Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability UPDATE July 12, 2022: As part of the response by Microsoft, a defense in depth variant has bee... 2022-5-30 15:0:0 | 阅读: 6 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com microsoft msdt windows defender trojan

New Research Paper: Pre-hijacking Attacks on Web User Accounts In 2020, MSRC awarded two Identity Project Research Grants to support external researchers wor... 2022-5-23 15:0:0 | 阅读: 9 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com attacker victim hijacking federated idp

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards “The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing h... 2022-5-19 15:0:0 | 阅读: 7 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com him hector microsoft security dishes

Anatomy of a Security Update The Microsoft Security Response Center is part of the defender community and on the front line... 2022-5-13 15:0:0 | 阅读: 4 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com security microsoft victim coordinated

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) Summary Summary Microsoft recently mitigated a vulnerability in Azu... 2022-5-9 15:0:0 | 阅读: 12 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com microsoft synapse security pipelines cloud

Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure... 2022-4-28 15:0:0 | 阅读: 6 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com wiz microsoft replication pg

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers! Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program lea... 2022-4-21 15:0:0 | 阅读: 9 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com leaderboard security quarter

Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 an... 2022-4-14 15:0:0 | 阅读: 4 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com awards security m365 award eligible

Microsoft’s Response to CVE-2022-22965 Spring Framework Summary Summary Microsoft used the Spring Framework RCE, Early Anno... 2022-4-5 15:0:0 | 阅读: 3 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com security microsoft analysis 22965 software

On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises,... 2022-4-5 15:0:0 | 阅读: 3 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com premises security exchange eligible

Randomizing the KUSER_SHARED_DATA Structure on Windows Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization (KASLR) tha... 2022-4-5 15:0:0 | 阅读: 5 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com windows kuser randomized mapped remote

Increasing Representation of Women in Security Research Microsoft is committed to partnering with and supporting women in security research. Whether i... 2022-3-31 15:0:0 | 阅读: 4 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com security easterly 2030 partnering

Randomizing the KUSER_SHARED_DATA Structure on Windows This blog post is older than a year. The information provided below may be outdated.... 2022-3-30 15:0:0 | 阅读: 6 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com randomizing kuser windows microsoft security

Exploring a New Class of Kernel Exploit Primitive The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSR... 2022-3-22 15:0:0 | 阅读: 27 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com acpi mmio mcfg memory windows

Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpo... 2022-3-8 16:0:0 | 阅读: 5 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com windows microsoft security defender client

Disclosure of Vulnerability in Azure Automation Managed Identity Tokens On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azu... 2022-3-7 16:0:0 | 阅读: 7 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com microsoft security identities orca mitigated

Cyber threat activity in Ukraine: analysis and resources UPDATE 27 Apr 2022: See Updated malware details and Microsoft security product detections belo... 2022-2-28 16:0:0 | 阅读: 18 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com microsoft ukraine security destructive defender

Researcher Spotlight: Cyber Viking Nate Warfield is Here to Help “There are few jobs where I can say, I make two billion people more secure on the internet eve... 2022-2-11 16:0:0 | 阅读: 8 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com warfield him security league mission

Expanding the Microsoft Researcher Recognition Program The Microsoft Researcher Recognition Program offers public thanks and recognition to security... 2022-2-1 16:0:0 | 阅读: 4 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com leaderboard security recognize microsoft badges

Congratulations to the Top MSRC 2021 Q4 Security Researchers! Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recog... 2022-2-1 16:0:0 | 阅读: 7 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com leaderboard security quarter q4