |
|
|
72. |
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server |
|
|
73. |
Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance |
|
|
74. |
Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez |
|
|
75. |
What’s the smallest variety of CHERI? |
|
|
76. |
Vulnerability Fixed in Azure Synapse Spark |
|
|
77. |
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards |
|
|
78. |
Security Update Guide Notification System News: Create your profile now |
|
|
79. |
Microsoft Office to publish symbols starting August 2022 |
|
|
80. |
Congratulations to the MSRC 2022 Most Valuable Researchers! |
|
|
81. |
Anatomy of a Cloud-Service Security Update |
|
|
82. |
Congratulations to the Top MSRC 2022 Q2 Security Researchers! |
|
|
83. |
Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability |
|
|
84. |
All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity |
|
|
85. |
Microsoft Mitigates Azure Site Recovery Vulnerabilities |
|
|
86. |
Service Fabric Privilege Escalation from Containerized Workloads on Linux |
|
|
87. |
A Man of Action: Meet Callum Carney |
|
|
88. |
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability |
|
|
89. |
New Research Paper: Pre-hijacking Attacks on Web User Accounts |
|
|
90. |
Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards |
|
|
91. |
Anatomy of a Security Update |
|
|
92. |
Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) |
|
|
93. |
Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution |
|
|
94. |
Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers! |
|
|
95. |
Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs |
|
|
96. |
Randomizing the KUSER_SHARED_DATA Structure on Windows |
|
|
97. |
On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program |
|
|
98. |
Microsoft’s Response to CVE-2022-22965 Spring Framework |
|
|
99. |
Increasing Representation of Women in Security Research |
|
|
100. |
Randomizing the KUSER_SHARED_DATA Structure on Windows |
|
|
101. |
Exploring a New Class of Kernel Exploit Primitive |
|
|
102. |
Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint |
|
|
103. |
Disclosure of Vulnerability in Azure Automation Managed Identity Tokens |
|
|
104. |
Cyber threat activity in Ukraine: analysis and resources |
|
|
105. |
Researcher Spotlight: Cyber Viking Nate Warfield is Here to Help |
|
|
106. |
Expanding the Microsoft Researcher Recognition Program |
|
|
107. |
Congratulations to the Top MSRC 2021 Q4 Security Researchers! |
|
|
108. |
An Armful of CHERIs |
|
|
109. |
Coming Soon: New Security Update Guide Notification System |
|
|
110. |
Azure App Service Linux source repository exposure |
|
|
111. |
Researcher Spotlight: Dr. Nestori Syynimaa’s Constant Mission Protecting Identities |
|
|
112. |
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 |
|
|
113. |
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs |
|
|
114. |
BlueHat is Back! |
|
|
115. |
We’re Excited to Announce the Launch of Comms Hub! |
|
|
116. |
New High Impact Scenarios and Awards for the Azure Bounty Program |
|
|
117. |
Congratulations to the Top MSRC 2021 Q3 Security Researchers! |
|
|
118. |
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program |
|
|
119. |
Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions |
|
|
120. |
Coordinated disclosure of vulnerability in Azure Container Instances Service |
|
|
121. |
Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature |
|
|
122. |
Announcing the Launch of the Azure SSRF Security Research Challenge |
|
|
123. |
Point and Print Default Behavior Change |
|
|
124. |
Congratulations to the MSRC 2021 Most Valuable Security Researchers! |
|
|
125. |
Introducing Bounty Awards for Teams Mobile Applications Security Research |
|
|
126. |
Announcing the Top MSRC 2021 Q2 Security Researchers - Congratulations! |
|
|
127. |
Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards |
|
|
128. |
Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability |
|
|
129. |
Out-of-Band (OOB) Security Update available for CVE-2021-34527 |
|
|
130. |
New Nobelium activity |
|
|
131. |
Investigating and Mitigating Malicious Drivers |
|
|
132. |
“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks |
|
|
133. |
Congratulating Our Top MSRC 2021 Q1 Security Researchers! |
|
|
134. |
April 2021 Update Tuesday packages now available |
|
|
135. |
Introducing Bounty Awards for Teams Desktop Client Security Research |
|
|
136. |
Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities |
|
|
137. |
One-Click Microsoft Exchange On-Premises Mitigation Tool - March 2021 |
|
|
138. |
Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021 |
|
|
139. |
A new experience for reporting copyright or trademark infringement on Microsoft Services |
|
|
140. |
On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021 |
|
|
141. |
Microsoft Internal Solorigate Investigation - Final Update |
|
|
142. |
MSRC Security Researcher Recognition: 2021 |
|
|
143. |
Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 |
|
|
144. |
Continuing to Listen: Good News about the Security Update Guide API! |
|
|
145. |
New and Improved Report Abuse Portal and API! |
|
|
146. |
Top MSRC 2020 Q4 Security Researchers – Congratulations! |
|
|
147. |
Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 |
|
|
148. |
Security Update Guide Supports CVEs Assigned by Industry Partners |
|
|
149. |
Building Faster AMD64 Memset Routines |
|
|
150. |
Microsoft Internal Solorigate Investigation Update |
|
|
151. |
Nobelium Resource Center - updated March 4, 2021 |
|
|
152. |
Customer Guidance on Recent Nation-State Cyber Attacks |
|
|
153. |
Security Update Guide: Let's keep the conversation going |
|
|
154. |
Vulnerability Descriptions in the New Version of the Security Update Guide |
|
|
155. |
Attacks exploiting Netlogon vulnerability (CVE-2020-1472) |
|
|
156. |
Announcing the Top MSRC 2020 Q3 Security Researchers |
|
|
157. |
Security Analysis of CHERI ISA |
|
|
158. |
Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community |
|
|
159. |
New and improved Security Update Guide! |
|
|
160. |
Control Flow Guard for Clang/LLVM and Rust |
|
|
161. |
Congratulations to the MSRC’s 2020 Most Valuable Security Researchers |
|
|
162. |
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards |
|
|
163. |
Microsoft Joins Open Source Security Foundation |
|
|
164. |
Black Hat 2020: See you in the Cloud! |
|
|
165. |
Updates to the Windows Insider Preview Bounty Program |
|
|
166. |
Top MSRC 2020 Q2 Security Researchers Announced – Congratulations! |
|
|
167. |
July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server |
|
|
168. |
Solving Uninitialized Kernel Pool Memory on Windows |
|
|
169. |
Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack |
|
|
170. |
Solving Uninitialized Stack Memory on Windows |
|
|
171. |
Azure Sphere Security Research Challenge Now Open |
|
|
172. |
The Safety Boat: Kubernetes and Rust |
|
|
173. |
Congratulating Our Top 2020 Q1 Security Researchers! |
|
|
174. |
March 2020 security updates are available |
|
|
175. |
Calling for security research in Azure Sphere, now generally available |
|
|
176. |
February 2020 security updates are available |
|
|
177. |
Recognizing Security Researchers in 2020 |
|
|
178. |
Announcing the Xbox Bounty program |
|
|
179. |
Access Misconfiguration for Customer Support Database |
|
|
180. |
Announcing MSRC 2019 Q4 Security Researcher Leaderboard |
|
|
181. |
January 2020 Security Updates: CVE-2020-0601 |
|
|
182. |
January 2020 security updates are available! |
|
|
183. |
Announcing the Microsoft Identity Research Project Grant |
|
|
184. |
December 2019 security updates are available |
|
|
185. |
