Security Bulletin

As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Like other SolarWinds customers, we have been actively looking...

UPDATE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. Microsoft...

Note: we are updating as the investigation continues. Revision history listed at the bottom. This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the...

Hi Folks, We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working...

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that...

Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11...

Following the MSRC’s 2020 Most Valuable Security Researchers announced during this year’s Black Hat, we’re excited to announce the top contributing researchers for the 2020 Third Quarter (Q3)! The top three researchers of the 2020 Q3

Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI (Capability Hardware Enhanced RISC Instructions), which provides memory...

The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. During the three-month Azure...

We’re excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our...

At the Microsoft Security Response Center’s (MSRC), our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then...

As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard (CFG) support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? CFG is a platform security...