Microsoft has released updates to protect against CVE-2021-34527. Please see: msrc.microsoft.com/update-guide/v…
Microsoft Security Response Center
3,370 posts
Microsoft Security Response Center
@msftsecresponse
We are the Microsoft Security Response Center. To report security vulnerabilities or abuse in Microsoft products, visit microsoft.com/en-us/msrc.
- What if you could eliminate a common class of vulnerabilities by changing the language you used? MSRC is publishing a series on why Microsoft is looking at @rustlang for memory-safe development and why we think you should too. See the first post here: msrc-blog.microsoft.com/2019/07/16/a-p…
- MSRC has just published a blog post for Microsoft's response to CVE-2021-44228 Apache Log4j 2 msrc-blog.microsoft.com/2021/12/11/mic…
- We've published a new Print Spooler Security Advisory: msrc.microsoft.com/update-guide/v…
- Microsoft is aware of a RCE vulnerability in the way that the SMBv3 protocol handles certain requests. If you wish to be notified when updates for this vulnerability are available, please follow the guidance in the advisory linked here: portal.msrc.microsoft.com/en-US/security…
- July 2020 Security Update includes a fix for a wormable RCE vulnerability in Windows DNS Server affecting all versions of Windows server running the DNS Server role. This should be patched quickly. For more information, see: msrc-blog.microsoft.com/2020/07/14/jul…
- To mitigate against various NTLM relay attacks, disable NTLM where not needed (eg DCs) or implement the mitigation feature, Extended Protection for Authentication. Guidance at msrc.microsoft.com/update-guide/v…
- MSRC has release CVE-2021-34481 today. msrc.microsoft.com/update-guide/v…
- The MSRC has updated CVE-2021-34527 with more information. msrc.microsoft.com/update-guide/v…
- MSRC has confirmed an active Linux worm leveraging critical Remote Code Execution (RCE) vulnerability CVE-2019-10149 in Linux Exim email servers. We advise Azure customers to patch or restrict network access to VMs running affected versions. More info: blogs.technet.microsoft.com/msrc/2019/06/1…
- Microsoft’s Bug Bounty Programs awarded $13.7M to over 300 security researchers in the last 12 months. Thank you for all your hard work to help secure millions of customers. #bugbounty, #CommunityBasedDefense msrc-blog.microsoft.com/2020/08/04/mic…
- Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure. Learn more ⬇️
- Open call for SSRF enthusiasts! We’re excited to announce the launch of our three-month Azure SSRF Security Research Challenge with awards up to $60,000 USD! Ready, set, go! More information can be found on our blog: msrc-blog.microsoft.com/2021/08/19/ann…
- Microsoft Bug Bounty Programs awarded $13.6M to 341 security researchers in the last 12 months. Thank you to everyone for your continued work to help secure millions of customers. msrc-blog.microsoft.com/2021/07/08/mic…
