Microsoft Security Response Center Blog

Announcing BlueHat 2024: Call for Papers now open

Wednesday, August 07, 2024

The 23rd edition of Microsoft’s BlueHat security conference will be hosted by the Microsoft Security Response Center (MSRC) at the Redmond, WA corporate campus, October 29 and 30, 2024. BlueHat brings together security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and best practices, all in the interest of creating a safer and more secure world for everyone.

• BlueHat
• Security Research

Congratulations to the MSRC 2024 Most Valuable Security Researchers!

Tuesday, August 06, 2024

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s 100 Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Security Researcher
• Researcher Recognition
• Bug Bounty
• Bug Bounty Programs
• Bounty

Microsoft Bounty Program Year in Review: $16.6M in Rewards 

Monday, August 05, 2024

We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center (MSRC). Each year we identify over a thousand potential security issues together, safeguarding our customers from possible threats through the Microsoft Bounty Program.

• Bounty
• Bug Bounty
• Bug Bounty Programs
• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

Introducing the MSRC Researcher Resource Center

Wednesday, July 31, 2024

Microsoft partners with the global security researcher community to surface and report security vulnerabilities to protect all users of Microsoft products and services. Researcher submissions help us address immediate threats while also identifying trends and insights to holistically improve the security of our products and services. We’re always looking for ways to build upon this partnership, and with that goal in mind, we are excited to announce the creation of the MSRC Researcher Resource Center.

• Security Researcher

Congratulations to the Top MSRC 2024 Q2 Security Researchers!

Wednesday, July 24, 2024

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q2 Security Researcher Leaderboard are Yuki Chen, Lewis Lee & Ver & Zhiniang Peng, and Wei!

• Bounty
• Bug Bounty Programs
• Bug Bounty
• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

Announcing the CVRF API 3.0 upgrade

Thursday, July 11, 2024

At the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common Vulnerability Reporting (CVRF) API. This update brings improvements in both security and performance, without requiring any changes to your existing invocation methods.

What’s new in the MSRC Report Abuse Portal and API

Wednesday, July 03, 2024

The Microsoft Security Response Center (MSRC) has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several updates to the Report Abuse Portal and API, which will significantly improve the way we handle and respond to abuse reports.

• Report Abuse
• Report Abuse API
• Report Abuse Portal

Toward greater transparency: Unveiling Cloud Service CVEs

Thursday, June 27, 2024

Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities, and Microsoft, from current and emerging threats to security and privacy.

• Security Update Guide

Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

Monday, June 17, 2024

Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning (AML) service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries (SSRF) and a path traversal vulnerability, posed potential risks for information exposure and service disruption via Denial-of-Service (DOS).

• MSRC
• CVD

Improved Guidance for Azure Network Service Tags

Monday, June 03, 2024

Summary Microsoft Security Response Center (MSRC) was notified in January 2024 by our industry partner, Tenable Inc., about the potential for cross-tenant access to web resources using the service tags feature. Microsoft acknowledged that Tenable provided a valuable contribution to the Azure community by highlighting that it can be easily misunderstood how to use service tags and their intended purpose.

• Azure
• Network infrastructure