Tag Search: MSRC alerts

New High Impact Scenarios and Awards for the Azure Bounty Program

Posted on Monday October 18, 2021  |  MSRC alerts

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending…

 

Congratulations to the Top MSRC 2021 Q3 Security Researchers!

Posted on Thursday October 14, 2021  |  MSRC alerts

Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 (840 points), Callum Carney (828 points), and Nir Ohfeld (525 points)! Each quarterly leaderboard…

 

Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program

Posted on Wednesday October 13, 2021  |  MSRC alerts

Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope to help protect customers. We offer awards up to $20,000…

 

Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions

Posted on Thursday September 16, 2021  |  MSRC alerts

On September 14, 2021, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework: CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively. Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. Several Azure Virtual Machine (VM) management extensions use this framework to…

 

Coordinated disclosure of vulnerability in Azure Container Instances Service

Posted on Wednesday September 08, 2021  |  MSRC alerts

Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI). Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal. If you did not receive a notification, no action is required with respect to this vulnerability.

 

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature

Posted on Friday August 27, 2021  |  MSRC alerts

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s resources by using the account’s primary read-write key. We mitigated the vulnerability immediately.   Our investigation indicates that no customer data was accessed because of this…

 

Page:   12345678910111213141516171819202122232425262728293031

Celebrating 35+ Years

Off-Site Cloud Backups

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016