msrc

Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution

MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user …

Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution Read More »

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q1 Security Researcher Leaderboard are: Yuki Chen, William Söderberg, …

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers! Read More »

Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs

We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potential impact on customer privacy and security. Awards increase by up to …

Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs Read More »

Microsoft’s Response to CVE-2022-22965 Spring Framework

Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability. Threat analysis of the …

Microsoft’s Response to CVE-2022-22965 Spring Framework Read More »

On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program

Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program.  Through this expanded program, we encourage researchers to discover and report high-impact security vulnerabilities to help protect customers. We offer awards up to $26,000 USD for eligible submissions. The following …

On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program Read More »

Randomizing the KUSER_SHARED_DATA Structure on Windows

Opps, this post exists, but was actually published 4/5/2022. We’re navigating you to the correct page now. If that doesn’t work click the link below: Randomizing the KUSER_SHARED_DATA Structure on Windows – Microsoft Security Response Center

Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint

Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure. Cybercriminals are looking for any opening to tamper with security protections in order to blind, confuse, or …

Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint Read More »

Disclosure of Vulnerability in Azure Automation Managed Identity Tokens

On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identities tokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens. Microsoft has notified customers with affected Automation accounts. Microsoft recommends following the …

Disclosure of Vulnerability in Azure Automation Managed Identity Tokens Read More »

Cyber threat activity in Ukraine: analysis and resources

UPDATE 27 Apr 2022: See Updated malware details and Microsoft security product detections below as discussed in the Special Report: Ukraine. UPDATE 02 MAR 2022: See Updated malware details and Microsoft security product detections below for additional insights and protections specific to the evolving threats we have identified impacting organizations with ties to Ukraine. Microsoft …

Cyber threat activity in Ukraine: analysis and resources Read More »

Azure App Service Linux source repository exposure

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an application configured to serve static content, makes it possible …

Azure App Service Linux source repository exposure Read More »