Customer Guidance for the Dopplepaymer Ransomware |
|
|
186. |
BlueHat Seattle videos are online! |
|
|
187. |
November 2019 security updates are available! |
|
|
188. |
Using Rust in Windows |
|
|
189. |
Vulnerability hunting with Semmle QL: DOM XSS |
|
|
190. |
Time for day 2 of briefings at BlueHat Seattle! |
|
|
191. |
Welcome to the second stage of BlueHat! |
|
|
192. |
Microsoft Identity Bounty Improvements |
|
|
193. |
Introducing the ElectionGuard Bounty program |
|
|
194. |
Announcing the Security Researcher Quarterly Leaderboard |
|
|
195. |
An intern's experience with Rust |
|
|
196. |
October 2019 security updates are available! |
|
|
197. |
Designing a COM library for Rust |
|
|
198. |
Building the Azure IoT Edge Security Daemon in Rust |
|
|
199. |
MSRC is going to ROOTCON! |
|
|
200. |
Meet the BlueHat Content Advisory Board |
|
|
201. |
Calling all breakers & builders: BlueHat Seattle registration is open! |
|
|
202. |
Attacking the VM Worker Process |
|
|
203. |
September 2019 Security Updates |
|
|
204. |
Acquiring a VHD to Investigate |
|
|
205. |
BlueHat Seattle 2019 Call for Papers is Now Open! |
|
|
206. |
Scalable infrastructure for investigations and incident response |
|
|
207. |
Announcing the Microsoft Edge Insider Bounty |
|
|
208. |
Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) |
|
|
209. |
August 2019 Security Updates |
|
|
210. |
Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP) |
|
|
211. |
Announcing 2019 MSRC Most Valuable Security Researchers |
|
|
212. |
Corporate IoT - a path to intrusion |
|
|
213. |
Azure Security Lab: a new space for Azure research and collaboration |
|
|
214. |
Recognizing Security Researchers in 2019 |
|
|
215. |
Meet the MSRC at Black Hat 2019 |
|
|
216. |
It’s Official – The Way We Recognize Our Security Researchers |
|
|
217. |
Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP) |
|
|
218. |
Why Rust for safe systems programming |
|
|
219. |
We need a safer systems programming language |
|
|
220. |
Announcing the Microsoft Dynamics 365 Bounty program |
|
|
221. |
A proactive approach to more secure code |
|
|
222. |
July 2019 Security Update Release |
|
|
223. |
Inside the MSRC – Building your own security incident response process |
|
|
224. |
Inside the MSRC – Anatomy of a SSIRP incident |
|
|
225. |
Inside the MSRC – Customer-centric incident response |
|
|
226. |
Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149) |
|
|
227. |
June 2019 security update release |
|
|
228. |
BlueHat Shanghai 2019: Amplifying the power of defensive partnerships around the world |
|
|
229. |
A Reminder to Update Your Systems to Prevent a Worm |
|
|
230. |
Microsoft Launches a New Recognition Program for MAPP Partners |
|
|
231. |
Time travel debugging: It’s a blast! (from the past) |
|
|
232. |
Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) |
|
|
233. |
May 2019 Security Update Release |
|
|
234. |
April 2019 Security Update Release |
|
|
235. |
Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards |
|
|
236. |
Vulnerability hunting with Semmle QL, part 2 |
|
|
237. |
Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec! |
|
|
238. |
Local privilege escalation via the Windows I/O Manager: a variant finding collaboration |
|
|
239. |
Call for Papers | Microsoft BlueHat Shanghai 2019 |
|
|
240. |
Practical advice for earning higher Microsoft bounty awards |
|
|
241. |
March 2019 Security Update Release |
|
|
242. |
BlueHat Shanghai 2019 Call for Papers is Now Open! |
|
|
243. |
February 2019 Security Update Release |
|
|
244. |
Fuzzing para-virtualized devices in Hyper-V |
|
|
245. |
Microsoft’s Cyber Defense Operations Center shares best practices |
|
|
246. |
Announcing the Microsoft Azure DevOps Bounty program |
|
|
247. |
January 2019 Security Update Release |
|
|
248. |
December 2018 Security Update Release |
|
|
