Archive

Author Archive

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

June 1st, 2020 No comments

Machine learning (ML) is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud, adversaries have been busy developing malware designed to evade ML models. To proactively …

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack Read More »

The post Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack appeared first on Microsoft Security Response Center.

Azure Sphere Security Research Challenge Now Open

May 5th, 2020 No comments

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact …

Azure Sphere Security Research Challenge Now Open Read More »

The post Azure Sphere Security Research Challenge Now Open appeared first on Microsoft Security Response Center.

Azure Sphere Security Research Challenge Now Open

May 5th, 2020 No comments

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact …

Azure Sphere Security Research Challenge Now Open Read More »

The post Azure Sphere Security Research Challenge Now Open appeared first on Microsoft Security Response Center.

The Safety Boat: Kubernetes and Rust

April 29th, 2020 No comments

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and is primarily written in the Go programming language. While there have …

The Safety Boat: Kubernetes and Rust Read More »

The post The Safety Boat: Kubernetes and Rust appeared first on Microsoft Security Response Center.

Congratulating Our Top 2020 Q1 Security Researchers!

April 23rd, 2020 No comments

Following the second Security Researcher Quarterly Leaderboard and the 2020 MSRC Most Valuable Security Researchers criteria we published in February 2020, we are excited to announce the 2020 First Quarter (Q1) Security Researcher Leaderboard, listing our top contributing researchers for the last quarter. The top three researchers of the last quarter are: Zhiniang Peng (2870 …

Congratulating Our Top 2020 Q1 Security Researchers! Read More »

The post Congratulating Our Top 2020 Q1 Security Researchers! appeared first on Microsoft Security Response Center.

March 2020 security updates are available

March 10th, 2020 No comments

We have released the March security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide.

The post March 2020 security updates are available appeared first on Microsoft Security Response Center.

Categories: Uncategorized Tags:

Calling for security research in Azure Sphere, now generally available

February 24th, 2020 No comments

Today, Microsoft released Azure Sphere into General Availability (GA). Azure Sphere’s mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. Azure Sphere is an end-to-end solution for securely connecting existing equipment and for creating new IoT devices with built-in security. The solution includes hardware, OS, and …

Calling for security research in Azure Sphere, now generally available Read More »

The post Calling for security research in Azure Sphere, now generally available appeared first on Microsoft Security Response Center.

February 2020 security updates are available

February 11th, 2020 No comments

We have released the February security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide.

The post February 2020 security updates are available appeared first on Microsoft Security Response Center.

Categories: Patch, Update Tuesday Tags:

Recognizing Security Researchers in 2020

February 3rd, 2020 No comments

Is it too early to talk about the 2020 MSRC Most Valuable Security Researchers? Five months from now, at the end of June, the program period closes for researchers to be considered for inclusion in the Most Valuable Researchers list. The top researcher list will be revealed at Black Hat North America in August. For …

Recognizing Security Researchers in 2020 Read More »

The post Recognizing Security Researchers in 2020 appeared first on Microsoft Security Response Center.

Access Misconfiguration for Customer Support Database

January 22nd, 2020 No comments

Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking …

Access Misconfiguration for Customer Support Database Read More »

The post Access Misconfiguration for Customer Support Database appeared first on Microsoft Security Response Center.

Categories: Misconfiguration Tags:

Announcing MSRC 2019 Q4 Security Researcher Leaderboard

January 15th, 2020 No comments

Following the first Security Researcher Quarterly Leaderboard we published in October 2019, we are excited to announce the MSRC Q4 2019 Security Researcher Leaderboard, which shows the top contributing researchers for the last quarter. In each quarterly leaderboard, we recognize the security researchers who ranked at or above the 95th percentile line based on the …

Announcing MSRC 2019 Q4 Security Researcher Leaderboard Read More »

The post Announcing MSRC 2019 Q4 Security Researcher Leaderboard appeared first on Microsoft Security Response Center.

January 2020 Security Updates: CVE-2020-0601

January 14th, 2020 No comments

The January security updates include several Important and Critical security updates. As always, we recommend that customers update their systems as quickly as practical. Details for the full set of updates released today can be found in the Security Update Guide. We believe in Coordinated Vulnerability Disclosure (CVD) as proven industry best practice to address security vulnerabilities. Through a partnership …

January 2020 Security Updates: CVE-2020-0601 Read More »

The post January 2020 Security Updates: CVE-2020-0601 appeared first on Microsoft Security Response Center.

January 2020 security updates are available!

January 14th, 2020 No comments

We have released the January security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

January 2020 security updates are available! Read More »

The post January 2020 security updates are available! appeared first on Microsoft Security Response Center.

Categories: Uncategorized Tags:

December 2019 security updates are available

December 10th, 2019 No comments

We have released the December security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

December 2019 security updates are available Read More »

Categories: Security Update, Update Tuesday Tags:

BlueHat Seattle videos are online!

November 13th, 2019 No comments

Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone. We are also happy …

BlueHat Seattle videos are online! Read More »

The post BlueHat Seattle videos are online! appeared first on Microsoft Security Response Center.

November 2019 security updates are available!

November 12th, 2019 No comments

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

November 2019 security updates are available! Read More »

The post November 2019 security updates are available! appeared first on Microsoft Security Response Center.

Categories: Uncategorized Tags:

Using Rust in Windows

November 7th, 2019 No comments

This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in Microsoft. If you want to talk with …

Using Rust in Windows Read More »

The post Using Rust in Windows appeared first on Microsoft Security Response Center.

Time for day 2 of briefings at BlueHat Seattle!

October 25th, 2019 No comments

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent (complete with toasted marshmallows). Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising correlations between vuln severity, age, and time to …

Time for day 2 of briefings at BlueHat Seattle! Read More »

The post Time for day 2 of briefings at BlueHat Seattle! appeared first on Microsoft Security Response Center.

Welcome to the second stage of BlueHat!

October 24th, 2019 No comments

We’ve finished two incredible days of security trainings at the Living Computer Museum in Seattle. Now it’s time for the second part of BlueHat: the briefings at ShowBox SoDo. We’ve got a big day planned, so head on down. Please join us for breakfast (we have doughnuts! and bacon! and cereal!) when the doors open …

Welcome to the second stage of BlueHat! Read More »

The post Welcome to the second stage of BlueHat! appeared first on Microsoft Security Response Center.

Microsoft Identity Bounty Improvements

October 23rd, 2019 No comments