Security Bulletin

We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve security...

This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q2 2022. It was last updated on July 29, 2022.

Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update is ensuring customers apply the protections...

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q2...

Summary Google informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a padding oracle vulnerability that may affect customers using Azure Storage SDK (for Python, .NET, Java) client-side encryption (CVE-2022-30187). To mitigate this...

The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this modern engineering marvel. Each day, approx. 100,000 vehicles travel over the...

Summary Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery (ASR) and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect all ASR on-premises customers using a VMware...

Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access to a...

Hidden Talents : He was a competitive swimmer for many years. Instrument of Choice : His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life : The Office, World War Z, The Matrix...

UPDATE July 12, 2022: As part of the response by Microsoft, a defense in depth variant has been found and fixed in the Windows July cumulative updates. Microsoft recommends installing the July updates as soon as possible. Windows Version Link to KB...

In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This...

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side...