Azure

Coordinated disclosure of vulnerability in Azure Container Instances Service

Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI). Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal. If you did not receive a notification, no action is required with respect to this vulnerability.

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s resources by using the account’s primary read-write key. We mitigated the vulnerability immediately.   Our investigation indicates that no customer data was accessed because of this …

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature Read More »

Announcing the Launch of the Azure SSRF Security Research Challenge

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft Azure. Qualified submissions are eligible for bounty rewards up to $60,000 USD, with additional …

Announcing the Launch of the Azure SSRF Security Research Challenge Read More »

A new experience for reporting copyright or trademark infringement on Microsoft Services

The Notice of Copyright or Trademark Infringement Portal has helped protect Microsoft’s users and customers from intellectual property infringement across online services like Microsoft Azure, Office, Outlook, Skype, Stream, Microsoft News, Sway, Hotmail, NuGet, and Yammer. Microsoft’s response to claims of intellectual property infringement is driven by the reports you send us. To further enhance your …

A new experience for reporting copyright or trademark infringement on Microsoft Services Read More »

JPSRT LOGO

[IT 管理者向け] DNS レコードを管理してサブドメイン テイクオーバーを防ぐ

サブドメイン テイクオーバーは、以前から存在する一般的なセキュリティの問題ですが、クラウド サービスの利用増加に伴い、特に注意が必要になっています。マイクロソフトのサービスだけに発生する問題ではありませんが、Microsoft Azure を例に挙げながら、サブドメイン テイクオーバーの概要、発生原因と対策について解説したいと思います。

Time for day 2 of briefings at BlueHat Seattle!

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent (complete with toasted marshmallows). Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising correlations between vuln severity, age, and time to …

Time for day 2 of briefings at BlueHat Seattle! Read More »

Rusty construction shovel

Building the Azure IoT Edge Security Daemon in Rust

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as the implementation programming …

Building the Azure IoT Edge Security Daemon in Rust Read More »

Azure Security Lab: a new space for Azure research and collaboration

Azure is exceptionally secure.  To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000.  But we aren’t stopping there.   To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented individuals to come and do their worst …

Azure Security Lab: a new space for Azure research and collaboration Read More »

Microsoft launches Identity Bounty program

Modern security depends today on collaborative communication of identities and identity data within and across domains.  A customer’s digital identity is often the key to accessing services and interacting across the internet.  Microsoft has invested heavily in the security and privacy of both our consumer (Microsoft Account) and enterprise (Azure Active Directory) identity solutions.  We …

Microsoft launches Identity Bounty program Read More »