February 9, 2023

New MSRC Blog Site

We are excited to announce the release of the new Microsoft Security Response Center (MSRC) blog site. Please visit msrc.microsoft.com/blog/starting February 9th, 2023, for all past […]
January 31, 2023

Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process

Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud […]
January 27, 2023

Congratulations to the Top MSRC 2022 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to […]
January 18, 2023

Microsoft resolves four SSRF vulnerabilities in Azure cloud services

Summary  Microsoft recently fixed a set of Server-Side Request Forgery (SSRF) vulnerabilities in four Azure services (Azure API Management, Azure Functions, Azure Machine Learning, and Azure […]
January 7, 2023

Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API

Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide (SUG) Common Vulnerability Reporting Framework (CVRF) […]
December 30, 2022

Security Update Guide Improvement – Representing Hotpatch Updates

Today we are updating the way Microsoft Security Update Guide (SUG) represents the Windows Hotpatch feature to make it easier for users to identify the hotpatch […]
December 3, 2022

BlueHat 2023: Applications to Attend NOW OPEN!

We are excited to announce that applications to attend BlueHat 2023 are now open!   BlueHat 2023 will be the 20th version of the BlueHat conference and […]