Microsoft Security Response Center Blog

Exploring a New Class of Kernel Exploit Primitive

Tuesday, March 22, 2022

The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel pointer read. These often happen when kernel mode code does not validate that pointers read from attacker-controlled input actually point to the user-mode portion of the Virtual Address Space (VAS).

• Security Research

Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint

Tuesday, March 08, 2022

Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure. Cybercriminals are looking for any opening to tamper with security protections in order to blind, confuse, or often shut off customer defenses.

Disclosure of Vulnerability in Azure Automation Managed Identity Tokens

Monday, March 07, 2022

On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identitiestokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens. Microsoft has notified customers with affected Automation accounts. Microsoft recommends following the security best practices herefor the Azure Automation service

• MSRC

Cyber threat activity in Ukraine: analysis and resources

Monday, February 28, 2022

UPDATE 27 Apr 2022: See Updated malware details and Microsoft security product detections below as discussed in the Special Report: Ukraine. UPDATE 02 MAR 2022: See Updated malware details and Microsoft security product detections below for additional insights and protections specific to the evolving threats we have identified impacting organizations with ties to Ukraine.

• Analysis
• Cyberthreat
• Ukraine

Researcher Spotlight: Cyber Viking Nate Warfield is Here to Help

Friday, February 11, 2022

“There are few jobs where I can say, I make two billion people more secure on the internet every single day.” Childhood Look: Goth kid, all in black Current Look: Cyber Viking Childhood hobby: Head banging to Metallica, Marilyn Manson, and Guns N’ Roses Current hobby: n0x08 DJ’s Live events around the world.

Congratulations to the Top MSRC 2021 Q4 Security Researchers!

Tuesday, February 01, 2022

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q4 Security Researcher Leaderboard are: rezer0dai (780 points) , Callum Carney (750 points) , and wtm (615 points) !

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

Expanding the Microsoft Researcher Recognition Program

Tuesday, February 01, 2022

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are expanding the program to recognize more security researchers in more ways for their contributions to protecting customers, and we published the first new leaderboard on our program page.

• Community-based Defense
• Coordinated Vulnerability Disclosure
• Researcher Recognition
• Security Researcher

An Armful of CHERIs

Thursday, January 20, 2022

Today, Arm announced that the first silicon supporting the Morello prototype architecture, a research project led by Arm, Microsoft, University of Cambridge and others, is now available on a limited run of demonstration boards, which are being shipped from today to industry partners for testing. Morello is the first high-performance implementation of the CHERI extensions.

Coming Soon: New Security Update Guide Notification System

Tuesday, January 11, 2022

Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we have been working to make signing up for and receiving Security Update Guide notifications easier. We are excited to share that starting today, you can sign up with any email address that you want and receive notifications at that email address.

• Security Update Guide
• Technical Security Notifications

Azure App Service Linux source repository exposure

Wednesday, December 22, 2021

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an application configured to serve static content, makes it possible for others to download files not intended to be public.