Archive

Author Archive

Multiple Security Updates Released for Exchange Server

March 2nd, 2021 No comments

Today we are releasing several security updates for Microsoft Exchange Server to address vulnerabilities that have been used in limited targeted attacks.  Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect against these exploits and to prevent future abuse across the ecosystem.   The vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.   The versions affected are:  Microsoft Exchange Server 2013   …

Multiple Security Updates Released for Exchange Server Read More »

Categories: Uncategorized Tags:

Microsoft Internal Solorigate Investigation – Final Update

February 18th, 2021 No comments

We believe the Solorigate incident is an opportunity to work with the community, to share information, strengthen defenses and respond to attacks. We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer …

Microsoft Internal Solorigate Investigation – Final Update Read More »

Categories: Uncategorized Tags:

Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

February 9th, 2021 No comments

Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move …

Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 Read More »

New and Improved Report Abuse Portal and API!

February 1st, 2021 No comments

The Report Abuse (CERT) Portal and Report Abuse API have played a significant role in MSRC’s response to suspected cyberattacks, privacy issues, and abuse originating from Microsoft Online Services. With the contributions from our wonderful community of reporters, we continue to gain insightful perspectives into the various types of attacks that threaten our online services, our cloud, and our customers.  To further commit to MSRC’s mission of responding to and defending against these types of security incidents, our team has …

New and Improved Report Abuse Portal and API! Read More »

Security Update Guide Supports CVEs Assigned by Industry Partners

January 13th, 2021 No comments

Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA.  First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a cybersecurity vulnerability.  The CVE program was started back …

Security Update Guide Supports CVEs Assigned by Industry Partners Read More »

Microsoft Internal Solorigate Investigation Update

December 31st, 2020 No comments

As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Like other SolarWinds customers, we have been actively looking for indicators of the Solorigate actor and want to share an update from our ongoing internal …

Microsoft Internal Solorigate Investigation Update Read More »

Categories: Investigation, SolarWinds, Solorigate Tags:

December 21st, 2020 – Solorigate Resource Center

December 22nd, 2020 No comments

Alongside our industry partners and the security community, Microsoft continues to investigate the extent of the recent nation-state attack on SolarWinds. Our goal is to provide the latest threat intelligence, Indicators of Compromise (IOC)s, and guidance across our products and solutions to help the community respond, harden infrastructure, and begin to recover from this unprecedented attack. As new information becomes available, we will make updates to this article at https://aka.ms/solorigate   Executive Summary and Background Information  …

December 21st, 2020 – Solorigate Resource Center Read More »

Categories: Uncategorized Tags:

Security Update Guide: Let’s keep the conversation going

December 8th, 2020 No comments

Hi Folks,   We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able to run the new application. We really appreciate your feedback as we review these issues.  …

Security Update Guide: Let’s keep the conversation going Read More »

Vulnerability Descriptions in the New Version of the Security Update Guide

November 9th, 2020 No comments

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS).  This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary …

Vulnerability Descriptions in the New Version of the Security Update Guide Read More »

Security Analysis of CHERI ISA

October 14th, 2020 No comments

Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI (Capability Hardware Enhanced RISC Instructions), which provides memory protection features against many exploited vulnerabilities, or in other words, an architectural solution that breaks exploits. We’ve looked at …

Security Analysis of CHERI ISA Read More »

The post Security Analysis of CHERI ISA appeared first on Microsoft Security Response Center.

What to Expect When Reporting Vulnerabilities to Microsoft

September 21st, 2020 No comments

At the Microsoft Security Response Center’s (MSRC), our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers get fixed. Many researchers report these …

What to Expect When Reporting Vulnerabilities to Microsoft Read More »

The post What to Expect When Reporting Vulnerabilities to Microsoft appeared first on Microsoft Security Response Center.

Control Flow Guard for Clang/LLVM and Rust

August 17th, 2020 No comments

As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard (CFG) support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? CFG is a platform security technology designed to enforce control flow integrity. It has been available since Windows 8.1 …

Control Flow Guard for Clang/LLVM and Rust Read More »

The post Control Flow Guard for Clang/LLVM and Rust appeared first on Microsoft Security Response Center.

Microsoft Joins Open Source Security Foundation

August 3rd, 2020 No comments

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings together work from the Linux Foundation-initiated Core Infrastructure Initiative (CII), …

Microsoft Joins Open Source Security Foundation Read More »

The post Microsoft Joins Open Source Security Foundation appeared first on Microsoft Security Response Center.

Categories: Linux, Open Source, OpenSSF, security Tags:

Black Hat 2020: See you in the Cloud!

July 30th, 2020 No comments

It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the chance to catch up with security researchers, industry partners, and customers in person, an opportunity we look forward to every year. We’ll still be there though, and …

Black Hat 2020: See you in the Cloud! Read More »

The post Black Hat 2020: See you in the Cloud! appeared first on Microsoft Security Response Center.

Updates to the Windows Insider Preview Bounty Program

July 24th, 2020 No comments

Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to encourage and reward vulnerability research focused on the highest impact to customer security. The Windows Insider Preview (WIP) Bounty Program is a key program for Microsoft and …

Updates to the Windows Insider Preview Bounty Program Read More »

The post Updates to the Windows Insider Preview Bounty Program appeared first on Microsoft Security Response Center.

Top MSRC 2020 Q2 Security Researchers Announced – Congratulations!

July 15th, 2020 No comments

We are excited to announce the top contributing researchers for the 2020 Second Quarter (Q2)! Congratulations to all the researchers who continue to rock the leaderboard, and a big thank you to everyone for your contribution to securing our customers and the ecosystem. The top three researchers of the 2020 Second Quarter (Q2) Security Researcher …

Top MSRC 2020 Q2 Security Researchers Announced – Congratulations! Read More »

The post Top MSRC 2020 Q2 Security Researchers Announced – Congratulations! appeared first on Microsoft Security Response Center.

July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server

July 14th, 2020 No comments

Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected. Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this …

July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server Read More »

The post July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server appeared first on Microsoft Security Response Center.

Categories: DNS, Windows, worm Tags:

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

June 1st, 2020 No comments

Machine learning (ML) is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud, adversaries have been busy developing malware designed to evade ML models. To proactively …

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack Read More »

The post Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack appeared first on Microsoft Security Response Center.

Azure Sphere Security Research Challenge Now Open

May 5th, 2020 No comments

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact …

Azure Sphere Security Research Challenge Now Open Read More »

The post Azure Sphere Security Research Challenge Now Open appeared first on Microsoft Security Response Center.

Azure Sphere Security Research Challenge Now Open

May 5th, 2020 No comments

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact …

Azure Sphere Security Research Challenge Now Open Read More »

The post Azure Sphere Security Research Challenge Now Open appeared first on Microsoft Security Response Center.