Security Bulletin

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymerransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads...

Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are...

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found...

This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this...

In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying...

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent (complete with toasted marshmallows). Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of...

We’ve finished two incredible days of security trainings at the Living Computer Museum in Seattle. Now it’s time for the second part of BlueHat: the briefings at ShowBox SoDo. We’ve got a big day planned, so head on down. Please join us for breakfast...

Microsoft is continually improving our existing bounty programs. Today we’re happy to share the latest updates to the Microsoft Identity Bounty. Originally launched in July 2018, the Microsoft Identity bounty program has helped build a partnership...

Today we are launching the [ElectionGuard Bounty program](«http://www.microsoft.com/msrc/bounty-electionguard> >). In May 2019, we announced the release of ElectionGuard, a free open-source SDK to make voting more secure, transparent, and accessible...

Right before Black Hat USA 2019, we announced our new researcher recognition program, and at Black Hat we announced the top researchers from the previous twelve months. Since it’s easier to track your progress with regular updates than with just an...

Over the course of my internship at the Microsoft Security Response Center (MSRC), I worked on the safe systems programming languages (SSPL) team to promote safer languages for systems programming where runtime overhead is important, as outlined in...

We have released the October security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in...