Microsoft Security Response Center

Azure Sphere Security Research Challenge Now Open

Tuesday, May 05, 2020

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact security research in Azure Sphere, a comprehensive IoT security solution delivering end to end security across hardware, OS and the cloud.

The Safety Boat: Kubernetes and Rust

Wednesday, April 29, 2020

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and is primarily written in the Go programming language.

Congratulating Our Top 2020 Q1 Security Researchers!

Thursday, April 23, 2020

Following the second Security Researcher Quarterly Leaderboard and the 2020 MSRC Most Valuable Security Researchers criteria we published in February 2020, we are excited to announce the 2020 First Quarter (Q1) Security Researcher Leaderboard, listing our top contributing researchers for the last quarter. The top three researchers of the last quarter are: Zhiniang Peng (2870 points), Yuki Chen (1550 points), and Ashar Javed (1520 points).

March 2020 security updates are available

Tuesday, March 10, 2020

We have released the March security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide.

Calling for security research in Azure Sphere, now generally available

Monday, February 24, 2020

Today, Microsoft released Azure Sphere into General Availability (GA). Azure Sphere’s mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. Azure Sphere is an end-to-end solution for securely connecting existing equipment and for creating new IoT devices with built-in security. The solution includes hardware, OS, and a cloud service, as well as ongoing security and OS updates to help ensure devices remain secured as threats evolve over time.

February 2020 security updates are available

Tuesday, February 11, 2020

We have released the February security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide.

Recognizing Security Researchers in 2020

Monday, February 03, 2020

Is it too early to talk about the 2020 MSRC Most Valuable Security Researchers? Five months from now, at the end of June, the program period closes for researchers to be considered for inclusion in the Most Valuable Researchers list. The top researcher list will be revealed at Black Hat North America in August.

Announcing the Xbox Bounty program

Thursday, January 30, 2020

We are pleased to announce the launch of the Xbox Bounty program today. The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000.

Access Misconfiguration for Customer Support Database

Wednesday, January 22, 2020

Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking it very seriously and holding ourselves accountable.

Announcing MSRC 2019 Q4 Security Researcher Leaderboard

Wednesday, January 15, 2020

Following the first Security Researcher Quarterly Leaderboard we published in October 2019, we are excited to announce the MSRC Q4 2019 Security Researcher Leaderboard, which shows the top contributing researchers for the last quarter. In each quarterly leaderboard, we recognize the security researchers who ranked at or above the 95th percentile line based on the total points.

Microsoft Security Response Center Blog