Security Bulletin

Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously...

The Notice of Copyright or Trademark Infringement Portal has helped protect Microsoft’s users and customers from intellectual property infringement across online services like Microsoft Azure, Office, Outlook, Skype, Stream, Microsoft News, Sway...

On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their...

We believe the Solorigate incident is an opportunity to work with the community, to share information, strengthen defenses and respond to attacks. We have now completed our internal investigation into the activity of the actor and want to share our...

Wondering how to get into the 2021 MSRC Most Valuable Security Researcher list and get recognized during the Black Hat USA this August? Read on to learn more about the different paths you can take to get into the top researcher tiers. The MSRC Most...

Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the...

Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021...

The Report Abuse (CERT) Portal and Report Abuse API have played a significant role in MSRC’s response to suspected cyberattacks, privacy issues, and abuse originating from Microsoft Online Services. With the contributions from our wonderful community...

Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller...

We’re excited to announce the top contributing researchers for the 2020 Fourth Quarter (Q4)! Congratulations to all of the researchers who made this quarter’s leaderboard and a huge thank you to everyone who continues to help secure our customers and...

Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA. First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a...

Over the past several years, Microsoft has rolled out several changes that result in more memory being zeroed. These mitigations include: The InitAll mitigation which zeros most stack variables Switching most Microsoft kernel code over to the...