249. |
December 2018 Security Update Release |
|
|
250. |
First Steps in Hyper-V Research |
|
|
251. |
November 2018 Security Update Release |
|
|
252. |
Should You Send Your Pen Test Report to the MSRC? |
|
|
253. |
BlueHat v18 Content Now Available |
|
|
254. |
October 2018 Security Update Release |
|
|
255. |
Standing behind “MSRC Listens” |
|
|
256. |
Behind BlueHat: The Art |
|
|
257. |
September 2018 Security Update Release |
|
|
258. |
Microsoft Security Servicing Criteria for Windows |
|
|
259. |
Inside MSRC: Sharing Our Story & Customer Tips |
|
|
260. |
Vulnerability hunting with Semmle QL, part 1 |
|
|
261. |
August 2018 Security Update Release |
|
|
262. |
Analysis and mitigation of L1 Terminal Fault (L1TF) |
|
|
263. |
Microsoft’s Top 100 Security Researchers – Black Hat 2018 Edition |
|
|
264. |
Announcing the BlueHat v18 Schedule |
|
|
265. |
The Making of the Top 100 Researcher List |
|
|
266. |
Recognizing Q4 Top 5 Bounty Hunters |
|
|
267. |
Microsoft launches Identity Bounty program |
|
|
268. |
July 2018 Security Update Release |
|
|
269. |
Announcing Changes to Microsoft’s Mitigation Bypass Bounty |
|
|
270. |
June 2018 Security Update Release |
|
|
271. |
Draft of Microsoft Security Servicing Commitments for Windows |
|
|
272. |
Analysis and mitigation of speculative store bypass (CVE-2018-3639) |
|
|
273. |
May 2018 security update release |
|
|
274. |
BlueHat v18 Announced & Call for Papers Opens |
|
|
275. |
Hyper-V Debugging Symbols Are Publicly Available |
|
|
276. |
Recognizing Q3 Top 5 Bounty Hunters |
|
|
277. |
April 2018 security update release |
|
|
278. |
Triaging a DLL planting vulnerability |
|
|
279. |
KVA Shadow: Mitigating Meltdown on Windows |
|
|
280. |
Speculative Execution Bounty Launch |
|
|
281. |
Mitigating speculative execution side channel hardware vulnerabilities |
|
|
282. |
March 2018 security update release |
|
|
283. |
Inside the MSRC– The Monthly Security Update Releases |
|
|
284. |
February 2018 security update release |
|
|
285. |
Inside the MSRC – How we recognize our researchers |
|
|
286. |
January 2018 security update release |
|
|
287. |
December 2017 security update release |
|
|
288. |
Clarifying the behavior of mandatory ASLR |
|
|
289. |
November 2017 security update release |
|
|
290. |
October 2017 security update release |
|
|
291. |
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues |
|
|
292. |
Extending the Microsoft Office Bounty Program |
|
|
293. |
September 2017 security update release |
|
|
294. |
Announcing the BlueHat v17 Schedule |
|
|
295. |
Moving Beyond EMET II – Windows Defender Exploit Guard |
|
|
296. |
August 2017 security update release |
|
|
297. |
The MSRC 2017 list of “Top 100” security researchers |
|
|
298. |
Announcing the Windows Bounty Program |
|
|
299. |
EnglishmansDentist Exploit Analysis |
|
|
300. |
Eternal Synergy Exploit Analysis |
|
|
301. |
July 2017 security update release |
|
|
302. |
Eternal Champion Exploit Analysis |
|
|
303. |
Update on Petya malware attacks |
|
|
304. |
Extending the Microsoft Edge Bounty Program |
|
|
305. |
Tales from the MSRC: from pixels to POC |
|
|
306. |
June 2017 security update release |
|
|
307. |
BlueHat v17 Call for Papers Opens |
|
|
308. |
Extending Microsoft Edge Bounty Program |
|
|
309. |
Customer Guidance for WannaCrypt attacks |
|
|
310. |
May 2017 security update release |
|
|
311. |
Coming together to address Encapsulated PostScript (EPS) attacks |
|
|
312. |
Taking your feedback on the Security Update Guide |
|
|
313. |
Bountycraft at Nullcon 2017 |
|
|
314. |
Protecting customers and evaluating risk |
|
|
315. |
April 2017 security update release |
|
|
316. |
Microsoft BlueHat v17 Dates Announced - Update 4/3/2017 |
|
|
317. |
Announcing the new Bug Bounty Program for Office Insider Builds on Windows |
|
|
318. |
March 2017 security update release |
