Biztonsági szemle

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued...

We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on...

Megjelent a SANS és a Nemzetbiztonsági Szakszolgálat Nemzeti Kibervédelmi Intézet közös kiadványfolyamának 2022. márciusi száma, amely a három leggyakoribb közösségi média csalással foglalkozik, és ad tanácsokat a kezelésükhöz.

Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise...

Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program. Through this expanded program, we encourage researchers to...

Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization (KASLR) that increases the cost of exploitation, particularly for remote code execution exploits. Many kernel virtual address space (VAS) locations including kernel...

Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a part of the journey. Throughout Women’s History Month we...

Opps, this post exists, but was actually published 4/5/2022. We’re navigating you to the correct page now. If that doesn’t work click the link below: Randomizing the KUSER_SHARED_DATA Structure on Windows – Microsoft Security Response Center

The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an...

Megjelent a SANS és a Nemzetbiztonsági Szakszolgálat Nemzeti Kibervédelmi Intézet közös kiadványfolyamának 2022. márciusi száma, amely hasznos tanácsokat ad ahhoz, hogy felismerhessük a deepfake-eket.

Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through...

On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identitiestokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has...