Skip to main content
MSRC

Microsoft Security Response Center Blog

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!

Thursday, April 21, 2022

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q1 Security Researcher Leaderboard are: Yuki Chen, William Söderberg, and Terry Zhang @pnig0s!

Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs

Thursday, April 14, 2022

We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potential impact on customer privacy and security. Awards increase by up to 30% ($26,000 USD total) for eligible scenario submissions.

Microsoft’s Response to CVE-2022-22965 Spring Framework

Tuesday, April 05, 2022

Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.

On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program

Tuesday, April 05, 2022

Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program. Through this expanded program, we encourage researchers to discover and report high-impact security vulnerabilities to help protect customers. We offer awards up to $26,000 USD for eligible submissions.

Randomizing the KUSER_SHARED_DATA Structure on Windows

Tuesday, April 05, 2022

Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization (KASLR) that increases the cost of exploitation, particularly for remote code execution exploits. Many kernel virtual address space (VAS) locations including kernel stacks, pools, system PTEs etc. are randomized. A well-known exception to this is the KUSER_SHARED_DATA structure which is a page of memory that has always been traditionally mapped at a fixed virtual address in the kernel.

Increasing Representation of Women in Security Research

Thursday, March 31, 2022

Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a part of the journey. Throughout Women’s History Month we intentionally sought opportunities to engage with women in security research. Whether at an intimate gathering of some of the most respected women in security research or engaging with women early in their career, it became obvious there just aren’t enough women in security research.

Randomizing the KUSER_SHARED_DATA Structure on Windows

Wednesday, March 30, 2022

Opps, this post exists, but was actually published 4/5/2022. We’re navigating you to the correct page now. If that doesn’t work click the link below: Randomizing the KUSER_SHARED_DATA Structure on Windows – Microsoft Security Response Center

Exploring a New Class of Kernel Exploit Primitive

Tuesday, March 22, 2022

The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel pointer read. These often happen when kernel mode code does not validate that pointers read from attacker-controlled input actually point to the user-mode portion of the Virtual Address Space (VAS).

Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint

Tuesday, March 08, 2022

Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure. Cybercriminals are looking for any opening to tamper with security protections in order to blind, confuse, or often shut off customer defenses.

Disclosure of Vulnerability in Azure Automation Managed Identity Tokens

Monday, March 07, 2022

On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identitiestokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens. Microsoft has notified customers with affected Automation accounts. Microsoft recommends following the security best practices herefor the Azure Automation service