|
|
319. |
Office 365 security researchers: Double your bounties March-May 2017 |
|
|
320. |
SHA-1 Collisions Research |
|
|
321. |
Adobe Flash Player security vulnerability release |
|
|
322. |
February 2017 security update release |
|
|
323. |
EMET 5.52 update is now available |
|
|
324. |
January 2017 security update release |
|
|
325. |
December 2016 security update release |
|
|
326. |
November 2016 security update release |
|
|
327. |
Furthering our commitment to security updates |
|
|
328. |
Moving Beyond EMET |
|
|
329. |
BlueHat v16 Keynote announced |
|
|
330. |
October 2016 security update release |
|
|
331. |
Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms |
|
|
332. |
Security Engineering Evolution in Office 2016 for Mac |
|
|
333. |
BlueHat IL 2017 Announced |
|
|
334. |
September 2016 security update release |
|
|
335. |
BlueHat v16 Schedule Announced |
|
|
336. |
Announcing a Microsoft .NET Core and ASP.NET Core Bug Bounty |
|
|
337. |
August 2016 security update release |
|
|
338. |
Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty |
|
|
339. |
July 2016 security update release |
|
|
340. |
June 2016 security update release |
|
|
341. |
Microsoft Bounty Program expansion - .NET Core and ASP.NET RC2 Beta Bounty |
|
|
342. |
BlueHat v16 Announced |
|
|
343. |
May 2016 security update release |
|
|
344. |
Changes to Security Update Links |
|
|
345. |
Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty |
|
|
346. |
April 2016 Security Update Release |
|
|
347. |
Microsoft Bounty Programs Announce Expansion - Bounty for Microsoft OneDrive |
|
|
348. |
March 2016 Security Update Release |
|
|
349. |
February 2016 Security Update Release Summary |
|
|
350. |
Enhanced Mitigation Experience Toolkit (EMET) version 5.5 is now available |
|
|
351. |
Triaging the exploitability of IE/EDGE crashes |
|
|
352. |
January 2016 Security Update Release Summary |
|
|
353. |
December 2015 Security Update Release Summary |
|
|
354. |
BlueHat v15 Announces Schedule and Registration |
|
|
355. |
November 2015 Security Update Release Summary |
|
|
356. |
Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty |
|
|
357. |
EMET: To be, or not to be, A Server-Based Protection Mechanism |
|
|
358. |
Enhanced Mitigation Experience Toolkit (EMET) version 5.5 Beta is now available |
|
|
359. |
Announcing BlueHat v15 Conference |
|
|
360. |
October 2015 Security Update Release Summary |
|
|
361. |
What makes a good Microsoft Defense Bounty submission? |
|
|
362. |
September 2015 Security Update Release Summary |
|
|
363. |
Security Update Solution Further Protects Customer Devices |
|
|
364. |
Defending against CVE-2015-1769: a logical issue exploited via a malicious USB stick |
|
|
365. |
August 2015 Security Update Release Summary |
|
|
366. |
Microsoft Bounty Programs Expansion - Bounty for Defense, Authentication Bonus, and RemoteApp |
|
|
367. |
Out-of-band release for Security Bulletin MS15-078 |
|
|
368. |
July 2015 Security Updates |
|
|
369. |
Advances in Scripting Security and Protection in Windows 10 and PowerShell V5 |
|
|
370. |
June 2015 Updates |
|
|
371. |
May 2015 Updates |
|
|
372. |
Microsoft Bounty Programs Expansion – Azure and Project Spartan |
|
|
373. |
April 2015 Updates |
|
|
374. |
EMET 5.2 is available (update) |
|
|
375. |
March 2015 Updates |
|
|
376. |
Security Advisory 3046015 released |
|
|
377. |
MS15-011 & MS15-014: Hardening Group Policy |
|
|
378. |
February 2015 Updates |
|
|
379. |
January 2015 Updates |
|
|
380. |
A Call for Better Coordinated Vulnerability Disclosure |
|
|
381. |
Evolving Microsoft's Advance Notification Service in 2015 |
|
|
382. |
December 2014 Updates |
|
|
383. |
Advance Notification Service for the December 2014 Security Bulletin Release |
|
|
384. |
Security Bulletin MS14-068 released |
|
|
385. |
