Archive

Posts Tagged ‘MSRC’

Solving Uninitialized Kernel Pool Memory on Windows

July 2nd, 2020 No comments

This blog post outlines the work that Microsoft is doing to eliminate uninitialized kernel pool memory vulnerabilities from Windows and why we’re on this path. For a background on why uninitialized memory matters and what options have been used in the past to tackle this issue, please see our previous blog post. The brief recap …

Solving Uninitialized Kernel Pool Memory on Windows Read More »

The post Solving Uninitialized Kernel Pool Memory on Windows appeared first on Microsoft Security Response Center.

Categories: Uncategorized Tags:

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

June 1st, 2020 No comments

Machine learning (ML) is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud, adversaries have been busy developing malware designed to evade ML models. To proactively …

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack Read More »

The post Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack appeared first on Microsoft Security Response Center.

Azure Sphere Security Research Challenge Now Open

May 5th, 2020 No comments

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact …

Azure Sphere Security Research Challenge Now Open Read More »

The post Azure Sphere Security Research Challenge Now Open appeared first on Microsoft Security Response Center.

Azure Sphere Security Research Challenge Now Open

May 5th, 2020 No comments

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact …

Azure Sphere Security Research Challenge Now Open Read More »

The post Azure Sphere Security Research Challenge Now Open appeared first on Microsoft Security Response Center.

Congratulating Our Top 2020 Q1 Security Researchers!

April 23rd, 2020 No comments

Following the second Security Researcher Quarterly Leaderboard and the 2020 MSRC Most Valuable Security Researchers criteria we published in February 2020, we are excited to announce the 2020 First Quarter (Q1) Security Researcher Leaderboard, listing our top contributing researchers for the last quarter. The top three researchers of the last quarter are: Zhiniang Peng (2870 …

Congratulating Our Top 2020 Q1 Security Researchers! Read More »

The post Congratulating Our Top 2020 Q1 Security Researchers! appeared first on Microsoft Security Response Center.

March 2020 security updates are available

March 10th, 2020 No comments

We have released the March security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide.

The post March 2020 security updates are available appeared first on Microsoft Security Response Center.

Categories: Uncategorized Tags:

Calling for security research in Azure Sphere, now generally available

February 24th, 2020 No comments

Today, Microsoft released Azure Sphere into General Availability (GA). Azure Sphere’s mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. Azure Sphere is an end-to-end solution for securely connecting existing equipment and for creating new IoT devices with built-in security. The solution includes hardware, OS, and …

Calling for security research in Azure Sphere, now generally available Read More »

The post Calling for security research in Azure Sphere, now generally available appeared first on Microsoft Security Response Center.

February 2020 security updates are available

February 11th, 2020 No comments

We have released the February security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide.

The post February 2020 security updates are available appeared first on Microsoft Security Response Center.

Categories: Patch, Update Tuesday Tags:

Recognizing Security Researchers in 2020

February 3rd, 2020 No comments

Is it too early to talk about the 2020 MSRC Most Valuable Security Researchers? Five months from now, at the end of June, the program period closes for researchers to be considered for inclusion in the Most Valuable Researchers list. The top researcher list will be revealed at Black Hat North America in August. For …

Recognizing Security Researchers in 2020 Read More »

The post Recognizing Security Researchers in 2020 appeared first on Microsoft Security Response Center.

Announcing the Xbox Bounty program

January 30th, 2020 No comments

Announcing the new Xbox Bounty. The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD).

The post Announcing the Xbox Bounty program appeared first on Microsoft Security Response Center.

Access Misconfiguration for Customer Support Database

January 22nd, 2020 No comments

Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking …

Access Misconfiguration for Customer Support Database Read More »

The post Access Misconfiguration for Customer Support Database appeared first on Microsoft Security Response Center.

Categories: Misconfiguration Tags:

Announcing MSRC 2019 Q4 Security Researcher Leaderboard

January 15th, 2020 No comments

Following the first Security Researcher Quarterly Leaderboard we published in October 2019, we are excited to announce the MSRC Q4 2019 Security Researcher Leaderboard, which shows the top contributing researchers for the last quarter. In each quarterly leaderboard, we recognize the security researchers who ranked at or above the 95th percentile line based on the …

Announcing MSRC 2019 Q4 Security Researcher Leaderboard Read More »

The post Announcing MSRC 2019 Q4 Security Researcher Leaderboard appeared first on Microsoft Security Response Center.

January 2020 Security Updates: CVE-2020-0601

January 14th, 2020 No comments

The January security updates include several Important and Critical security updates. As always, we recommend that customers update their systems as quickly as practical. Details for the full set of updates released today can be found in the Security Update Guide. We believe in Coordinated Vulnerability Disclosure (CVD) as proven industry best practice to address security vulnerabilities. Through a partnership …

January 2020 Security Updates: CVE-2020-0601 Read More »

The post January 2020 Security Updates: CVE-2020-0601 appeared first on Microsoft Security Response Center.

January 2020 security updates are available!

January 14th, 2020 No comments

We have released the January security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

January 2020 security updates are available! Read More »

The post January 2020 security updates are available! appeared first on Microsoft Security Response Center.

Categories: Uncategorized Tags:

Announcing the Microsoft Identity Research Project Grant

January 9th, 2020 No comments

We are excited to announce the Microsoft Identity Research Project Grant a new opportunity in partnership with the security community to help protect Microsoft customers. This project grant awards up to $75,000 USD for approved research proposals that improve the security of the Microsoft Identity solutions in new ways for both Consumers (Microsoft Account) and Enterprise (Azure Active Directory).

The post Announcing the Microsoft Identity Research Project Grant appeared first on Microsoft Security Response Center.

December 2019 security updates are available

December 10th, 2019 No comments

We have released the December security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

December 2019 security updates are available Read More »

Categories: Security Update, Update Tuesday Tags:

Customer Guidance for the Dopplepaymer Ransomware

November 20th, 2019 No comments

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated and found no evidence to support these claims. In our investigations we found that the …

Customer Guidance for the Dopplepaymer Ransomware Read More »

The post Customer Guidance for the Dopplepaymer Ransomware appeared first on Microsoft Security Response Center.

November 2019 security updates are available!

November 12th, 2019 No comments

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

November 2019 security updates are available! Read More »

The post November 2019 security updates are available! appeared first on Microsoft Security Response Center.

Categories: Uncategorized Tags:

Microsoft Identity Bounty Improvements

October 23rd, 2019 No comments

Introducing the ElectionGuard Bounty program

October 18th, 2019 No comments