MSRC

Recognizing Q3 Top 5 Bounty Hunters

Throughout the year, security researchers submit some amazing work to us under the Microsoft Bug Bounty program. Starting this quarter, we want to give a shout out to and acknowledge the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft’s products and services over our third quarter (January-March …

Recognizing Q3 Top 5 Bounty Hunters Read More »

Security Advisory 2953095: recommendation to stay protected and for detections

Today, Microsoft released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. This blog will discuss mitigations and temporary defensive strategies that will help customers to protect themselves while we are working on a security update. This …

Security Advisory 2953095: recommendation to stay protected and for detections Read More »

Behind the Curtain of Second Tuesdays

Handle:Mando Picker IRL: Dustin Childs Rank: Security Program Manager Likes: Protecting customers, working with security researchers, second Tuesdays, bourbon, mandolins Dislikes: Using “It’s hard” as an excuse, quitting when it gets tough, banjos Hello All, I enjoy telling stories. Perhaps, in a former life, I spent time as a bard telling stories of Robin Hood …

Behind the Curtain of Second Tuesdays Read More »

Hack.lu: Why it’s all about building bridges

Handle:Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni “We want to remain what we are” (“Mir wëlle bleiwe wat mir sinn”) is the national motto of the Grand Duchy of …

Hack.lu: Why it’s all about building bridges Read More »

BlueHat v10 Shipping!

Handle:Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns I’m here playing MC at the tenth edition (!!!) of the BlueHat Security Briefings on the Microsoft Campus in Redmond. So far it …

BlueHat v10 Shipping! Read More »

Internet troubles in Korea? E-call center 118 is there to help.

Handle:Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni Microsoft often has the pleasure of welcoming foreign government officials to our headquarters. MSRC’s engagement with them usually starts with us trying …

Internet troubles in Korea? E-call center 118 is there to help. Read More »

Coordinated Vulnerability Disclosure: Bringing Balance to the Force

Today on the MSRC blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated Vulnerability Disclosure. I wanted to provide some context and history on how this came about. This post is about changing the way we at Microsoft talk about some familiar disclosure concepts, and is meant as an introduction …

Coordinated Vulnerability Disclosure: Bringing Balance to the Force Read More »