September 30, 2022

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

Summary Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request […]
September 21, 2022

Defense-in-Depth Updates for Azure Identity SDK and Azure Key Vault SDK plus Best Practice Implementation Guidance

Summary Today, Microsoft released a new version of the Azure Key Vault Software Development Kit (SDK) and Azure Identity SDK that includes defense-in-depth feature improvements. We […]
September 21, 2022

Defense-in-Depth Updates for Azure Identity SDK and Azure Key Vault SDK plus Best Practice Implementation Guidance

Summary Today, Microsoft released a new version of the Azure Key Vault Software Development Kit (SDK) and Azure Identity SDK that includes defense-in-depth feature improvements. We […]
September 8, 2022

Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez

When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the […]
September 2, 2022

Vulnerability Fixed in Azure Synapse Spark

Summary: Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are […]
August 12, 2022

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. […]
August 10, 2022

Security Update Guide Notification System News: Create your profile now

Sharing information through the Security Update Guide (SUG) is an important part of our ongoing effort to help customers manage security risks and keep systems protected. […]
August 9, 2022

Congratulations to the MSRC 2022 Most Valuable Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated […]
August 8, 2022

Microsoft Office to publish symbols starting August 2022

We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The […]
July 29, 2022

Anatomy of a Cloud-Service Security Update

Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of […]
July 20, 2022

Congratulations to the Top MSRC 2022 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to […]
July 19, 2022

Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability

Summary: Google informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a padding oracle vulnerability that may affect customers using Azure Storage SDK (for Python, .NET, Java) […]