Browsing Category
Microsoft Security
90 posts
Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs
We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform…
Randomizing the KUSER_SHARED_DATA Structure on Windows
Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization (KASLR) that increases the cost…
Microsoft’s Response to CVE-2022-22965 Spring Framework
Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability,…
Increasing Representation of Women in Security Research
Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in…
On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program
Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to…
Exploring a New Class of Kernel Exploit Primitive
The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide…
Randomizing the KUSER_SHARED_DATA Structure on Windows
Opps, this post exists, but was actually published 4/5/2022. We’re navigating you to the correct page now. If…
Disclosure of Vulnerability in Azure Automation Managed Identity Tokens
On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used…
Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint
Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability…
Cyber threat activity in Ukraine: analysis and resources
UPDATE 02 MAR 2022: See Updated malware details and Microsoft security product detections below for additional insights and…