Month: March 2019

Vulnerability hunting with Semmle QL, part 2

The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center (MSRC) are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware component. This was part of a wider …

Vulnerability hunting with Semmle QL, part 2 Read More »

Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec!

The MSRC is more than managing vulnerability reports, publishing Microsoft security updates, and defending the cloud. The MSRC is passionate about helping everyone improve internal engineering practices and supporting the defender community, and are excited to partner with Blackberry to host a Product Security Operations Forum at LocoMocoSec on April 18, 2019. Featuring exceptional speakers …

Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec! Read More »

Local privilege escalation via the Windows I/O Manager: a variant finding collaboration

The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services to help make our customers and the global online community more secure. We appreciate the excellent vulnerability research reported to us regularly from the security community, and we consider it a privilege to work with these researchers. One …

Local privilege escalation via the Windows I/O Manager: a variant finding collaboration Read More »

Call for Papers | Microsoft BlueHat Shanghai 2019

The Microsoft Security Response Center (MSRC) recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented security researchers throughout the Asia Pacific region …

Call for Papers | Microsoft BlueHat Shanghai 2019 Read More »

Practical advice for earning higher Microsoft bounty awards

This year at the Nullcon International Security Conference I shared practical advice for how security researchers can maximize the impact of their security vulnerability submissions and earn higher bounty awards under the Microsoft Bounty Program. For those who couldn’t be there, I had two core pieces of advice. First, focus vulnerability research on the products …

Practical advice for earning higher Microsoft bounty awards Read More »

March 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.