Archive

Archive for the ‘Security Research’ Category

Announcing the Launch of the Azure SSRF Security Research Challenge

August 19th, 2021 No comments

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft Azure. Qualified submissions are eligible for bounty rewards up to $60,000 USD, with additional …

Announcing the Launch of the Azure SSRF Security Research Challenge Read More »

Introducing Bounty Awards for Teams Mobile Applications Security Research

July 19th, 2021 No comments

We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to seek out and disclose any high impact security vulnerabilities they may find in Teams mobile applications to help secure customers. Rewards up to $30,000 USD …

Introducing Bounty Awards for Teams Mobile Applications Security Research Read More »

Introducing Bounty Awards for Teams Desktop Client Security Research

March 24th, 2021 No comments

Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate remotely. Microsoft and security researchers across the planet continue to …

Introducing Bounty Awards for Teams Desktop Client Security Research Read More »

Security Analysis of CHERI ISA

October 14th, 2020 No comments

Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI (Capability Hardware Enhanced RISC Instructions), which provides memory protection features against many exploited vulnerabilities, or in other words, an architectural solution that breaks exploits. We’ve looked at …

Security Analysis of CHERI ISA Read More »

The post Security Analysis of CHERI ISA appeared first on Microsoft Security Response Center.

Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community

October 6th, 2020 No comments

The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. During the three-month Azure Sphere Security Research Challenge, researchers surfaced 20 Critical or Important severity security vulnerabilities, with Microsoft awarding $374,300 in bounty awards for …

Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community Read More »

What to Expect When Reporting Vulnerabilities to Microsoft

September 21st, 2020 No comments

At the Microsoft Security Response Center’s (MSRC), our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers get fixed. Many researchers report these …

What to Expect When Reporting Vulnerabilities to Microsoft Read More »

The post What to Expect When Reporting Vulnerabilities to Microsoft appeared first on Microsoft Security Response Center.

Updates to the Windows Insider Preview Bounty Program

July 24th, 2020 No comments

Partnering with the research community is an important part of Microsoft’s holistic approach to defending against security threats. Bounty programs are one part of this partnership, designed to encourage and reward vulnerability research focused on the highest impact to customer security. The Windows Insider Preview (WIP) Bounty Program is a key program for Microsoft and …

Updates to the Windows Insider Preview Bounty Program Read More »

The post Updates to the Windows Insider Preview Bounty Program appeared first on Microsoft Security Response Center.

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack

June 1st, 2020 No comments

Machine learning (ML) is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud, adversaries have been busy developing malware designed to evade ML models. To proactively …

Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack Read More »

The post Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack appeared first on Microsoft Security Response Center.

Azure Sphere Security Research Challenge Now Open

May 5th, 2020 No comments

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact …

Azure Sphere Security Research Challenge Now Open Read More »

The post Azure Sphere Security Research Challenge Now Open appeared first on Microsoft Security Response Center.

Azure Sphere Security Research Challenge Now Open

May 5th, 2020 No comments

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact …

Azure Sphere Security Research Challenge Now Open Read More »

The post Azure Sphere Security Research Challenge Now Open appeared first on Microsoft Security Response Center.

Announcing the Xbox Bounty program

January 30th, 2020 No comments

Announcing the new Xbox Bounty. The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD).

The post Announcing the Xbox Bounty program appeared first on Microsoft Security Response Center.

Announcing the Microsoft Identity Research Project Grant

January 9th, 2020 No comments

We are excited to announce the Microsoft Identity Research Project Grant a new opportunity in partnership with the security community to help protect Microsoft customers. This project grant awards up to $75,000 USD for approved research proposals that improve the security of the Microsoft Identity solutions in new ways for both Consumers (Microsoft Account) and Enterprise (Azure Active Directory).

The post Announcing the Microsoft Identity Research Project Grant appeared first on Microsoft Security Response Center.

Vulnerability hunting with Semmle QL: DOM XSS

November 6th, 2019 No comments

In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­ the …

Vulnerability hunting with Semmle QL: DOM XSS Read More »

The post Vulnerability hunting with Semmle QL: DOM XSS appeared first on Microsoft Security Response Center.

Microsoft Identity Bounty Improvements

October 23rd, 2019 No comments

Introducing the ElectionGuard Bounty program

October 18th, 2019 No comments