Out-of-band release for Security Bulletin MS14-068 |
|
|
386. |
Additional information about CVE-2014-6324 |
|
|
387. |
November 2014 Updates |
|
|
388. |
MS14-072: .NET Remoting Elevation of Privilege Vulnerability |
|
|
389. |
Assessing Risk for the November 2014 Security Updates |
|
|
390. |
EMET 5.1 is available |
|
|
391. |
Advance Notification Service for the November 2014 Security Bulletin Release |
|
|
392. |
Security Advisory 3009008 updated |
|
|
393. |
Security Advisory 3010060 released |
|
|
394. |
October 2014 Updates |
|
|
395. |
More Details About CVE-2014-4073 Elevation of Privilege Vulnerability |
|
|
396. |
Assessing Risk for the October 2014 Security Updates |
|
|
397. |
Advance Notification Service for the October 2014 Security Bulletin Release |
|
|
398. |
BlueHat v14 is almost here |
|
|
399. |
Bug Bounty Evolution: Online Services |
|
|
400. |
September 2014 Security Bulletin Release Webcast and Q&A |
|
|
401. |
The September 2014 Security Updates |
|
|
402. |
Assessing risk for the September 2014 security updates |
|
|
403. |
Advance Notification Service for the September 2014 Security Bulletin Release |
|
|
404. |
Security Bulletin MS14-045 rereleased |
|
|
405. |
August 2014 Security Bulletin Webcast and Q&A |
|
|
406. |
August 2014 Security Updates |
|
|
407. |
Assessing risk for the August 2014 security updates |
|
|
408. |
Advance Notification Service for the August 2014 Security Bulletin Release |
|
|
409. |
General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0 |
|
|
410. |
Announcing EMET 5.0 |
|
|
411. |
July 2014 Security Bulletin Webcast and Q&A |
|
|
412. |
Security Advisory 2982792 released, Certificate Trust List updated |
|
|
413. |
July 2014 Security Bulletin Release |
|
|
414. |
Assessing risk for the July 2014 security updates |
|
|
415. |
Advance Notification Service for the July 2014 Security Bulletin Release |
|
|
416. |
Driving a Collectively Stronger Security Community with Microsoft Interflow |
|
|
417. |
Microsoft releases Security Advisory 2974294 |
|
|
418. |
June 2014 Security Bulletin Webcast and Q&A |
|
|
419. |
Theoretical Thinking and the June 2014 Bulletin Release |
|
|
420. |
Assessing risk for the June 2014 security updates |
|
|
421. |
An Overview of KB2871997 |
|
|
422. |
Advance Notification Service for the June 2014 Security Bulletin Release |
|
|
423. |
Meet myBulletins: an online security bulletin customization service |
|
|
424. |
May 2014 Security Bulletin Webcast and Q&A |
|
|
425. |
The May 2014 Security Updates |
|
|
426. |
MS14-025: An Update for Group Policy Preferences |
|
|
427. |
Load Library Safely |
|
|
428. |
Assessing risk for the May 2014 security updates |
|
|
429. |
Advance Notification Service for the May 2014 Security Bulletin Release |
|
|
430. |
Security Update Released to Address Recent Internet Explorer Vulnerability |
|
|
431. |
Out-of-Band Release to Address Microsoft Security Advisory 2963983 |
|
|
432. |
Protection strategies for the Security Advisory 2963983 IE 0day |
|
|
433. |
Continuing with Our Community Driven, Customer Focused Approach for EMET |
|
|
434. |
More Details about Security Advisory 2963983 IE 0day |
|
|
435. |
Microsoft releases Security Advisory 2963983 |
|
|
436. |
April 2014 Security Bulletin Webcast and Q&A |
|
|
437. |
MS14-019 – Fixing a binary hijacking via .cmd or .bat file |
|
|
438. |
Assessing risk for the April 2014 security updates |
|
|
439. |
The April 2014 Security Updates |
|
|
440. |
Advance Notification Service for the April 2014 Security Bulletin Release |
|
|
441. |
The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries |
|
|
442. |
Security Advisory 2953095: recommendation to stay protected and for detections |
|
|
443. |
Microsoft Releases Security Advisory 2953095 |
|
|
444. |
March 2014 Security Bulletin Webcast and Q&A |
|
|
445. |
