Home arrow Microsoft
Microsoft Security Response Center
  • Security Update Solution Further Protects Customer Devices

    On Tuesday, August 18, 2015, Microsoft released a security update solution to address a vulnerability. The update is for all supported versions of Internet Explorer.

    We recommend customers to apply this update as soon as possible by following the directions on the TechNet.com/Security website, in Security Bulletin MS15-093.

    More information about this bulletin can be found at Microsoft’sBulletin Summary page.

    MSRC Team



  • August 2015 Security Update Release Summary

    Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released.

    More information about this month’s security updates and advisories can be found in the Security TechNet Library.

    MSRC Team



  • Microsoft Bounty Programs Expansion - Bounty for Defense, Authentication Bonus, and RemoteApp

    I am very pleased to be releasing additional expansions of the Microsoft Bounty Programs. Please stop by the Microsoft Networking Lounge at Black Hat, August 5-6, to learn more about these programs; or, visit https://aka.ms/BugBounty. We are raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD. I am also very excited to announce that we are launching a bonus period for Authentication vulnerabilities in the Online Services Bug Bounty. We will be running an onsite contest at Black Hat in Las Vegas, August 5-6, related to this effort. Lastly, we are adding RemoteApp to the list of domains covered in the Online Services Bug Bounty.

    The changes to the Bounty for Defense reflect the continuing evolution of the Microsoft Bounty Program, based on the feedback and opportunities brought to us from the Security Research Community.

    • Raising the Bounty for Defense from $50,000 USD to $100,000 USD
      • Brings defense up on par with offense
      • Rewards the novel defender equally for their research

    This continued evolution includes a new approach to the Online Services Bug Bounty Program:

    • Authentication vulnerabilities will receive double bounty payouts
      • Microsoft Account (MSA) and Azure Active Directory (AAD) vulnerabilities
      • Bonus period will run from August 5, 2015 - October 5, 2015
      • All payouts during this period will receive twice the normal payout (that means we will pay $30,000 USD for a great Authentication vulnerability!)

    • MSA contest at Black Hat
      • Come show us your 1337 skills and win an Xbox One, Surface 3, or one year of full MSDN access
      • Come visit us at the Microsoft Networking Lounge, August 5-6, in Mandalay Bay to review full rules and to participate

    • RemoteApp
      • RemoteApp lets users run Windows apps hosted in Azure anywhere, and on a variety of devices
      • RemoteApp is being added as a new property of the Online Services Bug Bounty Program and all of the regular terms and payout rules apply

    These additions to the Microsoft Bounty Program will be part of the rigorous security programs at Microsoft. Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits.

    It has beengreat to see the reaction from the research community to the Microsoft Edge Bug Bounty, and the Azure addition to the Online Services Bug Bounty Program. I hope to see equal enthusiasm for these new editions!

    You can always find the most up-to-date information about the Microsoft Bounty Programs at https://aka.ms/BugBounty and in the associated terms and FAQs.

    Thank you!

    Jason Shirk



  • Out-of-band release for Security Bulletin MS15-078

    Today, we released a security bulletin to provide an update for Microsoft Windows. Customers who have automatic updates enabled or apply the update, will be protected.

    We recommend customers apply the update as soon as possible, following the directions in the security bulletin.

    More information about this bulletin can be found at Microsoft’sBulletin Summary page.

    MSRC Team



  • July 2015 Security Updates

    Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer.

    As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month’ssecurity updates and advisories visit the Security TechNet Library.

    You can alsofollow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse

    MSRC Team



  • June 2015 Updates

    Today, as part of Update Tuesday, we released 8 security bulletins.

    We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI), visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here.

    We released one new Security Advisory:

    One Security Advisoryhas beenrevised:

    For the latest information, you can follow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse.

    MSRC Team



  • May 2015 Updates

    Today, as part of Update Tuesday, we released 13 security bulletins.

    We encourage customers to apply all of these updates. For more information about this month’s security updates, including a detailed view of the ExploitabilityIndex (XI), visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here.

    We also released one new Security Advisory:

    One Security Advisory was revised:

    For the latest information, you can follow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse.

    MSRC Team




Angelo Castigliola     View Photos of Angelo (8)
    Send Angelo a Message
Sec and Sec-Tech Newsletter
Email:





Upcoming Events