Microsoft Security Response Center Blog

Toward greater transparency: Adopting the CWE standard for Microsoft CVEs

Monday, April 08, 2024

At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by determining the root cause of security vulnerabilities in Microsoft products and services. We use this information to identify vulnerability trends and provide this data to our Product Engineering teams to enable them to systematically understand and eradicate security risks.

• Security Update Guide

Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team

Tuesday, April 02, 2024

Meet Derrick, a Senior Program Manager on the Operational Threat Intelligence team at Microsoft. Derrick’s role involves understanding and roadmapping the complete set of tools that Threat Intel analysts use to collect, analyze, process, and disseminate threat intelligence across Microsoft. Derrick’s love of learning and his natural curiosity led him to a career in technology and ultimately, to his current role at Microsoft.

Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

Friday, March 08, 2024

This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.

• Attack

Faye’s Journey: From Security PM to Diversity Advocate at Microsoft

Thursday, February 29, 2024

Faye, a veteran at Microsoft for 22 years, has had a career as varied as it is long. Her journey began in 2002 as the first desktop security Project Manager (PM) in Microsoft IT. From there, she transitioned into owning a deployment team that deployed to desktops and handled operations for Office’s first few customers.

Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and an expanded scope

Tuesday, February 27, 2024

Starting today, we are doubling the maximum bounty award for the Microsoft 365 Insider Bug Bounty Program to $30,000 USD for high impact scenarios, such as unauthenticated non-sandboxed code execution with no user interaction. We are also expanding the scope of our bounty program to include more vulnerability types and products.

• Office
• Bounty
• Bug Bounty
• Bug Bounty Programs
• Community-based Defense
• Security
• Security Research

From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin

Monday, February 26, 2024

As a young boy, Devin found himself captivated by the adventures of Indiana Jones, the whip-wielding archaeologist from the VHS movies his grandfather showed him. The thrill of unearthing history and the allure of the unknown ignited a spark in Devin, leading him to dream of becoming an archaeologist. However, as he grew older and learned more about the realities of archaeology, he realized that his passion lay elsewhere.

• BlueHat

An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career at Microsoft

Tuesday, February 20, 2024

Bruce’s story unfolds in Cincinnati, Ohio. As a young boy, he had an ambitious dream of one day becoming the President of the United States. This aspiration remained his guiding star until he began his professional career after college. His mother, amused by his

• BlueHat
• Bounty

New Security Advisory Tab Added to the Microsoft Security Update Guide

Thursday, February 15, 2024

Today, we are adding a new Security Advisory tab to the Security Update Guide to meet our customers’ needs for a unified and authoritative source for the latest public information about Microsoft security updates and issues. We are continuously listening to feedback from users of the Security Update Guide. Our goal is to find new and improved ways to help customers manage security risks and keep their systems protected.

• Security Update Guide
• Security Advisory
• MSRC

Congratulations to the Top MSRC 2023 Q4 Security Researchers!

Tuesday, January 30, 2024

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q4 Security Researcher Leaderboard are Yuki Chen, Wei, VictorV! Check out the full list of researchers recognized this quarter here.

• Researcher Recognition
• Security Research
• Security Researcher
• Community-based Defense

Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

Friday, January 19, 2024

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.