When ASLR makes the difference |
|
|
446. |
The March 2014 Security Updates |
|
|
447. |
Assessing risk for the March 2014 security updates |
|
|
448. |
Advance Notification Service for the March 2014 Security Bulletin Release |
|
|
449. |
Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview |
|
|
450. |
Announcing EMET 5.0 Technical Preview |
|
|
451. |
Microsoft Releases Security Advisory 2934088 |
|
|
452. |
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322 |
|
|
453. |
February 2014 Security Bulletin Webcast and Q&A |
|
|
454. |
Assessing risk for the February 2014 security updates |
|
|
455. |
Safer Internet Day 2014 and Our February 2014 Security Updates |
|
|
456. |
Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release |
|
|
457. |
Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A |
|
|
458. |
Assessing risk for the January 2014 security updates |
|
|
459. |
A Look Into the Future and the January 2014 Bulletin Release |
|
|
460. |
Advance Notification Service for the January 2014 Security Bulletin Release |
|
|
461. |
Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck |
|
|
462. |
Software defense: mitigating common exploitation techniques |
|
|
463. |
Omphaloskepsis and the December 2013 Security Update Release |
|
|
464. |
MS13-098: Update to enhance the security of Authenticode |
|
|
465. |
Assessing risk for the December 2013 security updates |
|
|
466. |
Security Advisory 2916652 released, Certificate Trust List updated |
|
|
467. |
MS13-106: Farewell to another ASLR bypass |
|
|
468. |
BlueHat v13 is Coming |
|
|
469. |
Advance Notification Service for December 2013 Security Bulletin Release |
|
|
470. |
Microsoft Releases Security Advisory 2914486 |
|
|
471. |
Security and policy surrounding bring your own devices (BYOD) |
|
|
472. |
MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck |
|
|
473. |
Technical details of the targeted attack using IE vulnerability CVE-2013-3918 |
|
|
474. |
Security Advisory 2880823: Recommendation to discontinue use of SHA-1 |
|
|
475. |
Security Advisory 2868725: Recommendation to disable RC4 |
|
|
476. |
Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1 |
|
|
477. |
Authenticity and the November 2013 Security Updates |
|
|
478. |
Assessing risk for the November 2013 security updates |
|
|
479. |
ActiveX Control issue being addressed in Update Tuesday |
|
|
480. |
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release |
|
|
481. |
Software defense: safe unlinking and reference count hardening |
|
|
482. |
Microsoft Releases Security Advisory 2896666 |
|
|
483. |
CVE-2013-3906: a graphics vulnerability exploited through Word documents |
|
|
484. |
Bounty Evolution: $100,000 for New Mitigation Bypass Techniques Wanted Dead or Alive |
|
|
485. |
Software Defense: mitigating heap corruption vulnerabilities |
|
|
486. |
Introduction: Chris Betz, new head of MSRC |
|
|
487. |
10 years of Update Tuesdays |
|
|
488. |
October 2013 Security Bulletin Webcast, Q&A, and Slide Deck |
|
|
489. |
MS13-080 addresses two vulnerabilities under limited, targeted attacks |
|
|
490. |
Congratulations to James Forshaw Recipient of Our First $100,000 Bounty for New Mitigation Bypass Techniques! |
|
|
491. |
Assessing risk for the October 2013 security updates |
|
|
492. |
The October 2013 security updates |
|
|
493. |
An update on the bounty programs |
|
|
494. |
Bounty News Update: Bountiful Harvest |
|
|
495. |
Advance Notification Service for October 2013 Security Bulletin Release |
|
|
496. |
Software Defense: mitigating stack corruption vulnerabilties |
|
|
497. |
Software Defense Series: Exploit mitigation and vulnerability detection |
|
|
498. |
Microsoft Releases Security Advisory 2887505 |
|
|
499. |
CVE-2013-3893: Fix it workaround available |
|
|
500. |
September 2013 Security Bulletin Webcast, Q&A, and Slide Deck |
|
|