vulnerabilities

We deeply appreciate the partnership of the many talented security researchers who report vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure. We pay bounties for research in key areas, and each year at Black Hat USA, we’ve recognized the most impactful researchers helping...

Revision Note: V1.1 (May 10, 2017): Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This...

Revision Note: V1.0 (September 13, 2016): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.0.0. This advisory also provides guidance on what developers can do to help ensure that...

Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NET Web Frameworks, and Tools and Microsoft ASP.NET and Web Tools. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information about...

Original release date: October 11, 2018 Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.Link Removed[2][3][4]Link Removed In it we highlight the use of five...

Earlier this week Link Removed brought together security researchers and hundreds of cybersecurity professionals from China and across Asia to explore the latest topics in cybersecurity research. Including presentations from Qihoo 360, Baidu, Alibaba and the Chinese Academy of Sciences, BlueHat...

There are many dedicated people and organizations who contribute to the protection and security of our common customers. For years, Microsoft has recognized security researchers for helping protect the ecosystem. Now, we’re announcing the launch of a new program to better recognize and thank...

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is...

Original release date: May 02, 2019 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components. [1] Technical Details A presentation at the April 2019...

The Microsoft Security Response Center (MSRC) is pleased to announce the launch of the Link Removed program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities in...

Original release date: December 03, 2018 Summary The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam...

Intel is to release new microcode via Windows update for Spectre variants. further details can be found here: https://support.microsoft.com/en-us/help/4465065/kb4465065-intel-microcode-updates:

Original release date: October 11, 2018 Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.Link Removed[2][3][4]Link Removed In it we highlight the use of five...

At Black Hat USA each year, we unveil the Top 100 Security Researcher list to reflect the amazing engagement we get from the community. During this period, we had several thousand researchers engage with the Microsoft Security Response Center (MSRC). We appreciate all the partnership and...

Assume I updated oocasionally my Win 7 system. How can I find out which of the many Win 7 Spectre, Meltdown and Spectre NG updates are currently locally installed? Peter

make no mistake … even amd chips are not exempt … beware.

Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat...

Intel release updates for Spectre on 6th generation (Skylake) chips: Intel Link Removed that they have completed their validations and started to release microcode for newer CPU platforms around Spectre Variant 2 (CVE 2017-5715 (“Branch Target Injection”)). This update includes microcode...

Interviews with Jann Horn and people who know him show how a combination of dogged determination and a powerful mind helped him stumble upon features and flaws that have been around for over a decade but had gone undetected. Continue reading...

I don't know if this has been brought up but has anyone used Brave Browser? I used for a little bit a long time ago. But haven't used it since formatting my computer. I'm strictly Firefox right now. But that recent Mr. Robot incident kinda left a bad taste in my mouth, even though it wasn't...