Microsoft Security Response Center Blog

Nobelium Resource Center - updated March 4, 2021

Monday, December 21, 2020

UPDATE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. Microsoft previously used ‘Solorigate’ as the primary designation for the actor, but moving forward, we want to place appropriate focus on the actors behind the sophisticated attacks, rather than one of the examples of malware used by the actors.

Customer Guidance on Recent Nation-State Cyber Attacks

Monday, December 14, 2020

Note: we are updating as the investigation continues. Revision history listed at the bottom. This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activity in their networks and contribute to a shared defense against this sophisticated threat actor.

Security Update Guide: Let's keep the conversation going

Tuesday, December 08, 2020

Hi Folks, We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able to run the new application.

• CVSS
• Security Update
• Security Update Guide
• Update Tuesday

Vulnerability Descriptions in the New Version of the Security Update Guide

Monday, November 09, 2020

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.

• CVSS
• Security Update
• Security Update Guide
• Update Tuesday

Attacks exploiting Netlogon vulnerability (CVE-2020-1472)

Thursday, October 29, 2020

Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to spoof a domain controller account that could be used to steal domain credentials and take over the domain.

• Active Directory
• EOP
• Patch
• Standard)
• Vulnerability
• Windows Server 2008 R2 Service Pack 1
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019 all editions
• Windows Server version 1809 (Datacenter
• Windows Server version 1903 all editions
• Windows Server version 1909 all editions

Announcing the Top MSRC 2020 Q3 Security Researchers

Thursday, October 15, 2020

Following the MSRC’s 2020 Most Valuable Security Researchers announced during this year’s Black Hat, we’re excited to announce the top contributing researchers for the 2020 Third Quarter (Q3)! The top three researchers of the 2020 Q3

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

Security Analysis of CHERI ISA

Wednesday, October 14, 2020

Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI (Capability Hardware Enhanced RISC Instructions), which provides memory protection features against many exploited vulnerabilities, or in other words, an architectural solution that breaks exploits.

• Memory Corruption
• Memory Safety
• Secure Development
• Security Research

Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community

Tuesday, October 06, 2020

The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. During the three-month Azure Sphere Security Research Challenge, researchers surfaced 20 Critical or Important severity security vulnerabilities, with Microsoft awarding $374,300 in bounty awards for 16 bounty eligible reports.

• Bounty
• Community-based Defense
• Security Research
• Security Researcher

New and improved Security Update Guide!

Monday, September 21, 2020

We’re excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or services they use in their environment.

• Security Update
• Security Update Guide
• Update Tuesday

Control Flow Guard for Clang/LLVM and Rust

Monday, August 17, 2020

As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard (CFG) support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? CFG is a platform security technology designed to enforce control flow integrity. It has been available since Windows 8.

• Exploit Mitigations
• Rust
• Safe Systems Programming Languages
• Secure Development